MDL-66917 admin: validate uploaded plugin version.
authorPaul Holden <paulh@moodle.com>
Tue, 18 Feb 2020 23:28:42 +0000 (23:28 +0000)
committerPaul Holden <paulh@moodle.com>
Tue, 21 Apr 2020 13:35:59 +0000 (14:35 +0100)
Prevent overwriting current plugins with older versions of themselves.

lang/en/plugin.php
lib/classes/update/validator.php

index e9d2fc7..14e3f57 100644 (file)
@@ -232,6 +232,7 @@ $string['validationmsg_onedir'] = 'Invalid structure of the ZIP package.';
 $string['validationmsg_onedir_help'] = 'The ZIP package must contain just one root directory that holds the plugin code. The name of that root directory must match the name of the plugin.';
 $string['validationmsg_pathwritable'] = 'Write access check';
 $string['validationmsg_pluginversion'] = 'Plugin version';
+$string['validationmsg_pluginversiontoolow'] = 'A higher version of this plugin is already installed';
 $string['validationmsg_release'] = 'Plugin release';
 $string['validationmsg_requiresmoodle'] = 'Required Moodle version';
 $string['validationmsg_rootdir'] = 'Name of the plugin to be installed';
index 7d0f997..b57cdf7 100644 (file)
@@ -394,6 +394,13 @@ class validator {
         }
         $this->add_message(self::INFO, 'componentmatch', $this->versionphp['component']);
 
+        // Ensure the version we are uploading is higher than the version currently installed.
+        $plugininfo = $this->get_plugin_manager()->get_plugin_info($this->versionphp['component']);
+        if (!is_null($plugininfo) && $this->versionphp['version'] < $plugininfo->versiondb) {
+            $this->add_message(self::ERROR, 'pluginversiontoolow', $plugininfo->versiondb);
+            return false;
+        }
+
         if (isset($info['plugin->maturity'])) {
             $this->versionphp['maturity'] = $info['plugin->maturity'];
             if ($this->versionphp['maturity'] === 'MATURITY_STABLE') {