From: Brad Jorsch Date: Sat, 19 Nov 2016 00:54:58 +0000 (-0500) Subject: Set token properly when creating in User::newSystemUser() X-Git-Tag: 1.31.0-rc.0~4683^2 X-Git-Url: http://git.cyclocoop.org/%22.%24image2.%22?a=commitdiff_plain;h=901d575b54f4abad6f82b2425cce9522941ec9d3;p=lhc%2Fweb%2Fwiklou.git Set token properly when creating in User::newSystemUser() Otherwise callers that don't use 'steal' is going to break because it'll think it needs to steal the user. If such a user exists on a wiki, it can be fixed by setting the token to the invalid token. The easiest way is probably to just call User::newSystemUser( $name, [ 'steal' => true ] ) with eval.php. Note there's no way for anyone to use these users unless they steal the token from the DB, since they still don't have a password, email, or any other method of authentication or account recovery set up. Change-Id: I9efd2d2f5fffb4e4411a894f9514cdf2c66663a9 --- diff --git a/includes/user/User.php b/includes/user/User.php index df9dd3e628..2ee8ed246c 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -677,7 +677,7 @@ class User implements IDBAccessObject { ); if ( !$row ) { // No user. Create it? - return $options['create'] ? self::createNew( $name ) : null; + return $options['create'] ? self::createNew( $name, [ 'token' => self::INVALID_TOKEN ] ) : null; } $user = self::newFromRow( $row );