Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#14673 closed defect (bug) (duplicate)

Using edit_theme_options capability only for Theme options not possible

Reported by: davecpage Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0.1
Component: Administration Keywords:
Focuses: Cc:


An additional capability edit_theme_options was added back in April as per dev chat as many themes were using the capability edit_themes when registering their options pages. Unfortunately although this capability works fine with menus and the custom header & footer code you can't use it for generic theme options pages.

If a theme registers it's options using edit_theme_options the options page will display correctly, but the page won't save unless the user also has the manage_options capability, which is fine for administrator level users as they have manage_options too, but not other level users who could have been given just edit_theme_options.

I looked into changing line 30 of wp-admin/options.php from:

if ( !current_user_can('manage_options') )


if ( !current_user_can('manage_options') && !current_user_can('edit_theme_options') )

which seems to work, but I'm not sure if that opens up any security issues.

Attachments (1)

14673_admin_options_panel.diff (521 bytes) - added by davecpage 11 years ago.
Have been using this code for a short while and haven't found any negative aspects.

Download all attachments as: .zip

Change History (3)

#1 @davecpage
11 years ago

Not sure if this is a duplicate of #14365 or if that is focusing on a more general solution.

11 years ago

Have been using this code for a short while and haven't found any negative aspects.

#2 @nacin
11 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

That patch would allow settings that should only be modified by manage_options to also be modified with edit_theme_options.

Closing as a duplicate of #14365.

Note: See TracTickets for help on using tickets.