Theme settings – "Cheating uh?" for non-admins

  • simenschi

    (@simenschi)


    10 years, 8 months ago

    I built my theme settings page based on this (probably a bit too old) tutorial, and it’s been working fine when I developed my site as a admin user, but when the site went public and more users came along I got the “Cheating uh?” error when updating the theme settings for non-admin users (ie. editors).

    I’ve done some googling and found out that the problem is probably that my form points to “options.php”, which is causing the problem for non-admin users. But is there any way I can fix my theme options page without rewriting it completely? I’ve figured that I should probably use the “Theme Customization API” the next time.

    Here’s my current theme-options.php:

    <?php

add_action( 'admin_init', 'theme_options_init' );
add_action( 'admin_menu', 'theme_options_add_page' );

/**
 * Init plugin options to white list our options
 */
function theme_options_init(){
	register_setting( 'er_options', 'my_theme_options', 'theme_options_validate' );
}

/**
 * Load up the menu page
 */
function theme_options_add_page() {
	add_theme_page( __( 'Innstillinger', 'my_theme' ), __( 'Innstillinger', 'my_theme' ), 'edit_theme_options', 'theme_options', 'theme_options_do_page' );
}

/**
 * Create the options page
 */
function theme_options_do_page() {
	global $select_options, $radio_options;

	if ( ! isset( $_REQUEST['settings-updated'] ) )
		$_REQUEST['settings-updated'] = false;

	?>
	<div class="wrap">
		<?php screen_icon(); echo "<h2>" . __( ' Innstillinger', 'my_theme' ) . "</h2>"; ?>

		<?php if ( false !== $_REQUEST['settings-updated'] ) : ?>
		<div class="updated fade"><p><strong><?php _e( 'Options saved', 'my_theme' ); ?></strong></p></div>
		<?php endif; ?>

		<form method="post" action="options.php">
			<?php settings_fields( 'er_options' ); ?>
			<?php $options = get_option( 'my_theme_options' ); ?>

                <!-- lots of inputs and textareas here. For example: -->

                            <input id="my_theme_options[<?php echo $textval; ?>]" class="regular-text" type="text" name="my_theme_options[<?php echo $textval; ?>]" value="<?php esc_attr_e( $options[$textval] ) ; ?>" />

			<p class="submit">
				<input type="submit" class="button-primary" value="<?php _e( 'Save Options', 'my_theme' ); ?>" />
			</p>
		</form>
	</div>
	<?php
}

/**
 * Sanitize and validate input. Accepts an array, return a sanitized array.
 */
function theme_options_validate( $input ) {
	global $select_options, $radio_options;

// Validation

	return $input;
}

// adapted from http://planetozh.com/blog/2009/05/handling-plugins-options-in-wordpress-28-with-register_setting/
  • The topic ‘Theme settings – "Cheating uh?" for non-admins’ is closed to new replies.