function FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous
Same name in other branches
- 9 core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous()
- 8.9.x core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous()
- 11.x core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous()
Tests exploiting the temporary file removal for anonymous users using fid.
File
-
core/
modules/ file/ tests/ src/ Functional/ FileFieldWidgetTest.php, line 453
Class
- FileFieldWidgetTest
- Tests the file field widget with public and private files.
Namespace
Drupal\Tests\file\FunctionalCode
public function testTemporaryFileRemovalExploitAnonymous() : void {
// Set up an anonymous victim user.
$victim_user = User::getAnonymousUser();
// Set up an anonymous attacker user.
$attacker_user = User::getAnonymousUser();
// Set up permissions for anonymous attacker user.
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access content' => TRUE,
'create article content' => TRUE,
'edit any article content' => TRUE,
]);
// Log out so as to be the anonymous attacker user.
$this->drupalLogout();
// Perform tests using the newly set up anonymous users.
$this->doTestTemporaryFileRemovalExploit($victim_user, $attacker_user);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.