From 38cbdb67688358024ea78055281d9fe0ca38c9c3 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Thu, 7 Sep 2017 16:24:00 +0200
Subject: [PATCH 1/2] [ticket/15347] Use single quotes in update hashes query

PHPBB3-15347
---
 phpBB/phpbb/cron/task/core/update_hashes.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/phpBB/phpbb/cron/task/core/update_hashes.php b/phpBB/phpbb/cron/task/core/update_hashes.php
index a4fe477d99..ba095abc8b 100644
--- a/phpBB/phpbb/cron/task/core/update_hashes.php
+++ b/phpBB/phpbb/cron/task/core/update_hashes.php
@@ -111,9 +111,9 @@ class update_hashes extends \phpbb\cron\task\base
 				// Increase number so we know that users were selected from the database
 				$affected_rows++;
 
-				$sql = 'UPDATE ' . USERS_TABLE . '
-					SET user_password = "' . $this->db->sql_escape($new_hash) . '"
-					WHERE user_id = ' . (int) $row['user_id'];
+				$sql = 'UPDATE ' . USERS_TABLE . "
+					SET user_password = '" . $this->db->sql_escape($new_hash) . "'
+					WHERE user_id = " . (int) $row['user_id'];
 				$this->db->sql_query($sql);
 			}
 

From 7e4498dfb542aab56cf396ca7dbc78fe0298bccc Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Fri, 8 Sep 2017 10:54:58 +0200
Subject: [PATCH 2/2] [ticket/15347] Fix query quotes in update hashes cli
 command

PHPBB3-15347
---
 phpBB/phpbb/console/command/fixup/update_hashes.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/phpBB/phpbb/console/command/fixup/update_hashes.php b/phpBB/phpbb/console/command/fixup/update_hashes.php
index 4bcc3b5d19..9a0e9bc798 100644
--- a/phpBB/phpbb/console/command/fixup/update_hashes.php
+++ b/phpBB/phpbb/console/command/fixup/update_hashes.php
@@ -101,9 +101,9 @@ class update_hashes extends \phpbb\console\command\command
 		{
 			$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
 
-			$sql = 'UPDATE ' . USERS_TABLE . '
-					SET user_password = "' . $this->db->sql_escape($new_hash) . '"
-					WHERE user_id = ' . (int) $row['user_id'];
+			$sql = 'UPDATE ' . USERS_TABLE . "
+					SET user_password = '" . $this->db->sql_escape($new_hash) . "'
+					WHERE user_id = " . (int) $row['user_id'];
 			$this->db->sql_query($sql);
 			$progress_bar->advance();
 		}