[wp-hackers] nasty issue with plugin upgrader

[Stephane Daury]

Hey there,

I just went through quite a nasty experience with the plugin upgrader,  
in WP 2.6.2 (same as in 2.6.3)...

Before you ask, yes, I did confirm it's not a plugin level issue, as  
the same upgrade operation worked fine with the same plugin on another  
WP install.

So here's what happened:
- saw a new version of a plugin being listed in /wp-admin/plugins.php
- clicked on "upgrade automatically"
- the plugin started upgrading, but seems to have lost communication  
with wordpress.org and *forgot* to download some files, namely, the  
main plugin file in the plugin dir.
- then, active_plugins got totally messed up: what was normally  
"plugin_name/plugin_name.php" got reset in active_plugins as  
"plugin_name/" only, which then led to a php include on page load.

To fix it, I had to manually update the value of the serialized  
active_plugins record in wp_options, by removing the bad path.

The safety mechanism that automatically disables plugins from  
active_plugins if the plugin was deleted in the filesystem failed  
because the directory was still there (we had downloaded a fresh copy,  
which showed up fine in the inactive plugin list).

Sorry for the convoluted explanation, but it's a weird context to  
explain.

Stephane