[buddypress-trac] [BuddyPress] #2445: Wordpress Core Ticket #13866 Allows User Impersonation in BuddyPress
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Tue Nov 23 23:36:29 UTC 2010
#2445: Wordpress Core Ticket #13866 Allows User Impersonation in BuddyPress
-----------------------+----------------------------------------------------
Reporter: foxly | Owner:
Type: defect | Status: closed
Priority: major | Milestone: 1.3
Component: XProfile | Version:
Resolution: invalid | Keywords: spoof, display_name, impersonation, XProfile
-----------------------+----------------------------------------------------
Changes (by boonebgorges):
* status: new => closed
* resolution: => invalid
Comment:
Display names are prominent in BuddyPress because it's a social networking
tool, and in many (most?) potential applications of BuddyPress, it's a
good thing to have some flexibility concerning the way that people
represent themselves.
In many social networks there will be multiple people who want to use the
same display name, and BP core should not prevent this outright. It's easy
to write a plugin to enforce this rule, or to reduce the prominence of
display names with a plugin like the one suggested by r-a-y.
Another plugin idea is to check display names against a blacklist provided
by the admin, something like WordPress core does for blog domains.
Since there is no real vulnerability here (permissions in WP and BP have
nothing to do with display_name), and since plugins can easily be
developed to do the kind of filtering you're suggesting, I'm closing the
ticket.
--
Ticket URL: <http://trac.buddypress.org/ticket/2445#comment:2>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list