Tim Starling wrote:
Maybe you should read the many mailing list posts more carefully
Curb your polemics (again), please.
before you start speculating about the causes and the
possible cures.
At best we could give a meaningful error message, we can't just make
it save.
I won't let you silence me when I have an idea just because you think of
yourself as more informed or however else superior. I've made that
mistake before.
This bug is associated with a feature which prevents
submission of forms by
offsite javascript.
Yes, and as I said, this "feature" is to show a preview even though the
"preview" button wasn't clicked. You have not convinced me that this
needs to be done.
For example, if a hacker wanted a page deleted
Deletion is not editing. Stick to the topic!
they could write some javascript, put it up on their
website, then
post a link to it on the user talk page of an administrator.
Which is OK, if it's just an edit, and it will be posted by its IP
(rather than the admin's username).
The bug involved makes some unknown random event
during an ordinary
form submission appear essentially identical to this abuse scenario.
Better phrasing: The bug involved makes some unknown random event during
an ordinary form submission trigger the code path that you intended only
for the abuse scenario. Since it is clearly not as easy as you thought
to pin-point the abuse scenario, let's change the code path's effects to
be less intrusive/obstructive to normal editing. Better yet, let's
consider that the abuse scenario is ridiculous, unlikely, rare, and
would be entirely harmless if the centuries-old request to make image
deletions reversible was implemented, so the problems caused by it are
entirely out of proportion to the problems it's trying to prevent.
Timwi