Fix downgrade prevention in PackageValidationArchive

This regressed in 5590bc1425b03e1f8d91610b7d3c52ccccb7d338, because
`PackageArchive::isValidUpdate()` checked not just the existence of the
instructions, but also the version numbers.

In practice this regression is only visible for wildcard update instructions,
because otherwise a valid instruction will simply not exist.

diff --git a/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php b/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php
index 88556b49ee65c64a263e8f972b111e2f0aebff31..12d87cc07de530f98f5eea7062013a9be2623ab6 100644 (file)
--- a/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php
+++ b/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php
@@ -233,23 +233,21 @@ final class PackageValidationArchive implements \RecursiveIterator
             }
         } else {
             // package is already installed, check update path
+            $deliveredPackageVersion = $this->archive->getPackageInfo('version');
+            if (Package::compareVersion($package->packageVersion, $deliveredPackageVersion, '>=')) {
+                throw new PackageValidationException(PackageValidationException::ALREADY_INSTALLED, [
+                    'packageName' => $package->packageName,
+                    'packageVersion' => $package->packageVersion,
+                ]);
+            }
+
             $instructions = $this->archive->getUpdateInstructionsFor($package->packageVersion);
             if ($instructions === null) {
-                $deliveredPackageVersion = $this->archive->getPackageInfo('version');
-
-                // check if the package is already installed with the same exact version
-                if ($package->packageVersion === $deliveredPackageVersion) {
-                    throw new PackageValidationException(PackageValidationException::ALREADY_INSTALLED, [
-                        'packageName' => $package->packageName,
-                        'packageVersion' => $package->packageVersion,
-                    ]);
-                } else {
-                    throw new PackageValidationException(PackageValidationException::NO_UPDATE_PATH, [
-                        'packageName' => $package->packageName,
-                        'packageVersion' => $package->packageVersion,
-                        'deliveredPackageVersion' => $deliveredPackageVersion,
-                    ]);
-                }
+                throw new PackageValidationException(PackageValidationException::NO_UPDATE_PATH, [
+                    'packageName' => $package->packageName,
+                    'packageVersion' => $package->packageVersion,
+                    'deliveredPackageVersion' => $deliveredPackageVersion,
+                ]);
             }
 
             if ($validationMode === PackageValidationManager::VALIDATION_RECURSIVE) {