Movable Type 4.31, GET!
Six Apart (news, site) has kept their word and released a patch for the aforementioned bug in Movable Type 4.3. The new release, version 4.31, fixes some funk associated with custom fields and entry assets. More specifically, there was the possibility of a user viewing a template that might show code not designed to be viewed by the end user and couldn't be executed. New barriers include:

  • Only allow the template_id parameter when the archive_type parameter exists.
  • Force the template being used to match the archive type (e.g. if you're trying to paginate category archives, the template you're using has to be one that is producing category archives).
  • Not allow the use of the template_id parameter when the extension is php or asp.
  • Created a config directive (SearchAlwaysAllowTemplateID) that would always allow the use of template_id.  

Some other bits around the comment pagination javascript were fixed as well, and details can be found in the release notes here. Or you can just go straight for the download.

As the Movable Type team says, this release was almost entirely based on user requests and bug reports, so keep the ball rolling after you've upgraded to 4.31 by dropping your two cents here