[wp-hackers] Maybe a secure-hole
Otto
otto at ottodestruct.com
Thu Oct 9 20:43:15 GMT 2008
On Thu, Oct 9, 2008 at 2:47 PM, Jeremy Clarke
<jer-wphackers at simianuprising.com> wrote:
> So: it would be really nice if the author urls were
> editeable/choosable or if they just used display_name instead of login
> name for both potential security benefits and because it would be
> aesthetically pleasing. It really is weird to click on a link with a
> name on it and come to a url with the person's weird internet alias.
It was pointed out that it actually uses the user_nicename field,
which is the sanitized version of the user_login field. Change the
nicename = change the URL. Nicename is not editable anywhere though.
> Why not just use a lowercase url-ized version of display name for
> author urls?
You could use the pre_user_nicename filter to change it to something else:
function change_nicename($nicename) {
return sanitize_title($_POST['display_name']);
}
add_filter('pre_user_nicename','change_nicename');
> Last thing: Why is there no permalinks field for the author base?
It's there, just has no option in the admin menus to edit it. Just
change the global $wp_rewrite->author_base to whatever you want it to
be.
-Otto
More information about the wp-hackers
mailing list