Not to belabor the point, but there seem to me to be easier, and more foolproof, ways to accomplish the same thing: you could require users to be logged in to upload files, for instance, which would prevent IP-address checking. If you're worried that even using user accounts is too much of a privacy breach, you could limit file uploads to a single user account, and then publish the username and password of that account publicly, so everyone would log in as that user to upload files.
Yaron Koren skrev:Correct.
Okay, I think I understand the hack now - basically you're talking about being able to set the filename from the query string.
Yes it is, so I guess we will need to deal with that too. Probably by prohibiting access to the "Special" namespace for anonymous users, and whitelist only just the pages needed for posting. There might be other security holes also (I've heard there are a number of them in MW), but I think it will suffice if it's not easy for non-hackers to see what others are doing.
There might be an easier way to do that, but that makes sense.
For the random string - isn't people's privacy compromised already by the fact that you can see file uploads in the "Recent changes" page?