MDL-82365 mod_lesson: stricter equality checks of activity password.

safatshahin · Aug 29, 2024 · 3fc1073 · 3fc1073
1 parent 8ec84f4
commit 3fc1073
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/mod/lesson/locallib.php b/mod/lesson/locallib.php
@@ -2864,15 +2864,17 @@ public function get_password_restriction_status($userpassword) {
 
         if ($this->properties->usepassword && empty($USER->lessonloggedin[$this->id])) {
             $correctpass = false;
-            if (!empty($userpassword) &&
-                    (($this->properties->password == md5(trim($userpassword))) || ($this->properties->password == trim($userpassword)))) {
+
+            $userpassword = trim((string) $userpassword);
+            if ($userpassword !== '' &&
+                    ($this->properties->password === md5($userpassword) || $this->properties->password === $userpassword)) {
                 // With or without md5 for backward compatibility (MDL-11090).
                 $correctpass = true;
                 $USER->lessonloggedin[$this->id] = true;
             } else if (isset($this->properties->extrapasswords)) {
                 // Group overrides may have additional passwords.
                 foreach ($this->properties->extrapasswords as $password) {
-                    if (strcmp($password, md5(trim($userpassword))) === 0 || strcmp($password, trim($userpassword)) === 0) {
+                    if ($password === md5($userpassword) || $password === $userpassword) {
                         $correctpass = true;
                         $USER->lessonloggedin[$this->id] = true;
                     }