From 33a8f93bc08e5dbcce018352f58abaf156f23cde Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Tue, 15 Aug 2017 12:29:59 +0200
Subject: [PATCH] Added safe-guard against case-mismatches for package
 identifiers

---
 .../lib/system/package/PackageUpdateDispatcher.class.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/wcfsetup/install/files/lib/system/package/PackageUpdateDispatcher.class.php b/wcfsetup/install/files/lib/system/package/PackageUpdateDispatcher.class.php
index 83d6e03a18..7aadaa913b 100644
--- a/wcfsetup/install/files/lib/system/package/PackageUpdateDispatcher.class.php
+++ b/wcfsetup/install/files/lib/system/package/PackageUpdateDispatcher.class.php
@@ -622,6 +622,15 @@ class PackageUpdateDispatcher extends SingletonFactory {
 		$statement = WCF::getDB()->prepareStatement($sql);
 		$statement->execute($conditions->getParameters());
 		while ($row = $statement->fetchArray()) {
+			if (!isset($existingPackages[$row['package']])) {
+				if (ENABLE_DEBUG_MODE && ENABLE_DEVELOPER_TOOLS) {
+					throw new SystemException("Invalid package update data, identifier '" . $row['package'] . "' does not match any installed package (case-mismatch).");
+				}
+				
+				// case-mismatch, skip the update
+				continue;
+			}
+			
 			// test version
 			foreach ($existingPackages[$row['package']] as $existingVersion) {
 				if (Package::compareVersion($existingVersion['packageVersion'], $row['packageVersion'], '<')) {
-- 
2.20.1