Hi, can you please explain this edit? I don't understand this.
Topic on User talk:FreedomFighterSparrow/Flow
Sure - maybe I wasn't clear enough. ReplaceText adds $wgReplaceTextUser to the array of $wgReservedUsernames; such users cannot login, change password, etc. So the user can only be used for ReplaceText from that point onward. In my personal example, I tried using the same bot user for $wgReplaceTextUser as well as Pywikibot; but the minute the user is in $wgReservedUsernames, it can no longer authenticate on the wiki.
Are you sure about that? I don't see $wgReservedUsernames anywhere in the Replace Text code.
ReplaceText uses hook UserGetReservedNames, which amounts to the same...
Ah, yes - now I see. That was added a few months ago by someone else, as part of a set of security improvements to Replace Text - I wasn't even really aware of that change. What do you think - is this change a problem? Or is the only issue the fact that it's not documented?
Although it's not really a problem aside from documentation, usually the hook is used together with injecting a non-existant user - see fetchEditor() in extension:NewUserMessage, or user() in extension:Babel as examples (the last is probably a bit more current, as it uses User::newSystemUser()
). This seems to be the most up-to-date practice - see a bit of discussion here.