Tei wrote:
so... what stops a maliciuous banner script to insert viagra links on random wikipedia articles?.
other than 2 unixtimes, and the md5 of summary, I don't see how this is protected at all.
It doesn't stop (and the md5 is not needed). An external page could produce a form to make their users post data to wikipedia. But a) The target pages would be protected, content blocked... b) The users may discover it. c) It won't work with logged-in users.