[WikiEN-l] Re: BuddhaInside banned
Tim Starling
ts4294967296 at hotmail.com
Fri Sep 26 00:11:13 UTC 2003
Daniel Ehrenberg wrote:
> --- Erik Moeller <erik_moeller at gmx.de> wrote:
>
>>The vandalism of the Main Page was the last straw. I
>>have banned
>>BuddhaInside. This should not require Jimbo's
>>approval since it was a case
>>of simple and obvious vandalism.
>>
>>I hope we can get rid of all these Deletexxxx pages
>>he idiotically created
>>now.
>>
>>Regards,
>>
>>Erik
>
>
> How did he vandalize the main page? It's protected.
> LDan
He found a security flaw. If a page was protected, no move page link
showed up in the sidebar. However, there were no checks for page
protection in the move page code itself, so it was trivial to move a
protected page with a hand-edited URL. When a page is moved, the
redirect left behind at the original location is not protected.
This is now fixed. I implemented a simple patch about an hour after the
problem arose, and Brion did it properly shortly thereafter.
-- Tim Starling.
More information about the WikiEN-l
mailing list