Python上传文件到WordPress

jdg4fx2g  于 2024-01-06  发布在  WordPress
关注(0)|答案(3)|浏览(238)

我试图上传文件到一个WordPress网站使用Python.到目前为止,它看起来像我不能使用API与会话cookie没有扩展.所以在这一点上,我试图按照沿着以下职位
使用请求登录WordPress- Python3
Uploading of image to WordPress through Python's requests
这就是我目前所知道的。

  1. #!/usr/bin/python3
  2. import sys, requests
  4. f = 'test.txt'
  6. user='username'
  7. password='password'
  8. url1='https://example.com/wp-login.php'
  9. url2='https://example.com/wp-admin/media-new.php'
  11. headerauth= {'Cookie':'wordpress_test_cookie=WP Cookie check'}
  12. dataauth = {'log':user, 'pwd':password, 'wp-submit':'Log In'}
  13. dataupload = {'post_id': '0', '_wp_http_referer': '/wp-admin/media-new.php', 'action': 'upload_attachement', 'html-upload': 'Upload'}
  14. image = {'async-upload':('test.txt', open(f, "rb"))}
  16. session1=requests.session()
  17. r1 = session1.post(url1, headers=headerauth, data=dataauth)
  18. print(r1)
  19. r2 = session1.get(url2)
  20. print(r2)
  21. r3 = session1.post(url2, data=dataupload, files=image)
  22. print(r3)

字符串
当运行这个程序时,我得到了以下响应,显然最后一个是有趣的。

  1. ./upload.py
  2. <Response [200]>
  3. <Response [200]>
  4. <Response [403]>


我也试过在手动上传文件后从Chrome中提取数据字段,直接发布到UBC-upload.php,结果类似。
更新:我收到的回复页面有以下标题。

  1. <title>Something went wrong.</title>
  2. ...
  3. <body id="error-page">
  4.     <div class="wp-die-message">The link you followed has expired.</div> 
  5. </body>


我还添加了nonce值后,挖掘了周围的网页源代码。

  1. <input type="hidden" id="_wpnonce" name="_wpnonce" value="74bdb561c5">


这是我加的。

  1. r2 = session1.get(url2)
  2. test = re.search('value="[0-9a-z]{10}"', r2.text)
  3. nonce = re.search('[0-9a-z]{10}', test.group(0))
  4. nonce = nonce.group(0)
  5. dataupload = {'post_id':'0', '_wp_http_referer':'/wp-admin/media-new.php', '_wpnonce':nonce, 'action':'upload_attachement', 'html-upload':'Upload'}


仍然没有运气。我还注意到,与我的基于浏览器的会话相比,缺少cookie。我将假设我实际上没有进行身份验证。

wordpress

3条答案

按热度按时间
kzipqqlq

kzipqqlq1#

您可能需要在请求中添加更多标头。
标题可以在Network > Headers > Request Headers of the Developer Tools.中找到(按F12切换它。)

赞(0)分享  回复(0)举报  2024-01-06
wlsrxk51

wlsrxk512#

使用了错误的随机数。要提取正确的随机数,请使用以下命令并发布到Media-upload.php。关键是从media-new.php页面提取form _wpnonce。
如果你不从表单参数中提取,那么你最终可能会得到一打其他随机数中的一个。

  1. test = re.search('"multipart_params":.*_wpnonce":"[0-9a-z]+"', r1.text)
  2. nonce = re.search('(?<=_wpnonce":")[0-9a-z]{10}', test.group(0))
  3. nonce = nonce.group(0)

