[wp-hackers] Author URLs expose usernames
harry at dxw.com
Tue Jul 17 15:19:58 UTC 2012
Thanks Mike. We'll have a play!
On 17/07/12 16:18, Mike Little wrote:
> On 17 July 2012 15:04, Harry Metcalfe <harry at dxw.com> wrote:
>> On 17/07/12 12:12, Mike Little wrote:
>>> Ah, I should have checked that! Will the core keep those old URLs live if
>> nicename changes?
> No, I don't think it will (unlike posts and pages), you may need to tap
> into the query processing.
> The rewrite rules will convert the url to a query var: author_name =
> 'author-slug-from-url'; There are no filters around parsing that: the code
> will simply call get_user_by('slug', $q['author_name']).
> I think you should:
> hook into 'pre_get_posts',
> look for author_name being set and call get_user_by('slug',
> if you get a result, you're done.
> else, call get_user_by('login', $q['author_name']),
> if that works, get the user's slug (user_nicename) and update query var
> author_name to match.
> Hope that helps,
More information about the wp-hackers