You are here

public function FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testTemporaryFileRemovalExploitAnonymous()

Tests exploiting the temporary file removal for anonymous users using fid.

File

core/modules/file/tests/src/Functional/FileFieldWidgetTest.php, line 453

Class

FileFieldWidgetTest
Tests the file field widget with public and private files.

Namespace

Drupal\Tests\file\Functional

Code

public function testTemporaryFileRemovalExploitAnonymous() {

  // Set up an anonymous victim user.
  $victim_user = User::getAnonymousUser();

  // Set up an anonymous attacker user.
  $attacker_user = User::getAnonymousUser();

  // Set up permissions for anonymous attacker user.
  user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
    'access content' => TRUE,
    'create article content' => TRUE,
    'edit any article content' => TRUE,
  ]);

  // Log out so as to be the anonymous attacker user.
  $this
    ->drupalLogout();

  // Perform tests using the newly set up anonymous users.
  $this
    ->doTestTemporaryFileRemovalExploit($victim_user, $attacker_user);
}