public function FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous in Drupal 9
Same name and namespace in other branches
- 8 core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous()
Tests exploiting the temporary file removal for anonymous users using fid.
File
- core/
modules/ file/ tests/ src/ Functional/ FileFieldWidgetTest.php, line 453
Class
- FileFieldWidgetTest
- Tests the file field widget with public and private files.
Namespace
Drupal\Tests\file\FunctionalCode
public function testTemporaryFileRemovalExploitAnonymous() {
// Set up an anonymous victim user.
$victim_user = User::getAnonymousUser();
// Set up an anonymous attacker user.
$attacker_user = User::getAnonymousUser();
// Set up permissions for anonymous attacker user.
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access content' => TRUE,
'create article content' => TRUE,
'edit any article content' => TRUE,
]);
// Log out so as to be the anonymous attacker user.
$this
->drupalLogout();
// Perform tests using the newly set up anonymous users.
$this
->doTestTemporaryFileRemovalExploit($victim_user, $attacker_user);
}