protected function doTestTemporaryFileRemovalExploit(UserInterface
$victim_user, UserInterface
$attacker_user) { $type_name = 'article';
$field_name = 'test_file_field';
$this->
createFileField($field_name, 'node',
$type_name);
$test_file =
$this->
getTestFile('text'
);
$type = 'no-js';
// Create a temporary file owned by the victim user. This will be as if
// they had uploaded the file, but not saved the node they were editing
// or creating.
$victim_tmp_file =
$this->
createTemporaryFile('some text',
$victim_user);
$victim_tmp_file = File::
load($victim_tmp_file->
id());
$this->
assertTrue($victim_tmp_file->
isTemporary(), 'New file saved to disk is temporary.'
);
$this->
assertNotEmpty($victim_tmp_file->
id(), 'New file has an fid.'
);
$this->
assertEquals($victim_user->
id(),
$victim_tmp_file->
getOwnerId(), 'New file belongs to the victim.'
);
// Have attacker create a new node with a different uploaded file and
// ensure it got uploaded successfully.
$edit =
[ 'title[0][value]' =>
$type . '-title',
];