#7 wp 0.72gold: upload-issues with users and types

Michael Renzmann

The problem has originally been described in the
support forums:

Summary: WordPress asks the admin to enter the list of
users who are allowed to use the file upload
functionality with a space before and after each name
(e.g. " user1 user2 user3 "). The same applies to the
list of allowed file types.

The fields which are used to store this values are of
type "varchar". As pointed out by MikeLittle, MySQL
removed trailing spaces from varchar values. Due to the
way how WordPress handles the list of allowed users /
allowed file types the last part of the list is
"ignored" (in the above mentioned example for allowed
users, user3 wouldn't be allowed to upload although
he/her is mentioned in the list).

The attached patch fixes this issue by removing
trailing/leading whitespaces before applying "explode"
to break up this list for further usage. It also
includes an PHP3-safe implementation of in_array which
is used to check whether a user / a filetype is allowed.

Note: the patch doesn't change the description of the
options "fileupload_allowedtypes" and
"fileupload_allowedusers" that state one needs to have
spaces in front and at the end of the list. Actually
trailing/leading spaces don't disturb anything, but in
the next release the description should be modified in
order to avoid irritations.


  • Mike Little
    Mike Little

    • status: open --> closed
  • Mike Little
    Mike Little

    Logged In: YES

    Dougal has now applied this fix and updated the descriptions
    in the upgrade/install scripts.

  • Logged In: YES

    As requested in the support forum I attach the ready-patched
    files below as archive. Extract the two files out of the
    archive and make sure they replace the "old" versions in
    your wp-installation. Be sure to make a backup of your
    wp-installation first!

    Note: The patched files are for plain wp 0.72 gold. If you
    already applied other patches that affected one or both
    files, you have to apply the already provided patch to fix
    this issue.