[wp-trac] [WordPress Trac] #20235: the_author_posts_link() generates links with username instead of display name - this is insecure
WordPress Trac
wp-trac at lists.automattic.com
Wed Mar 14 15:32:18 UTC 2012
#20235: the_author_posts_link() generates links with username instead of display
name - this is insecure
--------------------------+-----------------------------
Reporter: asdfasd567 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.3.1
Severity: normal | Keywords:
--------------------------+-----------------------------
Any instance of using username instead of display name is susceptible to
the same vulnerabilities that leaving your username as "admin" is.
Suggest changing this, starting with the most common functions like
the_author_posts_link() so the links generated aren't
http://foo.com/author/MySecretUsername
http://wordpress.org/extend/plugins/display-name-author-permalink aims to
fix this, but it throws an error on activation.
Possible to make this part of core?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20235>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list