On Fri, Sep 26, 2008 at 1:50 AM, Aryeh Gregor Simetrical+wikilist@gmail.com wrote:
On Thu, Sep 25, 2008 at 4:39 AM, Tei oscar.vives@gmail.com wrote:
Reading the wikipedia html output, I have found that EditPage.php produce "+" has the value for wpEditToken. This token seens supposedly random, to stop spammers to fill the wikipedia with viagra links. But It don't seems much random to me, on all computers I have tested, it seems constant to "+"
Is that a code bug, or maybe misconfiguration on the wikipedia guys?.
My recollection is that it was a way to detect edits that were passing through certain broken proxies, which would silently corrupt the edit form data. By adding some content to the edit token that these proxies would corrupt as well, the edits would be rejected, while others would be unaffected. Apparently "+" will trigger this particular bug in these particular proxies, so it will prevent randomly screwing up pages in some cases. The source code/revision log should have more info.
so... what stops a maliciuous banner script to insert viagra links on random wikipedia articles?.
other than 2 unixtimes, and the md5 of summary, I don't see how this is protected at all.