function FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous
Tests exploiting the temporary file removal for anonymous users using fid.
File
-
core/
modules/ file/ tests/ src/ Functional/ FileFieldWidgetTest.php, line 451
Class
- FileFieldWidgetTest
- Tests the file field widget with public and private files.
Namespace
Drupal\Tests\file\FunctionalCode
public function testTemporaryFileRemovalExploitAnonymous() {
// Set up an anonymous victim user.
$victim_user = User::getAnonymousUser();
// Set up an anonymous attacker user.
$attacker_user = User::getAnonymousUser();
// Set up permissions for anonymous attacker user.
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access content' => TRUE,
'create article content' => TRUE,
'edit any article content' => TRUE,
]);
// Log out so as to be the anonymous attacker user.
$this->drupalLogout();
// Perform tests using the newly set up anonymous users.
$this->doTestTemporaryFileRemovalExploit($victim_user, $attacker_user);
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.