Better performance, more reliable, completely self contained,
more validation and full backwards compatibility.
This will also allow us to implement ignoring of plugins.
The native rename() function does not support moving folders
cross-device. See https://bugs.php.net/bug.php?id=54097 for details. So
instead of trying to move the whole tree, the new installer's method
moves files recursively one by one.
This is consistent with what mdeploy.php already does.
Previously, the testable validator's get_plugintype_location() used to
return path to a directory that itself did not need to be writable. This
was causing false failures. This patch reimplements the testable
validator's get_plugintype_location() method so that it returns a path
inside $CFG->tempdir which is always writable.
Also, to make all test methods consistent, all of them now use the
testable_tool_installaddon_validator class. Before this patch, some test
methods used the testable class and some used the parent class.
There is a new hook in the index.php file. If valid HTTP parameter
installaddonrequest is detected, the installer asks the administrator to
confirm the request.
If confirmed, the installer calls download.moodle.org/api/1.2/pluginfo.php
service to get information about the given plugin version. The essential
data are the URL of the ZIP to download and the MD5 hash of the ZIP.
These data must be fetched via HTTPS to protect against MiM attack.
If the ZIP is downloaded and the MD5 content hash is correct, the user
is redirected to the previously implemented ZIP validation page, as if
the ZIP was uploaded manually.
The valid format of the installaddonrequest is documented via the
test_decode_remote_request() unit test method.
The validator code contains (modified) fragments of the
local_plugins_archive_validator class copyrighted by Marina Glancy that
is part of the local_plugins plugin. It operates over an extracted
copy of the ZIP file.