[wp-hackers] Security: username as class in commenst
scribu at gmail.com
Tue Mar 10 22:37:24 GMT 2009
The author login is also written in the permalink structure which displays
posts by a certain author: http://example.com/author/author-login/
Can't you apply a filter to the function that generates the class and remove
the author if it might be a security concern in your case?
On Wed, Mar 11, 2009 at 12:12 AM, Frank Bueltge <frank at bueltge.de> wrote:
> the new comment-functions has the username of the author as class.
> please can you change this in the newxt release to the nickname.
> i think this is a problem for security.
> I hope you enjoy this.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers