Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

Ready to contribute?

Amazing! Sign our contributors' agreement and then join us on GitHub.

Update for critical security issue in PHPMailer included in release Vanilla 2.3.1
Please upgrade to 2.3 here. The 2.2 and earlier branches are no longer being updated.

[] Fixed the password reset ' bug

jrapagejrapage New
edited February 2011 in Vanilla 2.0 - 2.2
If you are running V2.0.17.8, chances are your password reset mechanism will fail. After clicking the link in the email and selecting a new password, you will find this fatal error:

Fatal error: Nesting level too deep - recursive dependency? in /home/XXXXXX/library/core/class.authenticator.php on line 122

In PHP there are two comparison operators, == and ===. It’s generally known that the first is not strict about type but the second is. When comparing two objects using the non-strict comparison operator (==) PHP compares all the properties of the objects and if they match the objects are deemed to be equal. If they don’t match they are not equal. In effect, we have a recursive comparison of all the properties of each object, and all their properties, etc. until we reach basic data types like strings and integers.
If, however, we use strict comparison (===), PHP will check whether the two objects are exactly the same object, not just objects with the same properties.

The solution to this problem with Vanilla is to make edits to the following two files:

core/class.authenticator.php Line 122 if ($DataSource == $this) { -> if ($DataSource === $this) {


core/authenticators/class.passwordauthenticator.php Line 107 if (is_object($this->_DataSource) && ($this->_DataSource == $this || $this->_DataSource->IsPostBack() === TRUE)) { ---> if (is_object($this->_DataSource) && ($this->_DataSource === $this || $this->_DataSource->IsPostBack() === TRUE)) {


Sign In or Register to comment.