sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Users: Limit the scope of admin files required in `WP_REST_Users_Controller`. 

This requires only `wp-admin/includes/user.php` for `get_editable_roles()`, instead of `wp-admin/includes/admin.php`.

Follow-up to [43589].

Props johnwatkins0.
Fixes #49450.

git-svn-id: https://develop.svn.wordpress.org/trunk@47299 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2020-02-17 05:31:18 +00:00
parent b8993b72bd
commit 9ac7fca92b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
View File

@ -1210,8 +1210,8 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
); );
} }
// Include admin functions to get access to get_editable_roles(). // Include user admin functions to get access to get_editable_roles().
require_once ABSPATH . 'wp-admin/includes/admin.php'; require_once ABSPATH . 'wp-admin/includes/user.php';
// The new role must be editable by the logged-in user. // The new role must be editable by the logged-in user.
$editable_roles = get_editable_roles(); $editable_roles = get_editable_roles();