Daniel Ehrenberg wrote:
--- Erik Moeller <erik_moeller(a)gmx.de> wrote:
The vandalism of the Main Page was the last straw.
I
have banned
BuddhaInside. This should not require Jimbo's
approval since it was a case
of simple and obvious vandalism.
I hope we can get rid of all these Deletexxxx pages
he idiotically created
now.
Regards,
Erik
How did he vandalize the main page? It's protected.
LDan
He found a security flaw. If a page was protected, no move page link
showed up in the sidebar. However, there were no checks for page
protection in the move page code itself, so it was trivial to move a
protected page with a hand-edited URL. When a page is moved, the
redirect left behind at the original location is not protected.
This is now fixed. I implemented a simple patch about an hour after the
problem arose, and Brion did it properly shortly thereafter.
-- Tim Starling.