1 file.test | public FileFieldWidgetTestCase::testTemporaryFileRemovalExploitAnonymous() |
Tests exploiting the temporary file removal for anonymous users using fid.
File
- core/
modules/ file/ tests/ file.test, line 840 - Tests for file.module.
Class
- FileFieldWidgetTestCase
- Tests file field widget.
Code
public function testTemporaryFileRemovalExploitAnonymous() {
// Set up an anonymous victim user.
$victim_uid = 0;
// Set up an anonymous attacker user.
$attacker_uid = 0;
// Set up permissions for anonymous attacker user.
user_role_change_permissions(BACKDROP_ANONYMOUS_ROLE, array(
'access content' => TRUE,
'create page content' => TRUE,
'edit any page content' => TRUE,
));
// In order to simulate being the anonymous attacker user, we need to log
// out here since setUp() has logged in the admin.
$this->backdropLogout();
// Perform tests using the newly set up users.
$this->doTestTemporaryFileRemovalExploit($victim_uid, $attacker_uid);
}