Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

[] Fixed the password reset ' bug

jrapagejrapage New
edited February 2011 in Vanilla 2.0 - 2.8
If you are running V2.0.17.8, chances are your password reset mechanism will fail. After clicking the link in the email and selecting a new password, you will find this fatal error:

Fatal error: Nesting level too deep - recursive dependency? in /home/XXXXXX/library/core/class.authenticator.php on line 122

In PHP there are two comparison operators, == and ===. It’s generally known that the first is not strict about type but the second is. When comparing two objects using the non-strict comparison operator (==) PHP compares all the properties of the objects and if they match the objects are deemed to be equal. If they don’t match they are not equal. In effect, we have a recursive comparison of all the properties of each object, and all their properties, etc. until we reach basic data types like strings and integers.
If, however, we use strict comparison (===), PHP will check whether the two objects are exactly the same object, not just objects with the same properties.

The solution to this problem with Vanilla is to make edits to the following two files:

core/class.authenticator.php Line 122 if ($DataSource == $this) { -> if ($DataSource === $this) {


core/authenticators/class.passwordauthenticator.php Line 107 if (is_object($this->_DataSource) && ($this->_DataSource == $this || $this->_DataSource->IsPostBack() === TRUE)) { ---> if (is_object($this->_DataSource) && ($this->_DataSource === $this || $this->_DataSource->IsPostBack() === TRUE)) {


  • Hope to find this fix in next release.
  • edited August 2011

    I have a vanilla forum ( ) and i have the same bug...

    And this patch solve the bug, thanks,

Sign In or Register to comment.