Author templates display all users on a multisite network, even if the user is not a member of a specific blog
|Reported by:||chellycat||Owned by:|
When loading an author template, WordPress should check against current users. If the author isn't valid, load 404 template.
If it's a multisite, WordPress should check the passed author slug against current users of the blog -- not all registered users of the network.
To replicate the issue, do the following:
- Create a WordPress multisite environment.
- Create a test blog and at least two users (User A and User B).
- Add User A to your test blog.
- In your browser's URL bar, type http://yourtestblogurl.com/author/userb
- Observe how user User B's profile information appears on the author page, even though User B is not a user of that specific blog.
Again, the ideal solution when loading author templates for a multisite network would be to check to see if a user is a current member of a given blog (and not the entire network).
Change History (8)
- Keywords needs-patch added
- Severity changed from normal to minor