Last modified: 2009-08-06 22:28:39 UTC
It is possible to automatically opt a user in to the beta without their knowledge. If the img tag in the link above is placed on a page and a logged-in user visits the page, they will automatically be opted-in to the beta
Trevor's looking into this; we're currently looking at using session tokens similar to what's being done for rollback links from the history page. This lets us still use a GET req which is easy to forward to without forcing an extra <form> for a POST submission, while staying safe from predictable URLs.
Resolved in r54542 by adding edit token checking to the optin and optout procedures.