Support » Developing with WordPress » Upload files using python sessions

  • Resolved cspit


    I need to upload images to wordpress programmatically, ideally without installing additional plugins. However I am open to best practices that involve plugins.

    So far I have been able to log in and move about the site using sessions, but when I try to upload a file to media-new.php or async-upload.php I get the following error message

    <div class="wp-die-message">The link you followed has expired.</div>

    The file is a test text file with a single line (also the upload limit on the site is 1GB) so it’s not the common file size limit. This is what I have so far. Let me know if I am barking up the wrong tree.

    import sys, requests, re
    f = 'test.txt'
    rstring='name="_wpnonce" value="(0-9a-z){10}"'
    headerauth= {
            'Cookie':'wordpress_test_cookie=WP Cookie check; ROUTEID=.1',
            'Content-Type': 'application/x-www-form-urlencoded'
    dataauth = {
            'wp-submit':'Log In',
            'redirect_to': url2,
            'testcookie': 1
    image = {'async-upload':('test.txt', open(f, "rb"))}
    testimage = open(f, "rb")
    r1 =, headers=headerauth, data=dataauth)
    test ='value="[0-9a-z]{10}"', r1.text)
    nonce ='[0-9a-z]{10}',
    nonce =
    dataupload = {
            'post_id': '0',
            '_wp_http_referer': '/wp-admin/media-new.php',
            '_wpnonce': nonce ,
            'action': 'upload_attachement',
            'html-upload': 'Upload',
    testheaders = {
            'Connection': 'keep-alive',
            'Referer': ''
    testdata = {
            'post_id': '0',
            '_wpnonce': nonce,
            'type': '',
            'tab': '',
            'short': '1',
    testdata2 = {
            'name': 'test.txt',
            'action': 'upload-attachement',
            '_wpnonce': nonce,
            'wpmf_folder': '0',
    r3 =, data=dataupload, files=image)
    #r3 =, data=testdata2, files=image)
    title ='\<title\>.+<\/title\>', r3.text)
    • This topic was modified 11 months, 4 weeks ago by cspit.
Viewing 1 replies (of 1 total)
  • Thread Starter cspit


    I found the problem. I was not pulling the correct nonce.

    Updated to use the following now allows me to upload files.

    test ='"multipart_params":.*_wpnonce":"[0-9a-z]+"', r1.text)
    nonce ='(?<=_wpnonce":")[0-9a-z]{10}',
    nonce =
Viewing 1 replies (of 1 total)
  • The topic ‘Upload files using python sessions’ is closed to new replies.