public function FileFieldWidgetTestCase::testTemporaryFileRemovalExploitAnonymous

Tests exploiting the temporary file removal for anonymous users using fid.

File

drupal/modules/file/tests/file.test, line 577: Tests for file.module.

Class

FileFieldWidgetTestCase: Tests file field widget.

Code

public function testTemporaryFileRemovalExploitAnonymous() {

  // Set up an anonymous victim user.
  $victim_uid = 0;

  // Set up an anonymous attacker user.
  $attacker_uid = 0;

  // Set up permissions for anonymous attacker user.
  user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array(
    'access content' => TRUE,
    'create page content' => TRUE,
    'edit any page content' => TRUE,
  ));

  // In order to simulate being the anonymous attacker user, we need to log
  // out here since setUp() has logged in the admin.
  $this
    ->drupalLogout();

  // Perform tests using the newly set up users.
  $this
    ->doTestTemporaryFileRemovalExploit($victim_uid, $attacker_uid);
}

Main menu

Search Drupal 7.x

API Navigation

public function FileFieldWidgetTestCase::testTemporaryFileRemovalExploitAnonymous

File

Class

Code

Main menu

You are here

Search Drupal 7.x

API Navigation

public function FileFieldWidgetTestCase::testTemporaryFileRemovalExploitAnonymous

File

Class

Code