Make WordPress Core

Opened 12 years ago

Closed 11 years ago

Last modified 11 years ago

#22121 closed defect (bug) (fixed)

Toolbar: username vs user_nicename in My Account dropdown

Reported by: drewapicture's profile DrewAPicture Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 3.6 Priority: normal
Severity: normal Version: 3.4
Component: Toolbar Keywords: has-patch commit
Focuses: Cc:


Per a discussion in the forums, there is some confusion about the presentation of user_nicename in the My Account Toolbar menu, specifically in the context of email address-like usernames. As it is now, the Display Name is in bold with the nicename below. See here:


A) The span class of username is incorrect because we're displaying the user_nicename (and you can't login with the nicename)

B) The span class is correct and we should be displaying the username.

Attachments (1)

22121.patch (710 bytes) - added by SergeyBiryukov 12 years ago.

Download all attachments as: .zip

Change History (8)

#1 @SergeyBiryukov
12 years ago

  • Component changed from General to Toolbar
  • Keywords has-patch added

Introduced in [18776]. I guess it should be username there.

#2 @SergeyBiryukov
12 years ago

  • Milestone changed from Awaiting Review to 3.6

#3 @SergeyBiryukov
11 years ago

  • Keywords commit added; 2nd-opinion removed

#4 @SergeyBiryukov
11 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 23360:

Display username (user_login) rather than user_nicename in Toolbar. fixes #22121.

#5 follow-up: @juliobox
11 years ago

  • Cc juliobosk@… added

I do not agree with this decision. Most of people take screenshots to show something on a plugin setting page, on dashboard, to explain some problem, to illustrate a tutorial.
So, now we will see their login ? Wow, strange and not secure.
Can we discuss about this ?

#6 in reply to: ↑ 5 @SergeyBiryukov
11 years ago

Replying to juliobox:

So, now we will see their login ?

Only if they open the "My Account" menu when taking a screenshot:

Wow, strange and not secure.

user_nicename is a URL-friendly version of the username. Most of the time they are the same anyway, so I don't think displaying user_nicename was more secure. It just makes less sense outside of URL context. Moreover, we don't consider this information disclosure, see #3708.

Last edited 11 years ago by SergeyBiryukov (previous) (diff)

#7 @juliobox
11 years ago

"are the same" by default, by security you have to change it to avoid to display your login in some CSS classes.
SO, i was wrong about the screenshot, if we have to slide down the menu, ok for me, thank you Sergey (and congrats for what you know ;p)

Note: See TracTickets for help on using tickets.