[wp-trac] [WordPress Trac] #57500: Plugin update results in mixing files of old and new versions

WordPress Trac noreply at wordpress.org
Mon Mar 27 22:34:25 UTC 2023 

#57500: Plugin update results in mixing files of old and new versions
-------------------------------------------------+-------------------------
 Reporter:  Chouby                               |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
                                                 |  Review
Component:  Upgrade/Install                      |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  needs-testing needs-testing-info     |     Focuses:
  reporter-feedback                              |
-------------------------------------------------+-------------------------

Comment (by barry.hughes):

 I'm a little unsure if this is ''precisely'' the same issue, but we've
 also noticed the potential for code from two different versions of the
 same plugin to be loaded in the space of the same request. Specifically,
 it seems this can happen when updating a plugin by manually uploading a
 zip of the latest version.

 To replicate:

 1. Via the **Plugins ‣ Add New ‣ Upload** screen, upload `foobar.1.0.zip`
 and activate.
 2. Then, using the same admin screen, upload `foobar.2.0.zip` ''("Replace
 current with uploaded").''
 3. Either directly on the screen (depending on your error display
 settings) or else via your error log, you should observe a fatal error as
 follows:

 {{{
 Fatal error: Uncaught Error: Class "Bar" not found
 in /.../wp-content/plugins/foobar/inc/foo.php on line 6
 }}}

 If you look at the code in those sample plugins you will see it is a
 pretty contrived example (the class loader is very simplistic), and a
 different autoloading strategy would solve the above error. Even so, it
 seems sub-optimal and potentially risky to mix code from two different
 versions in this way.

 Things I'm unsure about:

 - If this is essentially the same problem as Chouby reported, or
 different.
 - If it is best solved from WordPress, or if it is something individual
 plugins should mitigate.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/57500#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list