From 9ac7fca92b80cb56d40b2d0843bf0fbb0f7c4aca Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Mon, 17 Feb 2020 05:31:18 +0000
Subject: [PATCH] Users: Limit the scope of admin files required in
 `WP_REST_Users_Controller`.

This requires only `wp-admin/includes/user.php` for `get_editable_roles()`, instead of `wp-admin/includes/admin.php`.

Follow-up to [43589].

Props johnwatkins0.
Fixes #49450.

git-svn-id: https://develop.svn.wordpress.org/trunk@47299 602fd350-edb4-49c9-b593-d223f7449a82
---
 .../rest-api/endpoints/class-wp-rest-users-controller.php     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
index e8d4b5c09c..83979c2891 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
@@ -1210,8 +1210,8 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
 				);
 			}
 
-			// Include admin functions to get access to get_editable_roles().
-			require_once ABSPATH . 'wp-admin/includes/admin.php';
+			// Include user admin functions to get access to get_editable_roles().
+			require_once ABSPATH . 'wp-admin/includes/user.php';
 
 			// The new role must be editable by the logged-in user.
 			$editable_roles = get_editable_roles();