Opened 14 years ago
Closed 14 years ago
#14673 closed defect (bug) (duplicate)
Using edit_theme_options capability only for Theme options not possible
Reported by: | davecpage | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0.1 |
Component: | Administration | Keywords: | |
Focuses: | Cc: |
Description
An additional capability edit_theme_options was added back in April as per dev chat as many themes were using the capability edit_themes when registering their options pages. Unfortunately although this capability works fine with menus and the custom header & footer code you can't use it for generic theme options pages.
If a theme registers it's options using edit_theme_options the options page will display correctly, but the page won't save unless the user also has the manage_options capability, which is fine for administrator level users as they have manage_options too, but not other level users who could have been given just edit_theme_options.
I looked into changing line 30 of wp-admin/options.php from:
if ( !current_user_can('manage_options') )
to:
if ( !current_user_can('manage_options') && !current_user_can('edit_theme_options') )
which seems to work, but I'm not sure if that opens up any security issues.
Not sure if this is a duplicate of #14365 or if that is focusing on a more general solution.