[buddypress-trac] [BuddyPress] #2445: Wordpress Core Ticket #13866 Allows User Impersonation in BuddyPress

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Tue Nov 23 23:36:29 UTC 2010

#2445: Wordpress Core Ticket #13866 Allows User Impersonation in BuddyPress
  Reporter:  foxly     |       Owner:                                              
      Type:  defect    |      Status:  closed                                      
  Priority:  major     |   Milestone:  1.3                                         
 Component:  XProfile  |     Version:                                              
Resolution:  invalid   |    Keywords:  spoof, display_name, impersonation, XProfile
Changes (by boonebgorges):

  * status:  new => closed
  * resolution:  => invalid


 Display names are prominent in BuddyPress because it's a social networking
 tool, and in many (most?) potential applications of BuddyPress, it's a
 good thing to have some flexibility concerning the way that people
 represent themselves.

 In many social networks there will be multiple people who want to use the
 same display name, and BP core should not prevent this outright. It's easy
 to write a plugin to enforce this rule, or to reduce the prominence of
 display names with a plugin like the one suggested by r-a-y.

 Another plugin idea is to check display names against a blacklist provided
 by the admin, something like WordPress core does for blog domains.

 Since there is no real vulnerability here (permissions in WP and BP have
 nothing to do with display_name), and since plugins can easily be
 developed to do the kind of filtering you're suggesting, I'm closing the

Ticket URL: <http://trac.buddypress.org/ticket/2445#comment:2>
BuddyPress <http://buddypress.org/>

More information about the buddypress-trac mailing list