[wp-trac] [WordPress Trac] #20235: the_author_posts_link() generates links with username instead of display name - this is insecure
WordPress Trac
wp-trac at lists.automattic.com
Mon Aug 27 21:55:36 UTC 2012
#20235: the_author_posts_link() generates links with username instead of display
name - this is insecure
-------------------------+----------------------
Reporter: asdfasd567 | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 3.3.1
Severity: normal | Resolution: wontfix
Keywords: |
-------------------------+----------------------
Comment (by zodiac1978):
All bugreports which are reporting things like this are closed and set to
"wontfix".
Could anyone please tell a newbie why you won't fix this. Much
appreciated! Thanks in Advance.
Many security posts, plugins, etc. are suggesting to change the "admin"
username to something else. If I rename it, I should protect the new name
an just use the nickname in public.
If the reason is just: There are other possibilities to get the username
(e.g. example.com/?author=1), why don't we close all of it?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20235#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list