#25759 closed enhancement (wontfix)
Same nickname
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 2.0 |
| Component: | Users | Keywords: | close |
| Focuses: | Cc: |
Description
Hello. After update to 3.7, I started to notice, that user can change their nickname to mine. I'm pretty sure this isn't supposed to happen and nicknames should be unique in other words there shouldn't be 2 people with same nickname. I sadly can't tell you if it appeared in 3.7 or it was there before.
Change History (14)
#2
follow-up:
↓ 3
@
11 years ago
I find it horribly wrong. This allows user to impersonate other users. They input nickname -> set it as display name -> go comment with that display name. Display name is saved as comment_author field in comments table.
I also have no clue why you changed version to 2.0.
#3
in reply to:
↑ 2
@
11 years ago
Replying to flyerua:
I find it horribly wrong. This allows user to impersonate other users.
Related: #10931
They input nickname -> set it as display name -> go comment with that display name. Display name is saved as comment_author field in comments table.
Well, they can do the same with First Name and Last Name fields.
I also have no clue why you changed version to 2.0.
Version number indicates the earliest affected version.
#4
follow-up:
↓ 6
@
11 years ago
Version number indicates the earliest affected version.
I see.
Well, they can do the same with First Name and Last Name fields.
well, not really, since fname and lname aren't shown in comments, while comment_author field is.
Related: #10931
That is not so serious, since it can be prevented by requiring login for commenting (my case). While this one can't be really prevented with default means of WP (or I don't know about them).
#5
@
11 years ago
I don't see why this is horrible wrong. A nickname is just a name someone has and that can be duplicated and that is more then fine.
#6
in reply to:
↑ 4
@
11 years ago
Replying to flyerua:
Well, they can do the same with First Name and Last Name fields.
well, not really, since fname and lname aren't shown in comments, while comment_author field is.
I mean, they can set Display name from First Name and Last Name too. I don't see how Nickname is different.
#7
@
11 years ago
I mean, they can set Display name from First Name and Last Name too. I don't see how Nickname is different.
True, didn't know that.
Yet, I still nickname should be unique. Nickname is what most people use for display name anyway, so you could say it's bit different from fname and lname.
#8
@
11 years ago
If the goal is not to let anyone impersonate another user, then it's the display name that should be unique.
The nickname is just a field you can use to be able to set a display name that is neither user name nor first name + last name (or last name + first name).
#10
@
11 years ago
- Keywords close added
- Severity changed from major to normal
- Type changed from defect (bug) to enhancement
New ticket?
#11
@
11 years ago
This makes zero sense to me - why should a site suddenly not allow two people with the same name who want to use their actual names for display?
#12
@
11 years ago
This would be a policy of each site. A site could force the nickname to be the display name, and require it to be unique, or force the user name to be the display name. This is clearly plugin territory.
If the reporter still thinks core should enforce display name should be unique, he should open a new enhancement ticket, as making nickname unique would not solve the described problem.
Only Username and E-mail fields are currently enforced to be unique. Nickname is just a regular meta field.
This has been the case since 2.0. Related: [2704], [2872]. In earlier versions, Nickname was used instead of Username in the UI (and therefore was unique).