Opened 14 years ago
Closed 14 years ago
#14982 closed defect (bug) (duplicate)
Author link in Twenty Ten is showing username
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 3.0.1 |
Component: | Security | Keywords: | twentyten, author link, |
Focuses: | Cc: |
Description
The author link under post name in Twenty Ten theme is showing username
example;
Posted on September 28, 2010 by Denzel Chia
Mouseover author name Denzel Chia and you can see the username for login in the link at the browser status bar.
Perhaps this can be changed to use author ID?
Anybody can get the login username this way and what is left is the password to guess. This also defeats the purpose of allowing to use own username instead of admin.
Thanks
Change History (6)
#2
@
14 years ago
Usernames are case insensitive. This is by design.
The user_nicename is used for the author slug. This is a sanitized version of user_login. This is also by design.
#3
@
14 years ago
Thanks for clarification.
I checked my blog user table
For some reason, which I don't know why, my user_nicename is the same as my user_login
I am using version 3.0.1 with multi site networking. The username was entered by me during installation. My username is 11 characters long and in lowercase.
Probably something wrong with the creating of user_nicename during installation process?
Thanks.
#4
@
14 years ago
By sanitized, I mean it is lowercased and some characters (like spaces) get removed. If your login is "admin" your nicename will be "admin". On the other hand, if your login is "Denzel Chia" then the nicename will be "denzel-chia". Again, by design.
#5
@
14 years ago
Hi Nacin,
Again, thanks for the clarification,
That explains why my user_login is the same as my user_nicename.
There is no space in my username, and it is all in lowercase character.
My suggestions;
1) If the user_login has no space and in all lowercase, WordPress automatically adds something trailing to the user_login, when creating the user_nicename?
2) Or perhaps provide a user interface in WordPress Admin user profile page to change the user_nicename, such as display author name in author link as....? Just like we are able to change the Display name publicly as...?
The immediate issue I can think of is,
Anyone can enter the username in wp-login.php to reset the password, if the user_login happens to be in lowercase and no space and username is not case sensitive. Although it does no harm, but it is still a nuisance.
For now I will change my user_nicename from the user table.
Thanks.
Sorry, It has nothing to do with twenty ten, it is the author link.
I had set my blog permalink structure to month and name, and the username is shown in the author link in lowercase.
I also found that the username is not case sensitive.
I created a username with mixed cases, but was able to login using all lowercases in the username. Which was the same as the author name shown in the author link.
This is my first ticket, sorry for messy report.
Thanks.