Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#49450 closed defect (bug) (fixed)

WP_REST_Users_Controller includes the entire admin for one utility function

Reported by: sergeybiryukov's profile SergeyBiryukov Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 5.4 Priority: normal
Severity: normal Version:
Component: Users Keywords: good-first-bug has-patch
Focuses: rest-api Cc:


Background: #43757.

WP_REST_Users_Controller::check_role_update() includes the entire admin API (wp-admin/includes/admin.php) just to get access to get_editable_roles().

It could just require wp-admin/includes/user.php instead, like the ::delete_item() method does.

Attachments (1)

49450.diff (724 bytes) - added by johnwatkins0 4 years ago.

Download all attachments as: .zip

Change History (3)

4 years ago

#1 @SergeyBiryukov
4 years ago

  • Keywords has-patch added; needs-patch removed

#2 @SergeyBiryukov
4 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 47299:

Users: Limit the scope of admin files required in WP_REST_Users_Controller.

This requires only wp-admin/includes/user.php for get_editable_roles(), instead of wp-admin/includes/admin.php.

Follow-up to [43589].

Props johnwatkins0.
Fixes #49450.

Note: See TracTickets for help on using tickets.