[wp-trac] [WordPress Trac] #22121: Toolbar: username vs user_nicename in My Account dropdown
WordPress Trac
noreply at wordpress.org
Thu Jan 31 02:34:13 UTC 2013
#22121: Toolbar: username vs user_nicename in My Account dropdown
------------------------------+-----------------------------
Reporter: DrewAPicture | Owner: SergeyBiryukov
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 3.6
Component: Toolbar | Version: 3.4
Severity: normal | Resolution: fixed
Keywords: has-patch commit |
------------------------------+-----------------------------
Comment (by SergeyBiryukov):
Replying to [comment:5 juliobox]:
> So, now we will see their login ?
Only if they open the "My Account" menu when taking a screenshot:
http://cl.ly/image/2y423k441F0j.
> Wow, strange and not secure.
`user_nicename` is a URL-friendly version of the username. Most of the
time they are the same anyway, so I don't think displaying `user_nicename`
was more secure. It just make less sense outside of URL context. Moreover,
we don't consider this information disclosure, see #3708.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22121#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list