I have already implemented it. It is the same upload
page, just with the
textbox instead of the <input type=file>.
Still sounds like a separate page (for the user) instead of a simple
radio button. Why?
This isn't really a security feature, as an Evil
User (tm) can still
upload any file (s)he wants.
People can *already* upload any file they want (subject to size
restrictions). I wasn't addressing that problem because it is not a
problem of "upload via URL". I was trying to address the security issues
that come from the user's ability to cause the server to perform any GET
request to any server. But now that I think about it more, I haven't
actually solved that issue at all: the necessity to retrieve the "token
file" would still grant the user that ability... so scratch it all :)
So, to solve my original problem, I'd have to
find a commons admin, and write on his/her talk page to please upload
the files I stored at (URL), maybe give the file description/license
there or insert it myself once it's up.
(You can actually place that information on the Image page even before
it's up.)
Timwi