function FileFieldWidgetTestCase::testTemporaryFileRemovalExploit

Tests exploiting the temporary file removal of another user using fid.

File

modules/file/tests/file.test, line 612

Class

FileFieldWidgetTestCase
Tests file field widget.

Code

function testTemporaryFileRemovalExploit() {
  // Create a victim user.
  $victim_user = $this->drupalCreateUser();
  // Create an attacker user.
  $attacker_user = $this->drupalCreateUser(array(
    'access content',
    'create page content',
    'edit any page content',
  ));
  // Log in as the attacker user.
  $this->drupalLogin($attacker_user);
  // Perform tests using the newly created users.
  $this->doTestTemporaryFileRemovalExploit($victim_user->uid, $attacker_user->uid);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.