WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#14982 closed defect (bug) (duplicate)

Author link in Twenty Ten is showing username

Reported by: denzel_chia Owned by:
Milestone: Priority: normal
Severity: major Version: 3.0.1
Component: Security Keywords: twentyten, author link,
Focuses: Cc:
PR Number:

Description

The author link under post name in Twenty Ten theme is showing username

example;
Posted on September 28, 2010 by Denzel Chia

Mouseover author name Denzel Chia and you can see the username for login in the link at the browser status bar.

Perhaps this can be changed to use author ID?

Anybody can get the login username this way and what is left is the password to guess. This also defeats the purpose of allowing to use own username instead of admin.

Thanks

Change History (6)

#1 @denzel_chia
9 years ago

Sorry, It has nothing to do with twenty ten, it is the author link.

I had set my blog permalink structure to month and name, and the username is shown in the author link in lowercase.

I also found that the username is not case sensitive.
I created a username with mixed cases, but was able to login using all lowercases in the username. Which was the same as the author name shown in the author link.

This is my first ticket, sorry for messy report.

Thanks.

#2 @nacin
9 years ago

Usernames are case insensitive. This is by design.

The user_nicename is used for the author slug. This is a sanitized version of user_login. This is also by design.

#3 @denzel_chia
9 years ago

Thanks for clarification.

I checked my blog user table

For some reason, which I don't know why, my user_nicename is the same as my user_login

I am using version 3.0.1 with multi site networking. The username was entered by me during installation. My username is 11 characters long and in lowercase.

Probably something wrong with the creating of user_nicename during installation process?

Thanks.

#4 @nacin
9 years ago

By sanitized, I mean it is lowercased and some characters (like spaces) get removed. If your login is "admin" your nicename will be "admin". On the other hand, if your login is "Denzel Chia" then the nicename will be "denzel-chia". Again, by design.

#5 @denzel_chia
9 years ago

Hi Nacin,

Again, thanks for the clarification,

That explains why my user_login is the same as my user_nicename.
There is no space in my username, and it is all in lowercase character.

My suggestions;

1) If the user_login has no space and in all lowercase, WordPress automatically adds something trailing to the user_login, when creating the user_nicename?

2) Or perhaps provide a user interface in WordPress Admin user profile page to change the user_nicename, such as display author name in author link as....? Just like we are able to change the Display name publicly as...?

The immediate issue I can think of is,
Anyone can enter the username in wp-login.php to reset the password, if the user_login happens to be in lowercase and no space and username is not case sensitive. Although it does no harm, but it is still a nuisance.

For now I will change my user_nicename from the user table.

Thanks.

#6 @scribu
9 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

1) is not going to happen

2) was suggested before: #14644

Note: See TracTickets for help on using tickets.