Having just made an FPP, I can still get to the posting page by pasting the "post_good.mefi" link. I can also put in any user id and it still gets me into preview. I didn't dare to hit post though to see if that works, but I thought I'd point it out.
In an old MeTa thread, there is a comment by WIL WHEATON (just below this one) that has an invalid timestamp/comment link, and when I try to get his member info, it sends me here. Is this some sort of masterful cloaking on wil's part, just a bug, or is he part of the cabal of mefi users who cannot be traced by their user profiles?
So would This be considered a bug or a diabolical feature? I believe that what kchristidis did was copy the source for a previous comment into the top of his comment making it appear as though Meg posted a comment she didn't post. Is it even possible to prevent something like that?
Not a bug as such, but plinth's latest shows that MeFi isn't spoof-proof. Is there a way to parse comments to ensure that "layout-critical" HTML (ie the "span class" tag) won't be rendered?