字符串
完整的代码是

  1. #!/usr/bin/python3
  2. import sys, requests, re
  4. f = 'test.txt'
  6. user='user'
  7. password='password'
  8. url1='https://example.com/wp-login.php'
  9. redirecturl='https://example.com/wp-admin/media-new.php'
  10. url2='https://example.com/wp-admin/async-upload.php'
  12. headerauth= {
  13.         'Cookie':'wordpress_test_cookie=WP Cookie check; ROUTEID=.1',
  14.         'Host':'example.com',
  15.         'Content-Type': 'application/x-www-form-urlencoded'
  16.         }
  17. dataauth = {
  18.         'log':user,
  19.         'pwd':password,
  20.         'wp-submit':'Log In',
  21.         'redirect_to': redirecturl,
  22.         'testcookie': 1
  23.         }
  24. image = {'async-upload':('test.txt', open(f, "rb"))}
  25. testimage = open(f, "rb")
  27. session1=requests.session()
  28. session1.get(url1)
  29. r1 = session1.post(url1, headers=headerauth, data=dataauth)
  31. test = re.search('"multipart_params":.*_wpnonce":"[0-9a-z]+"', r1.text)
  32. nonce = re.search('(?<=_wpnonce":")[0-9a-z]{10}', test.group(0))
  33. nonce = nonce.group(0)
  35. uploadheaders = {
  36.         'Connection': 'keep-alive',
  37.         'Referer': 'https://example.com/wp-admin/upload.php',
  38.         'Sec-Fetch-Dest': 'empty',
  39.         'Sec-Fetch-Mode': 'cors',
  40.         'Sec-Fetch-Site': 'same-origin'
  41.         }
  42. dataupload = {
  43.         'name': 'test.txt',
  44.         'action': 'upload-attachement',
  45.         '_wpnonce': nonce,
  46.         'wpmf_folder': '0',
  47.         }
  49. r2 = session1.post(url2, data=dataupload, headers=uploadheaders, files=image)

展开查看全部
赞(0)分享  回复(0)举报  2024-01-06
yx2lnoni

yx2lnoni3#

在WordPress API v2上通过Python 3脚本测试了多种文件类型后,我们发布了一个要点。它上传到WordPress默认上传目录,当然您可以在其中修改其设置:

  1. WordPress Dashboard > Settings > Media

字符串
该脚本也以安全的方式处理令牌。
希望对你也有用:

  1. ### upload.py
  3. import os
  4. import base64
  5. import requests
  6. from credentials import get_wp_access
  8. def upload_file(relative_path, caption, destination):
  10.     # Get the absolute path to the directory containing this script
  11.     project_dir = os.path.dirname(os.path.abspath(__file__))
  13.     # Combine the project directory with the relative path to get the full system path
  14.     file_path = os.path.join(project_dir, relative_path)
  16.     api_url, username, password = get_wp_access(destination)
  18.     credentials = username + ':' + password
  19.     token = base64.b64encode(credentials.encode())
  20.     json_header = {'Authorization': 'Basic ' + token.decode('utf-8')}
  22.     media = {'file': open(file_path, "rb"), 'caption': caption}
  23.     response = requests.post(api_url + "media", headers=json_header, files=media)
  24.     print(response.text)
  26. # Example usage with a path relevant to the project directory
  27. upload_file('relational/path/to/file.pptx', 'Sample caption', 'site_1')


在另一个文件中:

  1. ### credentials.py
  3. destinations = {
  4.     "site_1": {
  5.         "api_url": "https://example-1.com/wp-json/wp/v2/",
  6.         "username": "wp_username",
  7.         "password": "XXXX XXXX XXXX XXXX XXXX XXXX"
  8.     },
  9.     "site_2": {
  10.         "api_url": "https://example-2.com/wp-json/wp/v2/",
  11.         "username": "wp_username",
  12.         "password": "XXXX XXXX XXXX XXXX XXXX XXXX"
  13.     },
  14.         "site_3": {
  15.         "api_url": "https://example-3.com/wp-json/wp/v2/",
  16.         "username": "wp_username",
  17.         "password": "XXXX XXXX XXXX XXXX XXXX XXXX"
  18.     },
  19.     "site_4": {
  20.         "api_url": "https://example-4.com/wp-json/wp/v2/",
  21.         "username": "wp_username",
  22.         "password": "XXXX XXXX XXXX XXXX XXXX XXXX"
  23.     },
  24.     "site_5": {
  25.         "api_url": "https://example-5.com/wp-json/wp/v2/",
  26.         "username": "wp_username",
  27.         "password": "XXXX XXXX XXXX XXXX XXXX XXXX"
  28.     },
  29.      # More websites if needed...
  30. }
  32. def get_wp_access(destination):
  33.     access_info = destinations.get(destination, {})
  34.     api_url = access_info.get("api_url", "")
  35.     username = access_info.get("username", "")
  36.     password = access_info.get("password", "")
  37.     return api_url, username, password


使用这个脚本,你可以有多个WordPress网站的字典,并更新他们都与一个单一的功能。如果你想有一个所有在一个模块,随时合并的脚本在一起。
The Gist on GitHub

展开查看全部
赞(0)分享  回复(0)举报  2024-01-06
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com