Python上传文件到WordPress

jdg4fx2g  于 9个月前  发布在  WordPress
关注(0)|答案(3)|浏览(124)

我试图上传文件到一个WordPress网站使用Python.到目前为止,它看起来像我不能使用API与会话cookie没有扩展.所以在这一点上,我试图按照沿着以下职位
使用请求登录WordPress- Python3
Uploading of image to WordPress through Python's requests
这就是我目前所知道的。

#!/usr/bin/python3
import sys, requests

f = 'test.txt'

user='username'
password='password'
url1='https://example.com/wp-login.php'
url2='https://example.com/wp-admin/media-new.php'

headerauth= {'Cookie':'wordpress_test_cookie=WP Cookie check'}
dataauth = {'log':user, 'pwd':password, 'wp-submit':'Log In'}
dataupload = {'post_id': '0', '_wp_http_referer': '/wp-admin/media-new.php', 'action': 'upload_attachement', 'html-upload': 'Upload'}
image = {'async-upload':('test.txt', open(f, "rb"))}

session1=requests.session()
r1 = session1.post(url1, headers=headerauth, data=dataauth)
print(r1)
r2 = session1.get(url2)
print(r2)
r3 = session1.post(url2, data=dataupload, files=image)
print(r3)

字符串
当运行这个程序时,我得到了以下响应,显然最后一个是有趣的。

./upload.py
<Response [200]>
<Response [200]>
<Response [403]>


我也试过在手动上传文件后从Chrome中提取数据字段,直接发布到UBC-upload.php,结果类似。
更新:我收到的回复页面有以下标题。

<title>Something went wrong.</title>
...
<body id="error-page">
    <div class="wp-die-message">The link you followed has expired.</div> 
</body>


我还添加了nonce值后,挖掘了周围的网页源代码。

<input type="hidden" id="_wpnonce" name="_wpnonce" value="74bdb561c5">


这是我加的。

r2 = session1.get(url2)
test = re.search('value="[0-9a-z]{10}"', r2.text)
nonce = re.search('[0-9a-z]{10}', test.group(0))
nonce = nonce.group(0)
dataupload = {'post_id':'0', '_wp_http_referer':'/wp-admin/media-new.php', '_wpnonce':nonce, 'action':'upload_attachement', 'html-upload':'Upload'}


仍然没有运气。我还注意到,与我的基于浏览器的会话相比,缺少cookie。我将假设我实际上没有进行身份验证。

wordpress

3条答案

按热度按时间
kzipqqlq

kzipqqlq1#

您可能需要在请求中添加更多标头。
标题可以在Network > Headers > Request Headers of the Developer Tools.中找到(按F12切换它。)

赞(0)分享  回复(0)举报  9个月前
wlsrxk51

wlsrxk512#

使用了错误的随机数。要提取正确的随机数,请使用以下命令并发布到Media-upload.php。关键是从media-new.php页面提取form _wpnonce。
如果你不从表单参数中提取,那么你最终可能会得到一打其他随机数中的一个。

test = re.search('"multipart_params":.*_wpnonce":"[0-9a-z]+"', r1.text)
nonce = re.search('(?<=_wpnonce":")[0-9a-z]{10}', test.group(0))
nonce = nonce.group(0)

字符串
完整的代码是

#!/usr/bin/python3
import sys, requests, re

f = 'test.txt'

user='user'
password='password'
url1='https://example.com/wp-login.php'
redirecturl='https://example.com/wp-admin/media-new.php'
url2='https://example.com/wp-admin/async-upload.php'

headerauth= {
        'Cookie':'wordpress_test_cookie=WP Cookie check; ROUTEID=.1',
        'Host':'example.com',
        'Content-Type': 'application/x-www-form-urlencoded'
        }
dataauth = {
        'log':user,
        'pwd':password,
        'wp-submit':'Log In',
        'redirect_to': redirecturl,
        'testcookie': 1
        }
image = {'async-upload':('test.txt', open(f, "rb"))}
testimage = open(f, "rb")

session1=requests.session()
session1.get(url1)
r1 = session1.post(url1, headers=headerauth, data=dataauth)

test = re.search('"multipart_params":.*_wpnonce":"[0-9a-z]+"', r1.text)
nonce = re.search('(?<=_wpnonce":")[0-9a-z]{10}', test.group(0))
nonce = nonce.group(0)

uploadheaders = {
        'Connection': 'keep-alive',
        'Referer': 'https://example.com/wp-admin/upload.php',
        'Sec-Fetch-Dest': 'empty',
        'Sec-Fetch-Mode': 'cors',
        'Sec-Fetch-Site': 'same-origin'
        }
dataupload = {
        'name': 'test.txt',
        'action': 'upload-attachement',
        '_wpnonce': nonce,
        'wpmf_folder': '0',
        }

r2 = session1.post(url2, data=dataupload, headers=uploadheaders, files=image)

赞(0)分享  回复(0)举报  9个月前
yx2lnoni

yx2lnoni3#

在WordPress API v2上通过Python 3脚本测试了多种文件类型后,我们发布了一个要点。它上传到WordPress默认上传目录,当然您可以在其中修改其设置:

WordPress Dashboard > Settings > Media

字符串
该脚本也以安全的方式处理令牌。
希望对你也有用:

### upload.py

import os
import base64
import requests
from credentials import get_wp_access

def upload_file(relative_path, caption, destination):

    # Get the absolute path to the directory containing this script
    project_dir = os.path.dirname(os.path.abspath(__file__))

    # Combine the project directory with the relative path to get the full system path
    file_path = os.path.join(project_dir, relative_path)

    api_url, username, password = get_wp_access(destination)

    credentials = username + ':' + password
    token = base64.b64encode(credentials.encode())
    json_header = {'Authorization': 'Basic ' + token.decode('utf-8')}

    media = {'file': open(file_path, "rb"), 'caption': caption}
    response = requests.post(api_url + "media", headers=json_header, files=media)
    print(response.text)

# Example usage with a path relevant to the project directory
upload_file('relational/path/to/file.pptx', 'Sample caption', 'site_1')


在另一个文件中:

### credentials.py

destinations = {
    "site_1": {
        "api_url": "https://example-1.com/wp-json/wp/v2/",
        "username": "wp_username",
        "password": "XXXX XXXX XXXX XXXX XXXX XXXX"
    },
    "site_2": {
        "api_url": "https://example-2.com/wp-json/wp/v2/",
        "username": "wp_username",
        "password": "XXXX XXXX XXXX XXXX XXXX XXXX"
    },
        "site_3": {
        "api_url": "https://example-3.com/wp-json/wp/v2/",
        "username": "wp_username",
        "password": "XXXX XXXX XXXX XXXX XXXX XXXX"
    },
    "site_4": {
        "api_url": "https://example-4.com/wp-json/wp/v2/",
        "username": "wp_username",
        "password": "XXXX XXXX XXXX XXXX XXXX XXXX"
    },
    "site_5": {
        "api_url": "https://example-5.com/wp-json/wp/v2/",
        "username": "wp_username",
        "password": "XXXX XXXX XXXX XXXX XXXX XXXX"
    },
     # More websites if needed...
}

def get_wp_access(destination):
    access_info = destinations.get(destination, {})
    api_url = access_info.get("api_url", "")
    username = access_info.get("username", "")
    password = access_info.get("password", "")
    return api_url, username, password


使用这个脚本,你可以有多个WordPress网站的字典,并更新他们都与一个单一的功能。如果你想有一个所有在一个模块,随时合并的脚本在一起。
The Gist on GitHub

赞(0)分享  回复(0)举报  9个月前
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com