The limit is only checked on showing the user the node form. What if a malitious user generates the appropiate $_POST object? What if we have a user clicking on back button combined with a messy browser cache?

I just committed a modification that attempts to manage this possibility. It's in the dev release or any release higher than 5x-1.1.1

Comments

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.