Jump to the post that solved this thread.
Solved: 2 Years, 7 Months, 2 Weeks ago Upgrade to 1.8.18
#1
Solved: 2 Years, 7 Months, 2 Weeks ago
I am getting this

Fatal error: Uncaught Error: Call to undefined function my_hash_equals() in /usr/.../inc/functions_forumlist.php:145 Stack trace: #0 /usr/.../inc/functions_forumlist.php(154): build_forumbits('1', 2) #1 /usr/..../index.php(421): build_forumbits() #2 {main} thrown in /usr/..../inc/functions_forumlist.php on line 145

on my test board upgrading from .17 to .18

Does anyone else get the same ?
What goes around comes around
Reply
#2
Solved: 2 Years, 7 Months, 2 Weeks ago
This issue has been pushed to GitHub already - https://github.com/mybb/mybb/issues/3409. It looks like the changes are going to be reverted.
Plugin Count: I lost count.
Public Plugins are available here.
Official GitHub.
Please do not PM me for support unless asked to.
Reply
#3
Solved: 2 Years, 7 Months, 2 Weeks ago
Hi, I've pushed a PR for this but haven't had time to test it: https://github.com/mybb/mybb/pull/3413
Reply
#4
Solved: 2 Years, 7 Months, 2 Weeks ago
Notwithstanding this error, for those with custom themes, these are the notes I made while testing on my test board:

These are the templates that you need to go check against the default ones and make changes accordingly:

editpost
error_nopermission
forumdisplay_inlinemoderation
member_lostpw
newreply
newthread
post_attachments_new
post_javascript
postbit_edit
postbit_multiquote
postbit_quickdelete
postbit_quickrestore
postbit_quote
private_send_autocomplete
search_results_posts_inlinemoderation
search_results_threads_inlinemoderation
showthread
showthread_inlinemoderation
showthread_printthread
showthread_ratethread

also global.css adds at approx line 1330

.postbit_qrestore,
.status_type{
display:none!important;
}

.deleted_post .postbit_qrestore,
.deleted_post .status_type{
display:inline!important;
}

.deleted_post .postbit_mirage{
display:none!important;
}
What goes around comes around
Reply
#5
Solved: 2 Years, 7 Months, 2 Weeks ago
Note that the above templates are also listed in the release notes: https://mybb.com/versions/1.8.18/
Reply
#6
Solved: 2 Years, 7 Months, 2 Weeks ago
(2018-08-23, 06:52 PM)Euan T Wrote: Hi, I've pushed a PR for this but haven't had time to test it: https://github.com/mybb/mybb/pull/3413

I have applied these changes (5 files) and the errors have disappeared.
What goes around comes around
Reply
#7
Solved: 2 Years, 7 Months, 2 Weeks ago
Forgive my ignorance - is it recommended that everyone change the 5 files posted by Euan on github, and also add the code to global.css, after running the 1.8.18 upgrade script?? Will you be making these changes part of the update files that are downloaded and installed, or upgrade script?
Reply
#8
Solved: 2 Years, 7 Months, 2 Weeks ago
Bare in mind that the changes made by Euan (in the PR) may still needing testing as with most (if not all) other PRs. The changes made will be merged into 1.8.19 and released as an Upgrade. As the changes do not alter the database this PR is as simple as just overwriting the old files. The upgrade script is used to make changes to the database.
Plugin Count: I lost count.
Public Plugins are available here.
Official GitHub.
Please do not PM me for support unless asked to.
Reply
#9
Solved: 2 Years, 7 Months, 2 Weeks ago
(2018-08-23, 08:35 PM)Ashley1 Wrote:
(2018-08-23, 06:52 PM)Euan T Wrote: Hi, I've pushed a PR for this but haven't had time to test it: https://github.com/mybb/mybb/pull/3413

I have applied these changes (5 files) and the errors have disappeared
I'm not a coder, so can you give me (and others) the incorrect lines with the corrected lines in the appropriate files?
Like a 'Before Correction' and 'After Correction' kind of thing.
I'm Serpius and You're Not    ¯\_(ツ)_/¯
Deaf Golf
Reply
#10
Solved: 2 Years, 7 Months, 2 Weeks ago
Add the following to ../inc/functions.php:

 /**
 * Performs a timing attack safe string comparison.
 *
 * @param string $known_string The first string to be compared.
 * @param string $user_string The second, user-supplied string to be compared.
 * @return bool Result of the comparison.
 */
function my_hash_equals($known_string, $user_string)
{
 if(version_compare(PHP_VERSION, '5.6.0', '>='))
 {
 return hash_equals($known_string, $user_string);
 }
 else
 {
 $known_string_length = my_strlen($known_string);
 $user_string_length = my_strlen($user_string);
 if($user_string_length != $known_string_length)
 {
 return false;
 }
 $result = 0;
 for($i = 0; $i < $known_string_length; $i++)
 {
 $result |= ord($known_string[$i]) ^ ord($user_string[$i]);
 }
 return $result === 0;
 }
} 

In ../inc/functions_archive.php, find the following (around line 264):

 if(!$mybb->cookies['forumpass'][$fid] || ($mybb->cookies['forumpass'][$fid] && !my_hash_equals(md5($mybb->user['uid'].$password), $mybb->cookies['forumpass'][$fid])))

Replace with:

 if(!isset($mybb->cookies['forumpass'][$fid]) || !my_hash_equals(md5($mybb->user['uid'].$password), $mybb->cookies['forumpass'][$fid]))

In ../inc/functions_forumlist.php, find the following (around line 145):

if($forum['password'] != '' && !my_hash_equals($mybb->cookies['forumpass'][$forum['fid']], md5($mybb->user['uid'].$forum['password'])))
{
    $hideinfo = true;
    $showlockicon = 1;
}

Replace with:

 if($forum['password'])
{
 if(!isset($mybb->cookies['forumpass'][$forum['fid']]) || !my_hash_equals($mybb->cookies['forumpass'][$forum['fid']], md5($mybb->user['uid'].$forum['password'])))
  {
 $hideinfo = true;
 $showlockicon = 1;
 }
}

In ../inc/functions_search.php, find the following (around line 128):

 if(!my_hash_equals($mybb->cookies['forumpass'][$forum['fid']], md5($mybb->user['uid'].$forum['password'])))

Replace with:

 if(!isset($mybb->cookies['forumpass'][$forum['fid']]) || !my_hash_equals($mybb->cookies['forumpass'][$forum['fid']], md5($mybb->user['uid'].$forum['password'])))

In ../inc/functions_user.php, find and remove the following:

/** 
 * Performs a timing attack safe string comparison. 
 * 
 * @param string $known_string The first string to be compared. 
 * @param string $user_string The second, user-supplied string to be compared. 
 * @return bool Result of the comparison. 
 */ 
function my_hash_equals($known_string, $user_string) 
{ 
 if(version_compare(PHP_VERSION, '5.6.0', '>=')) 
 { 
 return hash_equals($known_string, $user_string); 
 } 
 else 
 { 
 $known_string_length = my_strlen($known_string); 
 $user_string_length = my_strlen($user_string); 
 if($user_string_length != $known_string_length) 
 { 
 return false; 
 } 
 $result = 0; 
 for($i = 0; $i < $known_string_length; $i++) 
 { 
 $result |= ord($known_string[$i]) ^ ord($user_string[$i]); 
 } 
 return $result === 0; 
 } 
}
Plugin Count: I lost count.
Public Plugins are available here.
Official GitHub.
Please do not PM me for support unless asked to.
Reply
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)