Support » Developing with WordPress » Upload files using python sessions

  • Resolved cspit

    (@cspit)


    I need to upload images to wordpress programmatically, ideally without installing additional plugins. However I am open to best practices that involve plugins.

    So far I have been able to log in and move about the site using sessions, but when I try to upload a file to media-new.php or async-upload.php I get the following error message

    <div class="wp-die-message">The link you followed has expired.</div>

    The file is a test text file with a single line (also the upload limit on the site is 1GB) so it’s not the common file size limit. This is what I have so far. Let me know if I am barking up the wrong tree.

    import sys, requests, re
    
    f = 'test.txt'
    rstring='name="_wpnonce" value="(0-9a-z){10}"'
    
    user='username'
    password='password'
    url1='https://example.com/wp-login.php'
    url2='https://example.com/wp-admin/media-new.php'
    url3='https://example.com/wp-admin/async-upload.php'
    
    headerauth= {
            'Cookie':'wordpress_test_cookie=WP Cookie check; ROUTEID=.1',
            'Content-Type': 'application/x-www-form-urlencoded'
            }
    dataauth = {
            'log':user,
            'pwd':password,
            'wp-submit':'Log In',
            'redirect_to': url2,
            'testcookie': 1
            }
    image = {'async-upload':('test.txt', open(f, "rb"))}
    testimage = open(f, "rb")
    
    session1=requests.session()
    session1.get(url1)
    r1 = session1.post(url1, headers=headerauth, data=dataauth)
    
    test = re.search('value="[0-9a-z]{10}"', r1.text)
    nonce = re.search('[0-9a-z]{10}', test.group(0))
    nonce = nonce.group(0)
    
    dataupload = {
            'post_id': '0',
            '_wp_http_referer': '/wp-admin/media-new.php',
            '_wpnonce': nonce ,
            'action': 'upload_attachement',
            'html-upload': 'Upload',
            }
    testheaders = {
            'Connection': 'keep-alive',
            'Referer': 'https://example.com/wp-admin/upload.php'
            }
    testdata = {
            'post_id': '0',
            '_wpnonce': nonce,
            'type': '',
            'tab': '',
            'short': '1',
            }
    testdata2 = {
            'name': 'test.txt',
            'action': 'upload-attachement',
            '_wpnonce': nonce,
            'wpmf_folder': '0',
            }
    
    r3 = session1.post(url2, data=dataupload, files=image)
    #r3 = session1.post(url3, data=testdata2, files=image)
    title = re.search('\<title\>.+<\/title\>', r3.text)
    print(r3)
    print(title.group(0))
    • This topic was modified 11 months, 4 weeks ago by cspit.
Viewing 1 replies (of 1 total)
  • Thread Starter cspit

    (@cspit)

    I found the problem. I was not pulling the correct nonce.

    Updated to use the following now allows me to upload files.

    test = re.search('"multipart_params":.*_wpnonce":"[0-9a-z]+"', r1.text)
    nonce = re.search('(?<=_wpnonce":")[0-9a-z]{10}', test.group(0))
    nonce = nonce.group(0)
Viewing 1 replies (of 1 total)
  • The topic ‘Upload files using python sessions’ is closed to new replies.