Tim Starling wrote:
Maybe you should read the many mailing list posts more carefully
Curb your polemics (again), please.
before you start speculating about the causes and the possible cures. At best we could give a meaningful error message, we can't just make it save.
I won't let you silence me when I have an idea just because you think of yourself as more informed or however else superior. I've made that mistake before.
This bug is associated with a feature which prevents submission of forms by offsite javascript.
Yes, and as I said, this "feature" is to show a preview even though the "preview" button wasn't clicked. You have not convinced me that this needs to be done.
For example, if a hacker wanted a page deleted
Deletion is not editing. Stick to the topic!
they could write some javascript, put it up on their website, then post a link to it on the user talk page of an administrator.
Which is OK, if it's just an edit, and it will be posted by its IP (rather than the admin's username).
The bug involved makes some unknown random event during an ordinary form submission appear essentially identical to this abuse scenario.
Better phrasing: The bug involved makes some unknown random event during an ordinary form submission trigger the code path that you intended only for the abuse scenario. Since it is clearly not as easy as you thought to pin-point the abuse scenario, let's change the code path's effects to be less intrusive/obstructive to normal editing. Better yet, let's consider that the abuse scenario is ridiculous, unlikely, rare, and would be entirely harmless if the centuries-old request to make image deletions reversible was implemented, so the problems caused by it are entirely out of proportion to the problems it's trying to prevent.
Timwi