[wp-hackers] Maybe a secure-hole

Frank Bueltge frank at bueltge.de
Thu Oct 9 18:45:43 GMT 2008

OK, im sorry i have read in the function and you use the nicename for
the permalink.

function the_author_posts_link($deprecated = '') {
	global $authordata;
		'<a href="%1$s" title="%2$s">%3$s</a>',
		get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
		sprintf( __( 'Posts by %s' ), attribute_escape( get_the_author() ) ),

I think, many user use the nicename as loginname, this is the problem
and not the function.
Best regards

More information about the wp-hackers mailing list