Upgrade to 1.8.18
Add the following to ../inc/functions.php:
In ../inc/functions_archive.php, find the following (around line 264):
Replace with:
In ../inc/functions_forumlist.php, find the following (around line 145):
Replace with:
In ../inc/functions_search.php, find the following (around line 128):
Replace with:
In ../inc/functions_user.php, find and remove the following:
/**
* Performs a timing attack safe string comparison.
*
* @param string $known_string The first string to be compared.
* @param string $user_string The second, user-supplied string to be compared.
* @return bool Result of the comparison.
*/
function my_hash_equals($known_string, $user_string)
{
if(version_compare(PHP_VERSION, '5.6.0', '>='))
{
return hash_equals($known_string, $user_string);
}
else
{
$known_string_length = my_strlen($known_string);
$user_string_length = my_strlen($user_string);
if($user_string_length != $known_string_length)
{
return false;
}
$result = 0;
for($i = 0; $i < $known_string_length; $i++)
{
$result |= ord($known_string[$i]) ^ ord($user_string[$i]);
}
return $result === 0;
}
}
In ../inc/functions_archive.php, find the following (around line 264):
if(!$mybb->cookies['forumpass'][$fid] || ($mybb->cookies['forumpass'][$fid] && !my_hash_equals(md5($mybb->user['uid'].$password), $mybb->cookies['forumpass'][$fid])))
Replace with:
if(!isset($mybb->cookies['forumpass'][$fid]) || !my_hash_equals(md5($mybb->user['uid'].$password), $mybb->cookies['forumpass'][$fid]))
In ../inc/functions_forumlist.php, find the following (around line 145):
if($forum['password'] != '' && !my_hash_equals($mybb->cookies['forumpass'][$forum['fid']], md5($mybb->user['uid'].$forum['password'])))
{
$hideinfo = true;
$showlockicon = 1;
}
Replace with:
if($forum['password'])
{
if(!isset($mybb->cookies['forumpass'][$forum['fid']]) || !my_hash_equals($mybb->cookies['forumpass'][$forum['fid']], md5($mybb->user['uid'].$forum['password'])))
{
$hideinfo = true;
$showlockicon = 1;
}
}
In ../inc/functions_search.php, find the following (around line 128):
if(!my_hash_equals($mybb->cookies['forumpass'][$forum['fid']], md5($mybb->user['uid'].$forum['password'])))
Replace with:
if(!isset($mybb->cookies['forumpass'][$forum['fid']]) || !my_hash_equals($mybb->cookies['forumpass'][$forum['fid']], md5($mybb->user['uid'].$forum['password'])))
In ../inc/functions_user.php, find and remove the following:
/**
* Performs a timing attack safe string comparison.
*
* @param string $known_string The first string to be compared.
* @param string $user_string The second, user-supplied string to be compared.
* @return bool Result of the comparison.
*/
function my_hash_equals($known_string, $user_string)
{
if(version_compare(PHP_VERSION, '5.6.0', '>='))
{
return hash_equals($known_string, $user_string);
}
else
{
$known_string_length = my_strlen($known_string);
$user_string_length = my_strlen($user_string);
if($user_string_length != $known_string_length)
{
return false;
}
$result = 0;
for($i = 0; $i < $known_string_length; $i++)
{
$result |= ord($known_string[$i]) ^ ord($user_string[$i]);
}
return $result === 0;
}
}
Plugin Count: I lost count.
Public Plugins are available here.
Please do not PM me for support unless asked to.
Public Plugins are available here.
Please do not PM me for support unless asked to.