Index: src/wp-includes/functions.php
===================================================================
--- src/wp-includes/functions.php	(revisão 36883)
+++ src/wp-includes/functions.php	(cópia de trabalho)
@@ -4000,7 +4000,7 @@
  * @param array  $allowed_files List of allowed files.
  * @return int 0 means nothing is wrong, greater than 0 means something was wrong.
  */
-function validate_file( $file, $allowed_files = '' ) {
+function validate_file( $file, $allowed_files = array()) {
 	if ( false !== strpos( $file, '..' ) )
 		return 1;
 
Index: tests/phpunit/tests/functions.php
===================================================================
--- tests/phpunit/tests/functions.php	(revisão 36883)
+++ tests/phpunit/tests/functions.php	(cópia de trabalho)
@@ -150,6 +150,28 @@
 		);
 	}
 
+	/**
+	 * @dataProvider file_path_provider
+	 */
+	function test_validate_file($result, $allowed_files, $expected)
+	{
+		$this->assertEquals(validate_file('../foo/foo.txt'), 1);
+		$this->assertEquals($expected, validate_file($result, $allowed_files));
+	}
+
+	function file_path_provider() {
+		return array(
+			array('../foo/foo.txt', array(), 1),
+			array('../foo.txt', array(), 1),
+			array('../foo.bar', array(), 1),
+			array('foo/bar/foo.txt', array(), 0),
+			array('FOO/foo.txt', array(), 0),
+			array('C:/WINDOWS/system32', array(), 2),
+			array('./FOO/foo.txt', array(), 1),
+			array('/FOO/notallowed.txt', array('/FOO/allowed.txt'), 3)
+		);
+	}
+
 	function test_wp_unique_filename() {
 
 		$testdir = DIR_TESTDATA . '/images/';