The problem has originally been described in the
Summary: WordPress asks the admin to enter the list of
users who are allowed to use the file upload
functionality with a space before and after each name
(e.g. " user1 user2 user3 "). The same applies to the
list of allowed file types.
The fields which are used to store this values are of
type "varchar". As pointed out by MikeLittle, MySQL
removed trailing spaces from varchar values. Due to the
way how WordPress handles the list of allowed users /
allowed file types the last part of the list is
"ignored" (in the above mentioned example for allowed
users, user3 wouldn't be allowed to upload although
he/her is mentioned in the list).
The attached patch fixes this issue by removing
trailing/leading whitespaces before applying "explode"
to break up this list for further usage. It also
includes an PHP3-safe implementation of in_array which
is used to check whether a user / a filetype is allowed.
Note: the patch doesn't change the description of the
options "fileupload_allowedtypes" and
"fileupload_allowedusers" that state one needs to have
spaces in front and at the end of the list. Actually
trailing/leading spaces don't disturb anything, but in
the next release the description should be modified in
order to avoid irritations.