post-file does not work with post-data
Dear Wget I am trying to use wget with a site that uploads a file and copies it to the specified subdirectory but the file is not included in the post. The command used is as follows: wget --post-data=directory=images --post-file=image1.jpg --http-user=admin --http-password=password http://example.atltelecom.com The upload works ok when performed from a form in a browser so it appears to be a wget problem Best Regards Nick Nick Lewis Technical Sales Engineer atl telecom Lakeside, Fountain Lane, St Mellons Cardiff, CF3 0FB, UK DDI: +44 (0)29 2050 0718 Mob: +44 (0)7973 634707 Office: +44 (0)29 2050 0700 Fax: +44 (0)29 2050 0701 http://www.atltelecom.com/ www.atltelecom.com _ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre. _ Disclaimer of Liability ATL Telecom Ltd shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyones use of the information. In no event shall ATL Telecom Ltd be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement or substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this system, even if advised of the possibility of such damage. Registered Office: ATL Telecom Ltd, Fountain Lane, St. Mellons Cardiff, CF3 0FB Registered in Wales Number 4335781 All goods and services supplied by ATL Telecom Ltd are supplied subject to ATL Telecom Ltd standard terms and conditions, available upon request.
Re: post-file does not work with post-data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nick Lewis wrote: Dear Wget I am trying to use wget with a site that uploads a file and copies it to the specified subdirectory but the file is not included in the post. The command used is as follows: wget --post-data=directory=images --post-file=image1.jpg --http-user=admin --http-password=password http://example.atltelecom.com The upload works ok when performed from a form in a browser so it appears to be a wget problem Actually, --post-file and --post-data are not intended to be used together; they both provide exactly the same functionality, which is to specify what the POST request's body content should be--in its entirety. Also, --post-file isn't intended to be used in the manner you are using it; it is meant to specify a file whose contents are in the form key=valuekey2=value2 This could have been made clearer in the documentation. If --post-file did work the way you are trying to use it, you'd still need some way to specify what the name of the file upload control was (as it appears in the HTML form). Of the two Content-Types available (application/x-www-form-urlencoded and multipart/form-data), wget currently supports only application/x-www-form-urlencoded. For submitting actual files as form content, multipart/form-data is a much more natural mechanism. You could probably still do it with application/x-www-form-urlencoded, but it would require you to translate the file contents yourself into a percent-encoded form, and place the contents as directory=imagesfile=url-encoded-file-contents. Obviously, while this is something wget does not currently do, it is something wget ought to do. I'll look into how we might implement this in a future version. - -- Micah J. Cowan Programmer, musician, typesetting enthusiast, gamer... http://micah.cowan.name/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFGhNCe7M8hyUobTrERCF9iAJ9w+CK/k/CKOqIbEfNSuijL+leMugCY5gnV G3pT2qz6r6qWuBGKvZ9J9A== =dKVf -END PGP SIGNATURE-
Re: post-file does not work with post-data
On Fri, 29 Jun 2007, Micah Cowan wrote: For submitting actual files as form content, multipart/form-data is a much more natural mechanism. [...] Obviously, while this is something wget does not currently do, it is something wget ought to do. I'll look into how we might implement this in a future version. Allow me to mention that (lib)curl supports this and this could serve as inspiration for a future wget implementation.
how to feed password to wget securely?
http://www.mail-archive.com/wget@sunsite.dk/msg06979.html Did this patch make it into the soon-to-be-released version (1.10.3?)? I need to wget a webpage that wants authentication, and I don't want to have to put it on disk or have it show up in 'ps'. -- Matthew ESIG: .sig file not available
Re: how to feed password to wget securely?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Matthew Woehlke wrote: http://www.mail-archive.com/wget@sunsite.dk/msg06979.html Did this patch make it into the soon-to-be-released version (1.10.3?)? I need to wget a webpage that wants authentication, and I don't want to have to put it on disk or have it show up in 'ps'. I can't find the message (with accompanying patch) that is referred to by the message in that link. However, Mauro's response seemed to indicate that he didn't like that particular method for telling wget to prompt for password. At any rate, I don't believe the upcoming 1.11 release is going to include a secure password prompt. I'm somewhat surprised that there hasn't been one in all these years. Adding such a feature will be one of my top priorities for the following release. However, I won't hold the next release for such a change, as we're just too close. I'm already going to be delaying the release a bit for a couple of (higher-priority) security fixes that I simply would not be comfortable releasing without--for instance, if you are uncomfortable with the idea of putting your password on disk or in the process table, how comfortable are you with the idea that in every version of wget up until now, it sends that password in the clear, regardless of whether or not the remote server is using cleartext password authentication (only applies to http, not https, situations)? - -- Micah J. Cowan Programmer, musician, typesetting enthusiast, gamer... http://micah.cowan.name/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhZQp7M8hyUobTrERCI97AJ4ruUhPYF4saTpclhONY+Du1jwMOQCgipy/ iBxtl5vJJoiEhacDjIDCpqg= =iAQ3 -END PGP SIGNATURE-
Re: how to feed password to wget securely?
Micah Cowan wrote: Matthew Woehlke wrote: http://www.mail-archive.com/wget@sunsite.dk/msg06979.html Did this patch make it into the soon-to-be-released version (1.10.3?)? I need to wget a webpage that wants authentication, and I don't want to have to put it on disk or have it show up in 'ps'. I can't find the message (with accompanying patch) that is referred to by the message in that link. However, Mauro's response seemed to indicate that he didn't like that particular method for telling wget to prompt for password. I'd agree with Mauro that the option should be --prompt-passwd or some such. Ah, I see now, the first patch must have been something else. At any rate, I don't believe the upcoming 1.11 release is going to include a secure password prompt. I'm somewhat surprised that there hasn't been one in all these years. Adding such a feature will be one of my top priorities for the following release. Ok, thanks. I'll try to watch CVS (may even send you a patch), I want/need it rather urgently (for a script that talks to a website that didn't need authentication last time I used said script). However, I won't hold the next release for such a change, as we're just too close. Understood. :-) Thanks for the quick reply! I'm already going to be delaying the release a bit for a couple of (higher-priority) security fixes that I simply would not be comfortable releasing without--for instance, if you are uncomfortable with the idea of putting your password on disk or in the process table, how comfortable are you with the idea that in every version of wget up until now, it sends that password in the clear, regardless of whether or not the remote server is using cleartext password authentication (only applies to http, not https, situations)? Yes, I saw that thread. Alas, I often have to connect via telnet to boxes that want the same password, so in that sense I'm rather already screwed. -- Matthew ESIG: .sig file not available
