[wp-hackers] Possible security patch
Charles Frees-Melvin
charles at cefm.ca
Mon Dec 7 21:21:20 UTC 2009
That is really not a good idea, becase a theme could use the classes,
and anyone can change their display name, even a subscriber. Thus
makin classes depending on a display name subject to excessive
breaking and endless nightmares for professional theme designers.
---
Charles E. Frees-Melvin
charles at cefm.ca
CEFM.ca / CEFM.tv
Sent from my Apple iPhone 3G
On 2009-12-07, at 13:38, Ian Stewart <ian at themeshaper.com> wrote:
> I still think using a sanitized display name like, 'My Display Name'
> becoming 'my-display-name', instead of using a sanitized login name
> would be
> simpler. It would cover the classes and nice-looking URLs wouldn't
> it? And
> it would give users the choice I imagine they think they're getting
> about
> what to reveal in classes and URLs when they choose their display
> name.
>
> On Mon, Dec 7, 2009 at 11:22 AM, Dre Feeds <feeds at armeda.com> wrote:
>
>>
>>
>>
>> Mark Jaquith wrote:
>>>
>>>> I think I have a better method of tackling this issue: We now
>>>> prompt
>>>> the user in the wp-admin when they are using the default install
>>>> password or a reset password. What about if we do a similar
>>>> prompt if
>>>> "admin" is the only user on the blog, suggesting that they create a
>>>> second user name and use THAT for posting?
>>>>
>>>
>>> What about simply asking the user about renaming 'admin' to
>>> something more
>>> personal?
>>>
>>> Ozh
>>>
>>
>> What about a second built-in account specifically built for posting
>> and
>> simply asking the user to rename this account. I think we separate
>> them all
>> together so there is no confusion.
>>
>> Dre Armeda
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
>
>
> --
> Ian Stewart
>
> http://ThemeShaper.com/
> http://twitter.com/iandstewart/
> http://ianstewart.stumbleupon.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list