Daniel Ehrenberg wrote:
--- Erik Moeller erik_moeller@gmx.de wrote:
The vandalism of the Main Page was the last straw. I have banned BuddhaInside. This should not require Jimbo's approval since it was a case of simple and obvious vandalism.
I hope we can get rid of all these Deletexxxx pages he idiotically created now.
Regards,
Erik
How did he vandalize the main page? It's protected. LDan
He found a security flaw. If a page was protected, no move page link showed up in the sidebar. However, there were no checks for page protection in the move page code itself, so it was trivial to move a protected page with a hand-edited URL. When a page is moved, the redirect left behind at the original location is not protected.
This is now fixed. I implemented a simple patch about an hour after the problem arose, and Brion did it properly shortly thereafter.
-- Tim Starling.