Otherwise callers that don't use 'steal' is going to break because it'll
think it needs to steal the user.
If such a user exists on a wiki, it can be fixed by setting the token to
the invalid token. The easiest way is probably to just call
User::newSystemUser( $name, [ 'steal' => true ] ) with eval.php.
Note there's no way for anyone to use these users unless they steal the
token from the DB, since they still don't have a password, email, or any
other method of authentication or account recovery set up.
Change-Id: I9efd2d2f5fffb4e4411a894f9514cdf2c66663a9
);
if ( !$row ) {
// No user. Create it?
- return $options['create'] ? self::createNew( $name ) : null;
+ return $options['create'] ? self::createNew( $name, [ 'token' => self::INVALID_TOKEN ] ) : null;
}
$user = self::newFromRow( $row );