On Fri, Sep 26, 2008 at 1:50 AM, Aryeh Gregor
<Simetrical+wikilist(a)gmail.com> wrote:
On Thu, Sep 25, 2008 at 4:39 AM, Tei
<oscar.vives(a)gmail.com> wrote:
Reading the wikipedia html output, I have found
that EditPage.php
produce "+\" has the value for wpEditToken. This token seens
supposedly random, to stop spammers to fill the wikipedia with viagra
links. But It don't seems much random to me, on all computers I have
tested, it seems constant to "+\"
Is that a code bug, or maybe misconfiguration on the wikipedia guys?.
My recollection is that it was a way to detect edits that were passing
through certain broken proxies, which would silently corrupt the edit
form data. By adding some content to the edit token that these
proxies would corrupt as well, the edits would be rejected, while
others would be unaffected. Apparently "+\" will trigger this
particular bug in these particular proxies, so it will prevent
randomly screwing up pages in some cases. The source code/revision
log should have more info.
so... what stops a maliciuous banner script to insert viagra links on
random wikipedia articles?.
other than 2 unixtimes, and the md5 of summary, I don't see how this
is protected at all.