Problem/Motivation
We've added protection to core for https://www.drupal.org/sa-core-2018-002 and https://www.drupal.org/sa-core-2018-004 but we omitted test coverage to not give hackers any hints of how to exploit the vulnerability. However both have now been publicly exploited therefore we should add the tests so that we don't break this important functionality.
Proposed resolution
Add tests
Remaining tasks
User interface changes
None
API changes
None
Data model changes
None