Custom Global Fields for MU – Permission issue

  • Hey all. I have a site I’m building for a client. Its a MU site (just prior to the wordpress/multisite merge). The client and their employees are going to be running all the blogs on this site. Essentially, I created a template blog that they clone using a plugin I installed. Everything is working great. Well except for one thing.

    I needed to create a page for each blog admin to be able to change some global variables within the template. I found a post about creating Custom Global Fields that create a page and a menu item in the SETTINGS tab and posts the form on that page to options.php. I thought it was working great but I had only tested this as super_admin. When I try to publish as the specific blogs “admin” I get the following error:

    “You do not have sufficient permissions to modify unregistered settings for this site.”

    Poking around options.php I see there is a line around #113 that states

    if ( is_multisite() && ! is_super_admin() )

    So there’s the problem. I COULD change the line to be

    if ( is_multisite() && ! is_admin() )

    But I’m guessing that might cause a security hole. The fact that only employees of the company can make these changes to the site I guess thats a viable option. I don’t know THAT much about WP to know of another option. I saw mention some other options in posts Ive searched but none that are detailed enough for me to try.

    Can anyone suggest a better option here? This is my code I added to my themes functions.php file to make the settings page: Any help is appreciated!

    //Custom Theme Settings
add_action('admin_menu', 'add_gcf_interface');

function add_gcf_interface() {
	add_options_page('Global Custom Fields', 'Global Custom Fields', 'manage_options', 'functions', 'editglobalcustomfields');
}

function editglobalcustomfields() {
	?>
	<div class='wrap'>
	<h2>Global Custom Fields</h2>
	<form method="post" action="options.php">
	<?php wp_nonce_field('update-options') ?>

	<p><strong>Header Line 1 (Address):</strong><br />
	<input type="text" name="head_address" size="45" value="<?php echo htmlentities(get_option('head_address')); ?>" /></p>

	<p><strong>Header Line 2 (Phone Numbers):</strong><br />
	<input type="text" name="head_phone" size="45" value="<?php echo htmlentities(get_option('head_phone')); ?>" /></p>

	<p><strong>Header Line 3 (Email Adress):</strong><br />
	<input type="text" name="head_email" size="45" value="<?php echo htmlentities(get_option('head_email')); ?>" /></p>

	<p><strong>Homepage Specials Line 1:</strong><br />
	<input type="text" name="head_banner1" size="45" value="<?php echo htmlentities(get_option('head_banner1')); ?>" /></p>

	<p><strong>Homepage Specials Line 2:</strong><br />
	<input type="text" name="head_banner2" size="45" value="<?php echo htmlentities(get_option('head_banner2')); ?>" /></p>

	<p><strong>Homepage Specials Line 3:</strong><br />
	<input type="text" name="head_banner3" size="45" value="<?php echo htmlentities(get_option('head_banner3')); ?>" /></p>

    <p><strong>Contact Form Email Recipient:</strong><br />
	<input type="text" name="contact_email" size="45" value="<?php echo htmlentities(get_option('contact_email')); ?>" /></p>

    <p><strong>Social Links:</strong><br />
    twitter.com/<input type="text" name="social_twitter" size="45" value="<?php echo htmlentities(get_option('social_twitter')); ?>" /><br />
    facebook.com/<input type="text" name="social_facebook" size="45" value="<?php echo htmlentities(get_option('social_facebook')); ?>" /><br />
    linkedIn.com/in/<input type="text" name="social_linkedin" size="45" value="<?php echo htmlentities(get_option('social_linkedin')); ?>" /><br />
    youtube.com/user/<input type="text" name="social_youtube" size="45" value="<?php echo htmlentities(get_option('social_youtube')); ?>" /><br />
    </p>

    <p><strong>Office Hours:</strong><br />
	<textarea name="officeHours" cols="100%" rows="7"><?php echo htmlentities(get_option('officeHours')); ?></textarea></p>

	<p><input type="submit" name="Submit" value="Update Options" /></p>

	<input type="hidden" name="action" value="update" />
	<input type="hidden" name="page_options" value="head_address,head_phone,head_email,head_banner1, head_banner2, head_banner3, contact_email, social_twitter, social_facebook, social_linkedin, social_youtube, officeHours" />

	</form>
	</div>
	<?php
}
Viewing 10 replies - 1 through 10 (of 10 total)

  • I have a site I’m building for a client. Its a MU site (just prior to the wordpress/multisite merge).

    if ( is_multisite() && ! is_super_admin() )

    So there’s the problem. I COULD change the line to be

    if ( is_multisite() && ! is_admin() )

    So, what version are you actually *on*. Because if it’s pre-merge, it’s pre-3.0 and you wouldn’t have access to any multisite-named functions in MU. ??

    mu stopped at 2.9.2. Past that, you’re in regular WordPress with multisite.

    Thread Starter fishnyc

    (@fishnyc)

    Actually, Just checking now. I see that I have 3.0.1 installed. I think I got the download of that version BEFORE the old MU site was shut down. Not sure.

    I needed to create a page for each blog admin to be able to change some global variables within the template.

    So basically a theme options page?

    Thread Starter fishnyc

    (@fishnyc)

    Yes that could be another name for it sure ??

    function add_gcf_interface() {
    add_options_page(‘Global Custom Fields’, ‘Global Custom Fields’, ‘manage_options’, ‘functions’, ‘editglobalcustomfields’);
    }
    `

    Try changing that manage_options to edit_theme_options.

    Thread Starter fishnyc

    (@fishnyc)

    Interesting. Thanks so much Andrea. i’m OOTO till later today but I’ll give that a try and report back if it works. I couldnt find too much documentation on add_options_page and what the parameters can be so I ended up posting my Q here. Thanks for the reply.

    If it helps, it works pretty much the same in multisite.

    thanks for this info. btw…what would the merge codes be for this?

    jrg_uk

    (@jrg_uk)

    I’m having the same problem, but the theme I’m trying to fix to work with 3.0.5 Multisite (Shaken Grid Premium) already uses ‘edit_theme_options’ as its capability.

    My reading of the Function reference says that this is just for whether the menu will appear – which it does. There’s clearly something else that goes on, to determine whether or not the Administrator can actually submit/update the options. My reading of the section of options.php that fishnyc highlighted is that it’s always going to refuse to let a non super-admin update them if multisite is enabled, and capabilities will have no influence on it.

    It’s still an issue in the theme itself, as there are many (many) other themes with options pages that will save when the site admin pushes the button.

    you really have to take it up with the devs of that theme so they can fix it.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Custom Global Fields for MU – Permission issue’ is closed to new replies.