function FileFieldWidgetTestCase::testTemporaryFileRemovalExploit
Tests exploiting the temporary file removal of another user using fid.
File
-
modules/
file/ tests/ file.test, line 612
Class
- FileFieldWidgetTestCase
- Tests file field widget.
Code
function testTemporaryFileRemovalExploit() {
// Create a victim user.
$victim_user = $this->drupalCreateUser();
// Create an attacker user.
$attacker_user = $this->drupalCreateUser(array(
'access content',
'create page content',
'edit any page content',
));
// Log in as the attacker user.
$this->drupalLogin($attacker_user);
// Perform tests using the newly created users.
$this->doTestTemporaryFileRemovalExploit($victim_user->uid, $attacker_user->uid);
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.