Set token properly when creating in User::newSystemUser()

Otherwise callers that don't use 'steal' is going to break because it'll
think it needs to steal the user.

If such a user exists on a wiki, it can be fixed by setting the token to
the invalid token. The easiest way is probably to just call
User::newSystemUser( $name, [ 'steal' => true ] ) with eval.php.

Note there's no way for anyone to use these users unless they steal the
token from the DB, since they still don't have a password, email, or any
other method of authentication or account recovery set up.

Change-Id: I9efd2d2f5fffb4e4411a894f9514cdf2c66663a9

diff --git a/includes/user/User.php b/includes/user/User.php
index df9dd3e..2ee8ed2 100644 (file)
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -677,7 +677,7 @@ class User implements IDBAccessObject {
                );
                if ( !$row ) {
                        // No user. Create it?
-                       return $options['create'] ? self::createNew( $name ) : null;
+                       return $options['create'] ? self::createNew( $name, [ 'token' => self::INVALID_TOKEN ] ) : null;
                }
                $user = self::newFromRow( $row );