From 896f775f09702afa21c04fa11ec5af0c477c00cc Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sat, 18 Jan 2014 15:47:19 +0100
Subject: [PATCH] Prevent plugin pages access when upgrade pending

If a plugin's code has been upgraded, but the schema is still on the old
version, the plugin is effectively disabled (i.e. its entry points are
not displayed). However, it was still possible to access individual
pages directly, which could lead to errors.

This commit adds an extra check in plugin.php which triggers an error
when the plugin needs to be upgraded.

Fixes #16706
---
 core/constant_inc.php    | 1 +
 lang/strings_english.txt | 1 +
 plugin.php               | 5 +++++
 3 files changed, 7 insertions(+)

diff --git a/core/constant_inc.php b/core/constant_inc.php
index 3dfd8344d1..54f5a53474 100644
--- a/core/constant_inc.php
+++ b/core/constant_inc.php
@@ -378,6 +378,7 @@
 define( 'ERROR_PLUGIN_PAGE_NOT_FOUND', 2502 );
 define( 'ERROR_PLUGIN_UPGRADE_FAILED', 2503 );
 define( 'ERROR_PLUGIN_INSTALL_FAILED', 2504 );
+define( 'ERROR_PLUGIN_UPGRADE_NEEDED', 2505 );
 define( 'ERROR_PLUGIN_GENERIC', 2599 );
 
 # ERROR_COLUMNS_*
diff --git a/lang/strings_english.txt b/lang/strings_english.txt
index a5f63b244a..4efa577f7a 100644
--- a/lang/strings_english.txt
+++ b/lang/strings_english.txt
@@ -1668,6 +1668,7 @@ $MANTIS_ERROR[ERROR_PLUGIN_ALREADY_INSTALLED] = 'Plugin is already installed.';
 $MANTIS_ERROR[ERROR_PLUGIN_PAGE_NOT_FOUND] = 'Plugin page not found.';
 $MANTIS_ERROR[ERROR_PLUGIN_INSTALL_FAILED] = 'Plugin installation failed: %1$s.';
 $MANTIS_ERROR[ERROR_PLUGIN_UPGRADE_FAILED] = 'Upgrading the plugin schema failed in block #%1$s.';
+$MANTIS_ERROR[ERROR_PLUGIN_UPGRADE_NEEDED] = 'The "%1$s" plugin needs to be upgraded before you can access this page.';
 $MANTIS_ERROR[ERROR_PLUGIN_GENERIC] = 'There was an unknown error "%1$s" during execution of the "%2$s" plugin.';
 $MANTIS_ERROR[ERROR_COLUMNS_DUPLICATE] = 'Field "%1$s" contains duplicate column "%2$s".';
 $MANTIS_ERROR[ERROR_COLUMNS_INVALID] = 'Field "%1$s" contains invalid field "%2$s".';
diff --git a/plugin.php b/plugin.php
index a9acb723cc..0bca801262 100644
--- a/plugin.php
+++ b/plugin.php
@@ -57,6 +57,11 @@
 		trigger_error( ERROR_PLUGIN_PAGE_NOT_FOUND, ERROR );
 }
 
+if( plugin_needs_upgrade( $g_plugin_cache[$t_basename] ) ) {
+	error_parameters( $t_basename );
+	trigger_error( ERROR_PLUGIN_UPGRADE_NEEDED, ERROR );
+}
+
 plugin_push_current( $t_basename );
 include( $t_page );