mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-21 16:10:38 +01:00
Code Issues Releases Wiki Activity

Merge pull request from marc1706/ticket/15347

Browse Source 
[ticket/15347] Use single quotes in update hashes query
This commit is contained in:
Oliver Schramm 2017-09-08 16:06:46 +02:00
commit 93621aa184
2 changed files with 6 additions and 6 deletions
phpBB/phpbb
console/command/fixup
update_hashes.php
cron/task/core
update_hashes.php

6
phpBB/phpbb/console/command/fixup/update_hashes.php

@ -101,9 +101,9 @@ class update_hashes extends \phpbb\console\command\command
{
$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = "' . $this->db->sql_escape($new_hash) . '"
WHERE user_id = ' . (int) $row['user_id'];
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_password = '" . $this->db->sql_escape($new_hash) . "'
WHERE user_id = " . (int) $row['user_id'];
$this->db->sql_query($sql);
$progress_bar->advance();
}

6
phpBB/phpbb/cron/task/core/update_hashes.php

@ -111,9 +111,9 @@ class update_hashes extends \phpbb\cron\task\base
// Increase number so we know that users were selected from the database
$affected_rows++;
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = "' . $this->db->sql_escape($new_hash) . '"
WHERE user_id = ' . (int) $row['user_id'];
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_password = '" . $this->db->sql_escape($new_hash) . "'
WHERE user_id = " . (int) $row['user_id'];
$this->db->sql_query($sql);
}