$this->
drupalLogin($attacker_user);
// Perform tests using the newly created users.
$this->
doTestTemporaryFileRemovalExploit($victim_user,
$attacker_user);
} /**
* Tests exploiting the temporary file removal for anonymous users using fid.
*/
public function testTemporaryFileRemovalExploitAnonymous() { // Set up an anonymous victim user.
$victim_user = User::
getAnonymousUser();
// Set up an anonymous attacker user.
$attacker_user = User::
getAnonymousUser();
// Set up permissions for anonymous attacker user.
user_role_change_permissions(RoleInterface::ANONYMOUS_ID,
[ 'access content' => TRUE,
'create article content' => TRUE,
'edit any article content' => TRUE,
]);