Hi Magnus,
Or we could use a "mixed" solution:
* I upload my file to a publically accessible file (ftp or http, no
matter), if it's not already online
* I call "Special:Upload?source=web"
* The upload <input> is replaced with a simple text input row for the URL
* Instead of using the PHP upload mechanism, MediaWiki just copies the
file through ftp/http
Why are you suggesting an extra different upload page? Why not just add
a radio button right there on the Upload page?
However, as Brion Vibber already mentioned, there are significant
security issues with this. I have a suggestion that might solve them; if
I have overlooked a security problem that this doesn't solve, please let
me know.
My suggestion is thus:
* The upload page displays (if the "upload from web" option is
selected) a randomly-generated token. This token is generated only
once for every user, and then stays the same.
* When uploading a file, the user needs to submit two URLs:
* One that points to a text file containing the above token
* One to the actual file he wants to upload
* The upload is allowed only if the two files are on the same domain
(or in the same directory, depending on how draconian you want it).
Ideas? Criticism?
Timwi