You are here

public function FileFieldWidgetTest::testTemporaryFileRemovalExploit in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testTemporaryFileRemovalExploit()
  2. 10 core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testTemporaryFileRemovalExploit()

Tests exploiting the temporary file removal of another user using fid.

File

core/modules/file/tests/src/Functional/FileFieldWidgetTest.php, line 431

Class

FileFieldWidgetTest
Tests the file field widget with public and private files.

Namespace

Drupal\Tests\file\Functional

Code

public function testTemporaryFileRemovalExploit() {

  // Create a victim user.
  $victim_user = $this
    ->drupalCreateUser();

  // Create an attacker user.
  $attacker_user = $this
    ->drupalCreateUser([
    'access content',
    'create article content',
    'edit any article content',
  ]);

  // Log in as the attacker user.
  $this
    ->drupalLogin($attacker_user);

  // Perform tests using the newly created users.
  $this
    ->doTestTemporaryFileRemovalExploit($victim_user, $attacker_user);
}