Possible Issues with SUPEE-8788 (Magento1)

Are you having any of the possible issues with SUPEE-8788 ? Lets face it, not every site is using the default Magento theme, and majority of sites are heavily customized, so when a security patch is applied there is a highly likely chance that there may be one of several possible issues that occur. 

In fact with this release of the SUPEE-8788 patch, initially there were some problems with the pre-1.9 version patches, and Magento had to pull them briefly while they re-worked them. Now in order to install SUPEE-8788 for pre-1.9 version patches, you’ll need to revert patch SUPEE-1533 before applying the SUPEE-8788 patch. In order to do so you’ll need to have SSH access to your server and perform the following actions:

  1. Revert SUPEE-1533 – You’ll need to first make the downloaded patch file executable by running “chmod +x supee1533patchfile.sh” . Once it is executable then you can run “./supee1533patchfile.sh -R”
  2. Install SUPEE-3941 (if not previously installed). You will also need to make the downloaded patch executable “chmod +x supee3941patchfile.sh” and then install the patch using the command “./supee3941patchfile.sh”
  3. Install SUPEE-8788 You will also need to make the downloaded patch executable “chmod +x supee8788patchfile.sh” and then install the patch using the command “./supee8788patchfile.sh”

After the patch is installed you should review your Magento site to look for any new issues which may be caused by SUPEE-8788. The most common we’ve come across is:

“Call to undefined function hash_equals() error”

This error after SUPEE-8788 means there is a local override in place at app/code/local/Mage/Core/functions.php . Once you confirm that this local override file exists then you’ll need to add the following code at the end of it.

if (!function_exists('hash_equals')) {
     * Compares two strings using the same time whether they're equal or not.
     * A difference in length will leak
     * @param string $known_string
     * @param string $user_string
     * @return boolean Returns true when the two strings are equal, false otherwise.
    function hash_equals($known_string, $user_string)
        $result = 0;

        if (!is_string($known_string)) {
            trigger_error("hash_equals(): Expected known_string to be a string", E_USER_WARNING);
            return false;

        if (!is_string($user_string)) {
            trigger_error("hash_equals(): Expected user_string to be a string", E_USER_WARNING);
            return false;

        if (strlen($known_string) != strlen($user_string)) {
            return false;

        for ($i = 0; $i < strlen($known_string); $i++) {
            $result |= (ord($known_string[$i]) ^ ord($user_string[$i]));

        return 0 === $result;

One thing is for sure, application of security patches is not for the light hearted, and there are many possible issues which can occur. If you are not completely comfortable with applying security patches, or if you are experiencing possible issues with SUPEE-8788, contact us at https://cybersolutions-llc.com/contact-us.html to inquire about our services.

case studies

See More Case Studies

Contact us

Partner with Us

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?

We Schedule a call at your convenience 


We do a discovery and consulting meeting 


We prepare a proposal 

Schedule a Free Consultation
Simplifying IT
for a complex world.
Platform partnerships