Skip to content
Browse files

MDL-36903 Pre-check the ZIP download before executing the mdeploy.php…

… utility

This patch makes Moodle call HTTP HEAD method via cURL to see if the ZIP
is expected to be downloadable by mdeploy.php. This is mainly intended
for SSL certificates check.
  • Loading branch information...
1 parent 4785c45 commit 30e26827560bd55e0bdad6b58c5c8445c06f9416 @mudrd8mz mudrd8mz committed Nov 30, 2012
Showing with 49 additions and 2 deletions.
  1. +7 −2 admin/renderer.php
  2. +4 −0 lang/en/plugin.php
  3. +38 −0 lib/pluginlib.php
View
9 admin/renderer.php
@@ -1211,8 +1211,13 @@ protected function plugin_available_update_info(available_update_info $updateinf
if (empty($impediments)) {
$widget = $deployer->make_confirm_widget($updateinfo);
$box .= $this->output->render($widget);
- } else if (isset($impediments['notwritable'])) {
- $box .= $this->output->help_icon('notwritable', 'core_plugin', get_string('notwritable', 'core_plugin'));
+ } else {
+ if (isset($impediments['notwritable'])) {
+ $box .= $this->output->help_icon('notwritable', 'core_plugin', get_string('notwritable', 'core_plugin'));
+ }
+ if (isset($impediments['notdownloadable'])) {
+ $box .= $this->output->help_icon('notdownloadable', 'core_plugin', get_string('notdownloadable', 'core_plugin'));
+ }
}
}
View
4 lang/en/plugin.php
@@ -43,10 +43,14 @@
$string['nonehighlightedinfo'] = 'Display the list of all installed plugins anyway';
$string['noneinstalled'] = 'No plugins of this type are installed';
$string['notes'] = 'Notes';
+$string['notdownloadable'] = 'Can not download the package';
+$string['notdownloadable_help'] = 'ZIP package with the update can not be downloaded automatically. Please refer to the documentation page for more help.';
+$string['notdownloadable_link'] = 'admin/mdeploy/notdownloadable';
$string['notwritable'] = 'Plugin files not writable';
$string['notwritable_help'] = 'You have enabled automatic updates deployment and there is available update for this plugin. However, the plugin files are not writable by the web server so the update can not be installed at the moment.
Make the plugin folder and all its contents writable to be able to install the available update automatically.';
+$string['notwritable_link'] = 'admin/mdeploy/notwritable';
$string['numtotal'] = 'Installed: {$a}';
$string['numdisabled'] = 'Disabled: {$a}';
$string['numextension'] = 'Contributions: {$a}';
View
38 lib/pluginlib.php
@@ -1589,6 +1589,10 @@ public function deployment_impediments(available_update_info $info) {
$impediments['missingdownloadmd5'] = true;
}
+ if (!empty($info->download) and !$this->update_downloadable($info->download)) {
+ $impediments['notdownloadable'] = true;
+ }
+
if (!$this->component_writable($info->component)) {
$impediments['notwritable'] = true;
}
@@ -1918,6 +1922,40 @@ protected function component_writable($component) {
}
/**
+ * Checks if the mdeploy.php will be able to fetch the ZIP from the given URL
+ *
+ * This is mainly supposed to check if the transmission over HTTPS would
+ * work. That is, if the CA certificates are present at the server.
+ *
+ * @param string $downloadurl the URL of the ZIP package to download
+ * @return bool
+ */
+ protected function update_downloadable($downloadurl) {
+ global $CFG;
+
+ $curloptions = array(
+ 'CURLOPT_SSL_VERIFYHOST' => 2, // this is the default in {@link curl} class but just in case
+ 'CURLOPT_SSL_VERIFYPEER' => true,
+ );
+
+ $cacertfile = $CFG->dataroot.'/moodleorgca.crt';
+ if (is_readable($cacertfile)) {
+ // Do not use CA certs provided by the operating system. Instead,
+ // use this CA cert to verify the updates provider.
+ $curloptions['CURLOPT_CAINFO'] = $cacertfile;
+ }
+
+ $curl = new curl(array('proxy' => true));
+ $result = $curl->head($downloadurl, $curloptions);
+ $errno = $curl->get_errno();
+ if (empty($errno)) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ /**
* Checks if the directory and all its contents (recursively) is writable
*
* @param string $path full path to a directory

0 comments on commit 30e2682

Please sign in to comment.
Something went wrong with that request. Please try again.