[wp-trac] [WordPress Trac] #43027: Class comment-author-$login uses login, why not ID
WordPress Trac
noreply at wordpress.org
Fri Jan 5 11:47:41 UTC 2018
#43027: Class comment-author-$login uses login, why not ID
-------------------------+------------------------------
Reporter: webliberty | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: close | Focuses: template
-------------------------+------------------------------
Changes (by swissspidy):
* keywords: => close
Comment:
Disclosing usernames is not a security issue, see
https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/#why-are-disclosures-of-usernames-or-user-ids-not-a
-security-issue.
Also worth noting that usernames are displayed in many more locations, not
just this HTML class. Only changing it in one place doesn't make sense.
Plus, there are themes that use `comment-author-$login` for styling or
other purposes. We can't just remove that, otherwise we break these
themes.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43027#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list