function FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous

Same name and namespace in other branches
  1. 9 core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous()
  2. 8.9.x core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous()
  3. 10 core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous()

Tests exploiting the temporary file removal for anonymous users using fid.

File

core/modules/file/tests/src/Functional/FileFieldWidgetTest.php, line 453

Class

FileFieldWidgetTest
Tests the file field widget with public and private files.

Namespace

Drupal\Tests\file\Functional

Code

public function testTemporaryFileRemovalExploitAnonymous() : void {
    // Set up an anonymous victim user.
    $victim_user = User::getAnonymousUser();
    // Set up an anonymous attacker user.
    $attacker_user = User::getAnonymousUser();
    // Set up permissions for anonymous attacker user.
    user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
        'access content' => TRUE,
        'create article content' => TRUE,
        'edit any article content' => TRUE,
    ]);
    // Log out so as to be the anonymous attacker user.
    $this->drupalLogout();
    // Perform tests using the newly set up anonymous users.
    $this->doTestTemporaryFileRemovalExploit($victim_user, $attacker_user);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.