From b9aa17be2196bdab152cdbd82906c682e2cfa920 Mon Sep 17 00:00:00 2001
From: Yahnis Elsts <whiteshadow@w-shadow.com>
Date: Wed, 23 Aug 2023 20:24:28 +0300
Subject: [PATCH] Add a sanity check to reject VCS updates that don't have a
 version number.

This can happen when PUC is configured to use a branch (as opposed to tags or releases) and it fails to retrieve the main plugin file from the repository, e.g. due to API rate limits. Then it can't get the "Version" header from the main plugin file.

See #526
---
 Puc/v5p2/Vcs/PluginUpdateChecker.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/Puc/v5p2/Vcs/PluginUpdateChecker.php b/Puc/v5p2/Vcs/PluginUpdateChecker.php
index 7fcbb2c..58871cd 100644
--- a/Puc/v5p2/Vcs/PluginUpdateChecker.php
+++ b/Puc/v5p2/Vcs/PluginUpdateChecker.php
@@ -85,6 +85,21 @@ if ( !class_exists(PluginUpdateChecker::class, false) ):
 				$this->setInfoFromHeader($remoteHeader, $info);
 			}
 
+			//Sanity check: Reject updates that don't have a version number.
+			//This can happen when we're using a branch, and we either fail to retrieve the main plugin
+			//file or the file doesn't have a "Version" header.
+			if ( empty($info->version) ) {
+				do_action(
+					'puc_api_error',
+					new \WP_Error(
+						'puc-no-plugin-version',
+						'Could not find the version number in the repository.'
+					),
+					null, null, $this->slug
+				);
+				return null;
+			}
+
 			//Try parsing readme.txt. If it's formatted according to WordPress.org standards, it will contain
 			//a lot of useful information like the required/tested WP version, changelog, and so on.
 			if ( $this->readmeTxtExistsLocally() ) {