installdef `administration` may overwrite other plugins' admindefs

[strangedev]

Issue

The module loader overwrites existing admindefs when using the administration installdef.

Expected Behavior

The name of the admindef file should not matter, since a plugin vendor has no way of knowing which names were chosen by other plugin vendors. At the very least, this caveat should be included in the documentation.

Actual Behavior

When installing admindefs through the administration installdef, the file provided in from is simply copied to custom/Extension/modules/Administration/Ext/Administration/, regardless of whether a file of the same name exists. When multiple plugins use the same filename in the administration installdef, this causes the module loader to overwrite the previously installed admindefs.

Possible Fix

The module loader should either rename the file on conflict or use a random file name when copying the admindef file.

Steps to Reproduce

I have assembled a minimal example

1. Build the two plugins by running build.sh.
2. Install pluginA through the module loader.
3. Install pluginB through the module loader.
4. Navigate to the admin section and observe that only pluginB appears.

Context

I am a plugin vendor and chose using the plugin infrastructure to avoid conflicts between plugins. Since I'm using a plugin template, the admindefs file was named the same for each plugin. I was not able to figure out why the admin panel would not appear for several days. This discourages plugin development.

Your Environment

• SuiteCRM Version used: 7.11.10
• Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Does not matter for this issue
• Environment name and version (e.g. MySQL, PHP 7): PHP 7.3.13, MariaDB 10.x
• Operating System and version (e.g Ubuntu 16.04): Docker on Linux (Bitnami image)

[pgorod]

Thanks for the detailed report (and the "minimal example").

Do you happen to know the place in core code where this is handled?

[strangedev]

A quick grep through the codebase leads me to believe it is handled in ModuleInstall/ModuleInstaller.php. It seems the administration installdef is handled by the ModuleInstaller::install_extensions() method, which in turn calls ModuleInstaller::installExt(). I see some filesystem operations happening in this method, which suggests to me that the issue lies there.

This would also suggest that the administration installdef is not the only one affected, as this method handles installation of all extensions which do not have a separate ModuleInstaller::install_<module_name>() method.

[strangedev]

Also, I have a hunch (because of some issues when trying to uninstall plugins when the upload directory was reset) that the uninstall procedure uses the manifest file to remove the plugin files from Suite. This would make renaming the files difficult, because we'd lose track of what files belong to which plugin. An easy "fix" would be to just document this caveat.