Apparently, the form_spam_protect plugin only works with HTTP POST, not GET. Unsafe operations (save and file-upload) should be POSTs anyway. Fixed. Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.
Fixed a whole bunch of minor stuff. Had a go at getting some of the plethora of broken tests to pass.
Sync with Revision 519 of Instiki trunk (2007/5/7).