add core updater with file access check (#18594)

* add core updater with file access check

add core updater with file access check

* update screen shot

update screen shot

* Update en.json

update to multiple support

* Update plugins/CoreUpdater/Updater.php

Co-authored-by: Justin Velluppillai <justin@innocraft.com>

* Update plugins/CoreUpdater/Updater.php

Co-authored-by: Justin Velluppillai <justin@innocraft.com>

* Update en.json

* Update en.json

update wording

* Adds update test

* fix branch before merge

Co-authored-by: Justin Velluppillai <justin@innocraft.com>
Co-authored-by: sgiehl <stefan@matomo.org>

2 files changed, 37 insertions, 3 deletions

diff --git a/plugins/CoreUpdater/Updater.php b/plugins/CoreUpdater/Updater.php
index 64593a2907..42a965e1d0 100644
--- a/plugins/CoreUpdater/Updater.php
+++ b/plugins/CoreUpdater/Updater.php
@@ -186,7 +186,7 @@ class Updater
         if (!isset($newVersion)) {
             $newVersion = Version::VERSION;
         }
-        
+
         // we also need to make sure to create a new instance here as otherwise we would change the "global"
         // environment, but we only want to change piwik version temporarily for this task here
         $environment = StaticContainer::getContainer()->make('Piwik\Plugins\Marketplace\Environment');
@@ -300,7 +300,7 @@ class Updater
         foreach ($plugins as $plugin) {
             $plugin->reloadPluginInformation();
         }
-        
+
         $incompatiblePlugins = $this->getIncompatiblePlugins($version);
         $disabledPluginNames = array();
 
@@ -322,6 +322,9 @@ class Updater
 
         $model = new Model();
 
+        // Check if the target directories are writable
+        $this->checkFolderPermissions($extractedArchiveDirectory, PIWIK_INCLUDE_PATH);
+
         /*
          * Copy all files to PIWIK_INCLUDE_PATH.
          * These files are accessed through the dispatcher.
@@ -378,4 +381,34 @@ class Updater
     {
         return PluginManager::getInstance()->getIncompatiblePlugins($piwikVersion);
     }
+
+
+    /**
+     * check if the target file directory is writeable
+     * @param string $source
+     * @param string $target
+     * @throws Exception
+     */
+    private function checkFolderPermissions($source, $target)
+    {
+        $wrongPermissionDir = [];
+        if (is_dir($source)) {
+            $d = dir($source);
+            while (false !== ($entry = $d->read())) {
+                if ($entry == '.' || $entry == '..') {
+                    continue;
+                }
+                $sourcePath = $source . '/' . $entry;
+                if (is_dir($sourcePath) && !is_writable($target . '/' . $entry)) {
+                    //add the wrong permission to the array
+                    $wrongPermissionDir[] = $target . '/' . $entry;
+                }
+            }
+        }
+
+        if (!empty($wrongPermissionDir)) {
+            throw new Exception($this->translator->translate('CoreUpdater_ExceptionDirWrongPermission',
+              implode(', ', $wrongPermissionDir)));
+        }
+    }
 }
diff --git a/plugins/CoreUpdater/lang/en.json b/plugins/CoreUpdater/lang/en.json
index 0101fe7958..b831ea4a33 100644
--- a/plugins/CoreUpdater/lang/en.json
+++ b/plugins/CoreUpdater/lang/en.json
@@ -20,6 +20,7 @@
         "ExceptionArchiveEmpty": "Empty archive.",
         "ExceptionArchiveIncompatible": "Incompatible archive: %s",
         "ExceptionArchiveIncomplete": "Archive is incomplete: some files are missing (eg. %s).",
+        "ExceptionDirWrongPermission": "Some folders are not writable. Please ensure the following folders are writable and try again: %s.",
         "FeedbackRequest": "Feel free to share your ideas and suggestions with the Matomo Team here:",
         "HelpMessageContent": "Check the %1$s Matomo FAQ %2$s which explains most common errors during update. %3$s Ask your system administrator - they may be able to help you with the error which is most likely related to your server or MySQL setup.",
         "HelpMessageIntroductionWhenError": "The above is the core error message. It should help explain the cause, but if you require further help please:",
@@ -99,4 +100,4 @@
         "SkipCacheClearDesc": "Skips clearing of caches before updating. This is only useful if you can ensure that instances running this command have not created a cache at all yet, and if clearing the cache for many Matomo accounts can become a bottleneck.",
         "SkipCacheClear": "Skipping clearing caches."
     }
-}
\ No newline at end of file
+}