It was introduced for various direct and indirect violations of T124367 (using the User object before the session is ready).
A few points:
- What happens when code uses wgUser too early (and doesn't check isSafeToLoad)? Probably the session throws an exception or assumes user is logged-out.
- What is code typically changes to when we find such an issue as part of T124367? Either fixed to be deferred so the user object is initialised. Or patched up with isSafeToLoad.
- What does patching up with isSafeToLoad mean? In my opinion, not much. Usually assumes logged-out. Same as before but more explicit.
I can understand how this method may've seemed useful as a hot-patch while SessionManager settles down, but I strongly belief the existence of this method is confusing and flawed. With SessionManager we're in a much better position than before. We don't need it anymore.
As we discover more bad callers, the solution in most cases is to just defer the code so that it doesn't run too early. And if it absolutely has to run early, the caller needs to accept that the session isn't there yet and it should create an anonymous object instead of using wgUser. So I'd like us to make the object throw on access (or simply not yet exist) until the session is initialised. And we fix callers to be more explicit and deterministic.
In some cases that may mean we need to fix indirect callers, rather than the methods listed below, to comply with a new contract.
Current usage of $wgUser->isSafeToLoad():