[development] Curl-based content generation
Dmitri Gaskin
dmitrig01 at gmail.com
Fri Feb 6 02:46:33 UTC 2009
You can look at the name attributes of the input elements in the
source page.
The thing you won't get is the form token: the form token is a
mechanism designed to prevent exactly what you're trying to do.
Form token is an input field that is generated with the rest of the
form and stored server side. If you send a valid token back to the
server, it process your request. otherwise it doesn't because it
thinks you're a spammer.
Dmitri
On Feb 5, 2009, at 4:46 AM, Martin Stadler wrote:
> Hi!
>
> I'm working on a small curl-based script to add content to a
> drupal-6 site. Logging-in (getting cookie etc) works fine but when I
> try to add content I get a validation error. I guess it's about
> security. Is it at all possible to do what I'm trying? Is there
> documention how these form tokens actually work and what is
> required? I couldn't find that in the formAPI docs.
>
> Here's the code:
>
>
> # login
> curl http://localhost/USA08/user \
> -F 'name=Martin' \
> -F 'pass=pass' \
> -F 'form_id=user_login' \
> -F 'op=Log in' \
> --output /Users/martin/response.html \
> -s \
> -c /tmp/curl-cookies.txt \
> -b /tmp/curl-cookies.txt
>
> # -> works: response.html says I'm logged-in
>
> # add page
> curl http://localhost/USA08/node/add/page \
> -F 'title=xyz' \
> -F 'teaser_include=1' \
> -F 'body=abc' \
> -F 'format=1' \
> -F 'changed=' \
> -F 'form_id=page_node_form' \
> -F 'log=' \
> -F 'comment=0' \
> -F 'name=Martin' \
> -F 'date=' \
> -F 'status=1' \
> -F 'op=Save' \
> --output /Users/martin/response2.html \
> -s \
> -c /tmp/curl-cookies.txt \
> -b /tmp/curl-cookies.txt
>
> # -> does not work: response2.html says 'Validation error, please
> try again. If this error persists, please contact the site
> administrator.'
>
> Regards,
> Martin
>
More information about the development
mailing list