From 901d575b54f4abad6f82b2425cce9522941ec9d3 Mon Sep 17 00:00:00 2001 From: Brad Jorsch Date: Fri, 18 Nov 2016 19:54:58 -0500 Subject: [PATCH] Set token properly when creating in User::newSystemUser() Otherwise callers that don't use 'steal' is going to break because it'll think it needs to steal the user. If such a user exists on a wiki, it can be fixed by setting the token to the invalid token. The easiest way is probably to just call User::newSystemUser( $name, [ 'steal' => true ] ) with eval.php. Note there's no way for anyone to use these users unless they steal the token from the DB, since they still don't have a password, email, or any other method of authentication or account recovery set up. Change-Id: I9efd2d2f5fffb4e4411a894f9514cdf2c66663a9 --- includes/user/User.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/user/User.php b/includes/user/User.php index df9dd3e628..2ee8ed246c 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -677,7 +677,7 @@ class User implements IDBAccessObject { ); if ( !$row ) { // No user. Create it? - return $options['create'] ? self::createNew( $name ) : null; + return $options['create'] ? self::createNew( $name, [ 'token' => self::INVALID_TOKEN ] ) : null; } $user = self::newFromRow( $row ); -- 2.20.1