[wp-trac] [WordPress Trac] #20235: the_author_posts_link() generates links with username instead of display name - this is insecure

WordPress Trac wp-trac at lists.automattic.com
Wed Mar 14 15:32:18 UTC 2012


#20235: the_author_posts_link() generates links with username instead of display
name - this is insecure
--------------------------+-----------------------------
 Reporter:  asdfasd567    |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Security      |    Version:  3.3.1
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 Any instance of using username instead of display name is susceptible to
 the same vulnerabilities that leaving your username as "admin" is.

 Suggest changing this, starting with the most common functions like
 the_author_posts_link() so the links generated aren't
 http://foo.com/author/MySecretUsername

 http://wordpress.org/extend/plugins/display-name-author-permalink aims to
 fix this, but it throws an error on activation.

 Possible to make this part of core?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20235>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list