Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
[2.0.17.8] Fixed the password reset ' bug
jrapage
New
If you are running V2.0.17.8, chances are your password reset mechanism will fail. After clicking the link in the email and selecting a new password, you will find this fatal error:
Fatal error: Nesting level too deep - recursive dependency? in /home/XXXXXX/library/core/class.authenticator.php on line 122
In PHP there are two comparison operators, == and ===. It’s generally known that the first is not strict about type but the second is. When comparing two objects using the non-strict comparison operator (==) PHP compares all the properties of the objects and if they match the objects are deemed to be equal. If they don’t match they are not equal. In effect, we have a recursive comparison of all the properties of each object, and all their properties, etc. until we reach basic data types like strings and integers.
If, however, we use strict comparison (===), PHP will check whether the two objects are exactly the same object, not just objects with the same properties.
The solution to this problem with Vanilla is to make edits to the following two files:
AND
Fatal error: Nesting level too deep - recursive dependency? in /home/XXXXXX/library/core/class.authenticator.php on line 122
In PHP there are two comparison operators, == and ===. It’s generally known that the first is not strict about type but the second is. When comparing two objects using the non-strict comparison operator (==) PHP compares all the properties of the objects and if they match the objects are deemed to be equal. If they don’t match they are not equal. In effect, we have a recursive comparison of all the properties of each object, and all their properties, etc. until we reach basic data types like strings and integers.
If, however, we use strict comparison (===), PHP will check whether the two objects are exactly the same object, not just objects with the same properties.
The solution to this problem with Vanilla is to make edits to the following two files:
core/class.authenticator.php
Line 122
if ($DataSource == $this) {
->
if ($DataSource === $this) {
AND
core/authenticators/class.passwordauthenticator.php
Line 107
if (is_object($this->_DataSource) && ($this->_DataSource == $this || $this->_DataSource->IsPostBack() === TRUE)) {
--->
if (is_object($this->_DataSource) && ($this->_DataSource === $this || $this->_DataSource->IsPostBack() === TRUE)) {
Tagged:
0
Comments
I have a vanilla forum ( 2.0.17.10 ) and i have the same bug...
And this patch solve the bug, thanks,
Nicolas