id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
14365,Admin custom option screen not saved unless user manage_options capability,markauk,westi,"I have a custom options screen. The menu and sub-menu pages for that screen are set to show only if a user has a custom capability ('be_super_editor') in this case.

The options screen shows or not as expected if a user has or does not have the 'be_super_editor' capability.

However, the options cannot be updated unless the user has 'manage_options' capability as well. This seems to be wrong for two reasons:-

(1) if a capability allows an options screen to be accessed, it is reasonable to assume that the user should be able to make changes to that screen.

(2) giving these users 'manage_options' capability is not a good idea as that allows them to do other things that they shouldn't be able to do (e.g. access wp-admin/options.php directly).

Changing line 30 of wp-admin/options.php from:-
{{{
if ( !current_user_can('manage_options') )
}}}
to:-
{{{
if ( !current_user_can('manage_options') && 'update' != $action )
}}}

fixes the problem, though I don't know enough about the inner workings of WP security to say if this creates any further security/permissions issues.",enhancement,closed,normal,3.2,Administration,3.0,normal,fixed,has-patch close,maor@…