[PHPBB3-15347] Password updater in cron generates invalid postgres SQL Created: 04/Sep/17  Updated: 08/Sep/17  Resolved: 08/Sep/17

Status: Closed
Project: phpBB3
Component/s: Cron
Affects Version/s: 3.1.11, 3.2.1
Fix Version/s: 3.1.12-RC1, 3.2.2-RC1

Type: Bug Priority: Blocker
Reporter: Frank Jakobs Assignee: Marc
Resolution: Fixed Votes: 0
Labels: update-script


SQL generated in https://github.com/phpbb/phpbb/blob/master/phpBB/phpbb/cron/task/core/update_hashes.php#L114-L116 does not follow postgres coding standards.

Postgres needs single quotes around strings; the mentioned statement generates double quotes giving following error message:

ERROR:  column "$H\2y$9TE61ADb5$10\mGuVQ7ixG0zjLxLuslrIOO$QfJA4iz7ouOvtdnduI5Cr" does not exist at character 45
STATEMENT:  UPDATE phpbb_users
                   SET user_password = "$H\2y$9TE61ADb5$10\mGuVQ7ixG0zjLxLuslrIOO$QfJA4iz7ouOvtdnduI5Cr.YLV6oUNUO"
                   WHERE user_id = 56

See discussion on german support board: https://www.phpbb.de/community/viewtopic.php?f=145&t=240166

Comment by Frank Jakobs [ 05/Sep/17 ]

Same error in the CLI routine /console/command/fixup/update_hashes.php

Generated at Sat Feb 16 08:10:19 UTC 2019 using Jira 7.12.3#712004-sha1:5ef91d760d7124da5ebec5c16a948a4a807698df.