ACP > Forums > Create > doubleclick on "Submit" doubles forum moderators when copying permissions

ACP > Forums > Manage forums > Manage forums > Create new forum ("testforum") > Forum settings > Copy permissions from > ("otherforum"). Don't click once on the Submit button, do a doubleclick. Results in:

• creating the forum twice,
• adding or editing groups' user permissions twice and
• copying forum permissions twice.

Yet I haven't really grasped the whole thing. In /includes/acp/acp_forums.php we have this call:

copy_forum_permissions($forum_perm_from, $forum_data['forum_id'], ($action == 'edit') ? true : false);

The third parameter of that will evaluate to FALSE when creating a forum - the only position in the whole phpBB files where this third parameter might be FALSE. Looking up the function's definition in /includes/functions_admin.php this parameter turns out as $clear_dest_perms = true. It is then used this way:

	// Clear current permissions of destination forums

	if ($clear_dest_perms)

	{

		$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '

			WHERE ' . $db->sql_in_set('forum_id', $dest_forum_ids);

		$db->sql_query($sql);

		$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '

			WHERE ' . $db->sql_in_set('forum_id', $dest_forum_ids);

		$db->sql_query($sql);

	}

So when creating "two forums in a row" (the doubleclick) both seem to be copied twice without deleting existing datasets. Seeing this brought me the idea:

Simply re-editing the forum and re-copying the permissions from another forum solved the issue.

What I don't really get: why is the doubleclick "possible" at all? I mean: why doesn't interfere any form token from processing a (HTTP) request more than once? I'm a bit scared by what could go wrong to the whole board because I literally have the chance to doubleclick on a Submit button in so many different places.