[wp-hackers] Maybe a secure-hole
Frank Bueltge
frank at bueltge.de
Thu Oct 9 18:45:43 GMT 2008
OK, im sorry i have read in the function and you use the nicename for
the permalink.
function the_author_posts_link($deprecated = '') {
global $authordata;
printf(
'<a href="%1$s" title="%2$s">%3$s</a>',
get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
sprintf( __( 'Posts by %s' ), attribute_escape( get_the_author() ) ),
get_the_author()
);
}
I think, many user use the nicename as loginname, this is the problem
and not the function.
Best regards
More information about the wp-hackers
mailing list