[BUGFIX] Use single quotes for password check 38/40438/2
authorAndreas Fernandez <a.fernandez@scripting-base.de>
Thu, 18 Jun 2015 10:46:14 +0000 (12:46 +0200)
committerMarkus Klein <markus.klein@typo3.org>
Thu, 18 Jun 2015 11:02:17 +0000 (13:02 +0200)
Use single quotes for the password check in
SaltedPasswordsUtility::getNumberOfBackendUsersWithInsecurePassword
to tell other DBMS to expect a value and not an identifier.

Using double quotes for values violates the SQL standard.

Resolves: #67599
Releases: master, 6.2
Change-Id: I4d17f2eb24e77421da2368cc899a021c435cfff8
Reviewed-on: http://review.typo3.org/40438
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php

index 1901f6e..46efeb8 100644 (file)
@@ -37,7 +37,7 @@ class SaltedPasswordsUtility {
                $userCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows(
                        '*',
                        'be_users',
-                       'password != ""'
+                       'password != \'\''
                                . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('$%', 'be_users')
                                . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('M$%', 'be_users')
                );