2007/6/7, Kevin Reynen <kreynen@gmail.com>:
Assume I'm a user without revision/edit access and I add something, preview it, and don't save it. How would I get to it?
In the thread you reference yourself, I believe it was suggested to have a "view own revisions" permission, partly to deal with the issue of entering private-data-in-PHP-code, but it would also 'fix' this issue.
Another issue that comes to mind is Captcha. Right now I only require Captcha on save. I don't like the idea of spambots being able to commit inserts to my databases or requiring Captcha on every preview.
Perhaps only requiring captcha once and then store it in the session information? Or require captcha the first time one edits a page and stays at the page[1]? [1] Ie., if I go and edit page #1 I have to pass a captcha for the first preview, but the second preview and the final submission doesn't require anything. I then go to page #2 where I have to pass a captcha again entering the 1st preview, but then I go to page #1 to check something, and upon returning to page #2, I have to re-pass the captcha for the next preview/submit. -- Frederik 'Freso' S. Olesen <http://freso.dk/>