[wp-trac] [WordPress Trac] #20235: the_author_posts_link() generates links with username instead of display name - this is insecure
WordPress Trac
wp-trac at lists.automattic.com
Wed Mar 14 15:35:53 UTC 2012
#20235: the_author_posts_link() generates links with username instead of display
name - this is insecure
-------------------------+------------------------------
Reporter: asdfasd567 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.3.1
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------------------
Changes (by wycks):
* type: defect (bug) => enhancement
Comment:
I would like to second this or have some discussion. Exploit scanners now
crawl usernames to facilitate brute force attacks and
`the_author_posts_link()` does not provide a way to use "display name".
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20235#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list