WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#25759 closed enhancement (wontfix)

Same nickname

Reported by: flyerua Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.0
Component: Users Keywords: close
Focuses: Cc:
PR Number:

Description

Hello. After update to 3.7, I started to notice, that user can change their nickname to mine. I'm pretty sure this isn't supposed to happen and nicknames should be unique in other words there shouldn't be 2 people with same nickname. I sadly can't tell you if it appeared in 3.7 or it was there before.

Change History (14)

#1 @SergeyBiryukov
6 years ago

  • Version changed from 3.7 to 2.0

Only Username and E-mail fields are currently enforced to be unique. Nickname is just a regular meta field.

This has been the case since 2.0. Related: [2704], [2872]. In earlier versions, Nickname was used instead of Username in the UI (and therefore was unique).

#2 follow-up: @flyerua
6 years ago

I find it horribly wrong. This allows user to impersonate other users. They input nickname -> set it as display name -> go comment with that display name. Display name is saved as comment_author field in comments table.
I also have no clue why you changed version to 2.0.

Last edited 6 years ago by flyerua (previous) (diff)

#3 in reply to: ↑ 2 @SergeyBiryukov
6 years ago

Replying to flyerua:

I find it horribly wrong. This allows user to impersonate other users.

Related: #10931

They input nickname -> set it as display name -> go comment with that display name. Display name is saved as comment_author field in comments table.

Well, they can do the same with First Name and Last Name fields.

I also have no clue why you changed version to 2.0.

Version number indicates the earliest affected version.

#4 follow-up: @flyerua
6 years ago

Version number indicates the earliest affected version.

I see.

Well, they can do the same with First Name and Last Name fields.

well, not really, since fname and lname aren't shown in comments, while comment_author field is.

Related: #10931

That is not so serious, since it can be prevented by requiring login for commenting (my case). While this one can't be really prevented with default means of WP (or I don't know about them).

#5 @markoheijnen
6 years ago

I don't see why this is horrible wrong. A nickname is just a name someone has and that can be duplicated and that is more then fine.

#6 in reply to: ↑ 4 @SergeyBiryukov
6 years ago

Replying to flyerua:

Well, they can do the same with First Name and Last Name fields.

well, not really, since fname and lname aren't shown in comments, while comment_author field is.

I mean, they can set Display name from First Name and Last Name too. I don't see how Nickname is different.

#7 @flyerua
6 years ago

I mean, they can set Display name from First Name and Last Name too. I don't see how Nickname is different.

True, didn't know that.
Yet, I still nickname should be unique. Nickname is what most people use for display name anyway, so you could say it's bit different from fname and lname.

Last edited 6 years ago by flyerua (previous) (diff)

#8 @knutsp
6 years ago

If the goal is not to let anyone impersonate another user, then it's the display name that should be unique.

The nickname is just a field you can use to be able to set a display name that is neither user name nor first name + last name (or last name + first name).

#9 follow-up: @flyerua
6 years ago

Oh, yeah. That's right. Display name should be unique.

#10 @knutsp
6 years ago

  • Keywords close added
  • Severity changed from major to normal
  • Type changed from defect (bug) to enhancement

New ticket?

#11 @helen
6 years ago

This makes zero sense to me - why should a site suddenly not allow two people with the same name who want to use their actual names for display?

#12 @knutsp
6 years ago

This would be a policy of each site. A site could force the nickname to be the display name, and require it to be unique, or force the user name to be the display name. This is clearly plugin territory.

If the reporter still thinks core should enforce display name should be unique, he should open a new enhancement ticket, as making nickname unique would not solve the described problem.

#13 @helen
6 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Agree on plugin territory.

#14 in reply to: ↑ 9 @SergeyBiryukov
6 years ago

Replying to flyerua:

Display name should be unique.

Related: #13866

Note: See TracTickets for help on using tickets.