function FileFieldWidgetTestCase::testTemporaryFileRemovalExploitAnonymous

Tests exploiting the temporary file removal for anonymous users using fid.

File

modules/file/tests/file.test, line 633

Class

FileFieldWidgetTestCase: Tests file field widget.

Code

public function testTemporaryFileRemovalExploitAnonymous() {
    // Set up an anonymous victim user.
    $victim_uid = 0;
    // Set up an anonymous attacker user.
    $attacker_uid = 0;
    // Set up permissions for anonymous attacker user.
    user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array(
        'access content' => TRUE,
        'create page content' => TRUE,
        'edit any page content' => TRUE,
    ));
    // In order to simulate being the anonymous attacker user, we need to log
    // out here since setUp() has logged in the admin.
    $this->drupalLogout();
    // Perform tests using the newly set up users.
    $this->doTestTemporaryFileRemovalExploit($victim_uid, $attacker_uid);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

function FileFieldWidgetTestCase::testTemporaryFileRemovalExploitAnonymous

File

Class

Code

Search drupal 7.x

API Navigation

Breadcrumb

function FileFieldWidgetTestCase::testTemporaryFileRemovalExploitAnonymous

File

Class

Code

Search drupal 7.x

API Navigation