[wp-trac] [WordPress Trac] #14673: Using edit_theme_options capability only for Theme options not possible
WordPress Trac
wp-trac at lists.automattic.com
Mon Aug 23 13:38:37 UTC 2010
#14673: Using edit_theme_options capability only for Theme options not possible
----------------------------+-----------------------------------------------
Reporter: davecpage | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 3.0.1
Severity: normal | Keywords:
----------------------------+-----------------------------------------------
An additional capability edit_theme_options was added back in April as per
[http://wpdevel.wordpress.com/2010/04/16/i-notice-a-lot-of-themes-passing-
the-e/ dev chat] as many themes were using the capability edit_themes when
registering their options pages. Unfortunately although this capability
works fine with menus and the custom header & footer code you can't use it
for generic theme options pages.
If a theme registers it's options using edit_theme_options the options
page will display correctly, but the page won't save unless the user also
has the manage_options capability, which is fine for administrator level
users as they have manage_options too, but not other level users who could
have been given just edit_theme_options.
I looked into changing line 30 of wp-admin/options.php from:
{{{
if ( !current_user_can('manage_options') )
}}}
to:
{{{
if ( !current_user_can('manage_options') &&
!current_user_can('edit_theme_options') )
}}}
which seems to work, but I'm not sure if that opens up any security
issues.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14673>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list