MDL-66917 admin: validate uploaded plugin version.

Prevent overwriting current plugins with older versions of themselves.
moodle · Apr 21, 2020 · 536c771 · 536c771
1 parent 5466990
commit 536c771
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/lang/en/plugin.php b/lang/en/plugin.php
@@ -225,6 +225,7 @@
 $string['validationmsg_onedir_help'] = 'The ZIP package must contain just one root directory that holds the plugin code. The name of that root directory must match the name of the plugin.';
 $string['validationmsg_pathwritable'] = 'Write access check';
 $string['validationmsg_pluginversion'] = 'Plugin version';
+$string['validationmsg_pluginversiontoolow'] = 'A higher version of this plugin is already installed';
 $string['validationmsg_release'] = 'Plugin release';
 $string['validationmsg_requiresmoodle'] = 'Required Moodle version';
 $string['validationmsg_rootdir'] = 'Name of the plugin to be installed';

diff --git a/lib/classes/update/validator.php b/lib/classes/update/validator.php
@@ -394,6 +394,13 @@ protected function validate_version_php() {
         }
         $this->add_message(self::INFO, 'componentmatch', $this->versionphp['component']);
 
+        // Ensure the version we are uploading is higher than the version currently installed.
+        $plugininfo = $this->get_plugin_manager()->get_plugin_info($this->versionphp['component']);
+        if (!is_null($plugininfo) && $this->versionphp['version'] < $plugininfo->versiondb) {
+            $this->add_message(self::ERROR, 'pluginversiontoolow', $plugininfo->versiondb);
+            return false;
+        }
+
         if (isset($info['plugin->maturity'])) {
             $this->versionphp['maturity'] = $info['plugin->maturity'];
             if ($this->versionphp['maturity'] === 'MATURITY_STABLE') {