wp plugin install should ignore corrupted cache files

[rklrkl]

If a plugin (or theme?) install has previously cached the downloaded zip and the cached zip file will be used again (e.g. for a plugin re-install or perhaps another WP site on the same server could use it?), then there's no validation on the downloaded cache file before it's re-used.

A quick and dirty validation would be to ignore any cache file less than a (small) size e.g. 20 bytes and re-download it as if it wasn't there. Similarly, it should check its size after download and delete it (and maybe retry download?) if it's under 20 bytes.

If it's >=20 bytes and the "unzip" binary is in the PATH, then run "unzip -t" on the zip file and check for success (0 return code). If it fails, delete it and re-download it.

In case you're wondering how a download could get corrupted (apart from the obvious full or corrupted filing system scenarios) - one possibility is where your license for a commercial plugin runs out and the next version's "download" actually becomes an error string ("Denied" or whatever). I had a 7-byte zip download because of that and wp-cli (1.5.1) kept trying to use it every day and failing to. If it had validated it, deleted it and re-downloaded it, it would have fixed the problem automatically (once I'd renewed the license of course).