[wp-hackers] Possible security patch

Charles Frees-Melvin charles at cefm.ca
Mon Dec 7 21:21:20 UTC 2009


That is really not a good idea, becase a theme could use the classes,  
and anyone can change their display name,   even a subscriber. Thus  
makin classes depending on a display name subject to excessive  
breaking and endless nightmares for professional theme designers.

---
Charles E. Frees-Melvin
charles at cefm.ca
CEFM.ca / CEFM.tv

Sent from my Apple iPhone 3G

On 2009-12-07, at 13:38, Ian Stewart <ian at themeshaper.com> wrote:

> I still think using a sanitized display name like, 'My Display Name'
> becoming 'my-display-name', instead of using a sanitized login name  
> would be
> simpler. It would cover the classes and nice-looking URLs wouldn't  
> it? And
> it would give users the choice I imagine they think they're getting  
> about
> what to reveal in classes and URLs when they choose their display  
> name.
>
> On Mon, Dec 7, 2009 at 11:22 AM, Dre Feeds <feeds at armeda.com> wrote:
>
>>
>>
>>
>> Mark Jaquith wrote:
>>>
>>>> I think I have a better method of tackling this issue: We now  
>>>> prompt
>>>> the user in the wp-admin when they are using the default install
>>>> password or a reset password. What about if we do a similar  
>>>> prompt if
>>>> "admin" is the only user on the blog, suggesting that they create a
>>>> second user name and use THAT for posting?
>>>>
>>>
>>> What about simply asking the user about renaming 'admin' to  
>>> something more
>>> personal?
>>>
>>> Ozh
>>>
>>
>> What about a second built-in account specifically built for posting  
>> and
>> simply asking the user to rename this account. I think we separate  
>> them all
>> together so there is no confusion.
>>
>> Dre Armeda
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
>
>
> -- 
> Ian Stewart
>
> http://ThemeShaper.com/
> http://twitter.com/iandstewart/
> http://ianstewart.stumbleupon.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list