From d467daefd4dcd05bbe3b3050938ee2c8fe1a0aa8 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 21 Apr 2021 09:28:46 +0200
Subject: [PATCH] Add empty validation in api_is_valid_secret_key

---
 main/inc/lib/api.lib.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php
index 1648fefcb8..9b9eb8f2eb 100644
--- a/main/inc/lib/api.lib.php
+++ b/main/inc/lib/api.lib.php
@@ -6838,7 +6838,11 @@ function api_is_in_group($groupIdParam = null, $courseCodeParam = null)
  */
 function api_is_valid_secret_key($original_key_secret, $security_key)
 {
-    return $original_key_secret == sha1($security_key);
+    if (empty($original_key_secret) || empty($security_key)) {
+        return false;
+    }
+
+    return $original_key_secret === sha1($security_key);
 }
 
 /**