WordPress.org

Make WordPress Core

Opened 19 months ago

Closed 15 months ago

Last modified 15 months ago

#22121 closed defect (bug) (fixed)

Toolbar: username vs user_nicename in My Account dropdown

Reported by: DrewAPicture Owned by: SergeyBiryukov
Milestone: 3.6 Priority: normal
Severity: normal Version: 3.4
Component: Toolbar Keywords: has-patch commit
Focuses: Cc:

Description

Per a discussion in the forums, there is some confusion about the presentation of user_nicename in the My Account Toolbar menu, specifically in the context of email address-like usernames. As it is now, the Display Name is in bold with the nicename below. See here: http://cl.ly/image/2y423k441F0j

Either:

A) The span class of username is incorrect because we're displaying the user_nicename (and you can't login with the nicename)

B) The span class is correct and we should be displaying the username.

Attachments (1)

22121.patch (710 bytes) - added by SergeyBiryukov 19 months ago.

Download all attachments as: .zip

Change History (8)

SergeyBiryukov19 months ago

comment:1 SergeyBiryukov19 months ago

  • Component changed from General to Toolbar
  • Keywords has-patch added

Introduced in [18776]. I guess it should be username there.

comment:2 SergeyBiryukov16 months ago

  • Milestone changed from Awaiting Review to 3.6

comment:3 SergeyBiryukov15 months ago

  • Keywords commit added; 2nd-opinion removed

comment:4 SergeyBiryukov15 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 23360:

Display username (user_login) rather than user_nicename in Toolbar. fixes #22121.

comment:5 follow-up: juliobox15 months ago

  • Cc juliobosk@… added

I do not agree with this decision. Most of people take screenshots to show something on a plugin setting page, on dashboard, to explain some problem, to illustrate a tutorial.
So, now we will see their login ? Wow, strange and not secure.
Can we discuss about this ?

comment:6 in reply to: ↑ 5 SergeyBiryukov15 months ago

Replying to juliobox:

So, now we will see their login ?

Only if they open the "My Account" menu when taking a screenshot: http://cl.ly/image/2y423k441F0j.

Wow, strange and not secure.

user_nicename is a URL-friendly version of the username. Most of the time they are the same anyway, so I don't think displaying user_nicename was more secure. It just makes less sense outside of URL context. Moreover, we don't consider this information disclosure, see #3708.

Last edited 15 months ago by SergeyBiryukov (previous) (diff)

comment:7 juliobox15 months ago

"are the same" by default, by security you have to change it to avoid to display your login in some CSS classes.
SO, i was wrong about the screenshot, if we have to slide down the menu, ok for me, thank you Sergey (and congrats for what you know ;p)

Note: See TracTickets for help on using tickets.