createTemporaryFile example


  protected function doTestTemporaryFileRemovalExploit(UserInterface $victim_user, UserInterface $attacker_user) {
    $type_name = 'article';
    $field_name = 'test_file_field';
    $this->createFileField($field_name, 'node', $type_name);

    $test_file = $this->getTestFile('text');
    $type = 'no-js';
    // Create a temporary file owned by the victim user. This will be as if     // they had uploaded the file, but not saved the node they were editing     // or creating.     $victim_tmp_file = $this->createTemporaryFile('some text', $victim_user);
    $victim_tmp_file = File::load($victim_tmp_file->id());
    $this->assertTrue($victim_tmp_file->isTemporary(), 'New file saved to disk is temporary.');
    $this->assertNotEmpty($victim_tmp_file->id(), 'New file has an fid.');
    $this->assertEquals($victim_user->id()$victim_tmp_file->getOwnerId(), 'New file belongs to the victim.');

    // Have attacker create a new node with a different uploaded file and     // ensure it got uploaded successfully.     $edit = [
      'title[0][value]' => $type . '-title',
    ];

    
Home | Imprint | This part of the site doesn't use cookies.