[wp-trac] [WordPress Trac] #20235: the_author_posts_link() generates links with username instead of display name - this is insecure

WordPress Trac wp-trac at lists.automattic.com
Wed Mar 14 15:35:53 UTC 2012


#20235: the_author_posts_link() generates links with username instead of display
name - this is insecure
-------------------------+------------------------------
 Reporter:  asdfasd567   |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Security     |     Version:  3.3.1
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+------------------------------
Changes (by wycks):

 * type:  defect (bug) => enhancement


Comment:

 I would like to second this or have some discussion. Exploit scanners now
 crawl usernames to facilitate brute force attacks and
 `the_author_posts_link()` does not provide a way to use "display name".

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20235#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list