From a71af58535338f72061d5dbe31289ad132d0fa3a Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Thu, 18 Sep 2014 17:45:30 +0200
Subject: [PATCH] Prevent updates between multiple major versions

Ref https://github.com/owncloud/core/issues/11078
---
 lib/private/updater.php | 24 +++++++++++++++++++++++-
 tests/lib/updater.php   | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 tests/lib/updater.php

diff --git a/lib/private/updater.php b/lib/private/updater.php
index 1d52f9be37..a2aa8bf33e 100644
--- a/lib/private/updater.php
+++ b/lib/private/updater.php
@@ -145,6 +145,22 @@ class Updater extends BasicEmitter {
 		$this->emit('\OC\Updater', 'maintenanceEnd');
 	}
 
+	/**
+	 * Whether an upgrade to a specified version is possible
+	 * @param string $oldVersion
+	 * @param string $newVersion
+	 * @return bool
+	 */
+	public function isUpgradePossible($oldVersion, $newVersion) {
+		$oldVersion = explode('.', $oldVersion);
+		$newVersion = explode('.', $newVersion);
+
+		if($newVersion[0] > ($oldVersion[0] + 1) || $oldVersion[0] > $newVersion[0]) {
+			return false;
+		}
+		return true;
+	}
+
 	/**
 	 * runs the update actions in maintenance mode, does not upgrade the source files
 	 * except the main .htaccess file
@@ -152,9 +168,15 @@ class Updater extends BasicEmitter {
 	 * @param string $currentVersion current version to upgrade to
 	 * @param string $installedVersion previous version from which to upgrade from
 	 *
+	 * @throws \Exception
 	 * @return bool true if the operation succeeded, false otherwise
 	 */
 	private function doUpgrade($currentVersion, $installedVersion) {
+		// Stop update if the update is over several major versions
+		if (!self::isUpgradePossible($installedVersion, $currentVersion)) {
+			throw new \Exception('Updates between multiple major versions are unsupported.');
+		}
+
 		// Update htaccess files for apache hosts
 		if (isset($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
 			\OC_Setup::updateHtaccess();
@@ -235,7 +257,7 @@ class Updater extends BasicEmitter {
 	}
 
 	/**
-	 * @param string $version the oc version to check app compatibilty with
+	 * @param string $version the oc version to check app compatibility with
 	 */
 	protected function checkAppUpgrade($version) {
 		$apps = \OC_App::getEnabledApps();
diff --git a/tests/lib/updater.php b/tests/lib/updater.php
new file mode 100644
index 0000000000..4488744fa1
--- /dev/null
+++ b/tests/lib/updater.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC;
+
+class UpdaterTest extends \PHPUnit_Framework_TestCase {
+
+	public function testVersionCompatbility() {
+		return array(
+			array('1.0.0.0', '2.2.0', true),
+			array('1.1.1.1', '2.0.0', true),
+			array('5.0.3', '4.0.3', false),
+			array('12.0.3', '13.4.5', true),
+			array('1', '2', true),
+			array('2', '2', true),
+			array('6.0.5', '6.0.6', true),
+			array('5.0.6', '7.0.4', false)
+		);
+	}
+
+	/**
+	 * @dataProvider testVersionCompatbility
+	 */
+	function testIsUpgradePossible($oldVersion, $newVersion, $result) {
+		$updater = new Updater();
+		$this->assertSame($result, $updater->isUpgradePossible($oldVersion, $newVersion));
+	}
+
+}
\ No newline at end of file