mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-17 21:49:15 +01:00
Code Issues Projects Releases Wiki Activity

MDL-82365 mod_lesson: stricter equality checks of activity password.

Browse Source
This commit is contained in:
Paul Holden 2024-07-03 09:40:36 +01:00 committed by Ilya Tregubov
parent 098013a01d
commit a31041ef7b
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mod/lesson/locallib.php
View File

@ -2864,15 +2864,17 @@ class lesson extends lesson_base {
if ($this->properties->usepassword && empty($USER->lessonloggedin[$this->id])) {
$correctpass = false;
if (!empty($userpassword) &&
(($this->properties->password == md5(trim($userpassword))) || ($this->properties->password == trim($userpassword)))) {
$userpassword = trim((string) $userpassword);
if ($userpassword !== '' &&
($this->properties->password === md5($userpassword) || $this->properties->password === $userpassword)) {
// With or without md5 for backward compatibility (MDL-11090).
$correctpass = true;
$USER->lessonloggedin[$this->id] = true;
} else if (isset($this->properties->extrapasswords)) {
// Group overrides may have additional passwords.
foreach ($this->properties->extrapasswords as $password) {
if (strcmp($password, md5(trim($userpassword))) === 0 || strcmp($password, trim($userpassword)) === 0) {
if ($password === md5($userpassword) || $password === $userpassword) {
$correctpass = true;
$USER->lessonloggedin[$this->id] = true;
}