You are here

Home » API reference » Drupal 7 » file.test » FileFieldWidgetTestCase

function FileFieldWidgetTestCase::testTemporaryFileRemovalExploit in Drupal 7

Tests exploiting the temporary file removal of another user using fid.

File

modules/file/tests/file.test, line 556
Tests for file.module.

Class

FileFieldWidgetTestCase
Tests file field widget.

Code

function testTemporaryFileRemovalExploit() {

  // Create a victim user.
  $victim_user = $this
    ->drupalCreateUser();

  // Create an attacker user.
  $attacker_user = $this
    ->drupalCreateUser(array(
    'access content',
    'create page content',
    'edit any page content',
  ));

  // Log in as the attacker user.
  $this
    ->drupalLogin($attacker_user);

  // Perform tests using the newly created users.
  $this
    ->doTestTemporaryFileRemovalExploit($victim_user->uid, $attacker_user->uid);
}