id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
14365	Admin custom option screen not saved unless user manage_options capability	markauk	westi	"I have a custom options screen. The menu and sub-menu pages for that screen are set to show only if a user has a custom capability ('be_super_editor') in this case.

The options screen shows or not as expected if a user has or does not have the 'be_super_editor' capability.

However, the options cannot be updated unless the user has 'manage_options' capability as well. This seems to be wrong for two reasons:-

(1) if a capability allows an options screen to be accessed, it is reasonable to assume that the user should be able to make changes to that screen.

(2) giving these users 'manage_options' capability is not a good idea as that allows them to do other things that they shouldn't be able to do (e.g. access wp-admin/options.php directly).

Changing line 30 of wp-admin/options.php from:-
{{{
if ( !current_user_can('manage_options') )
}}}
to:-
{{{
if ( !current_user_can('manage_options') && 'update' != $action )
}}}

fixes the problem, though I don't know enough about the inner workings of WP security to say if this creates any further security/permissions issues."	enhancement	closed	normal	3.2	Administration	3.0	normal	fixed	has-patch close	maor@…