Hi Magnus,
Or we could use a "mixed" solution:
- I upload my file to a publically accessible file (ftp or http, no
matter), if it's not already online
- I call "Special:Upload?source=web"
- The upload <input> is replaced with a simple text input row for the URL
- Instead of using the PHP upload mechanism, MediaWiki just copies the
file through ftp/http
Why are you suggesting an extra different upload page? Why not just add a radio button right there on the Upload page?
However, as Brion Vibber already mentioned, there are significant security issues with this. I have a suggestion that might solve them; if I have overlooked a security problem that this doesn't solve, please let me know.
My suggestion is thus:
* The upload page displays (if the "upload from web" option is selected) a randomly-generated token. This token is generated only once for every user, and then stays the same. * When uploading a file, the user needs to submit two URLs: * One that points to a text file containing the above token * One to the actual file he wants to upload * The upload is allowed only if the two files are on the same domain (or in the same directory, depending on how draconian you want it).
Ideas? Criticism? Timwi