Author: herd
Description:
The {{REVISIONUSER}} variable and soon-to-be (per r49575) parserfunction of the same name have an interesting feature. When subst'd, they act the same as {{CURRENTUSER}}.
function getRevisionUser() {
// if this template is subst: the revision id will be blank, // so just use the current user's name
However, this has some interesting side effects, anytime $this->mRevisionId is false, it uses the current user's name. First noticed in the comments of the Special:Code extension -> http://www.mediawiki.org/wiki/Special:Code/MediaWiki/49575#code-comments and later in http://www.mediawiki.org/wiki/Special:Code/MediaWiki/48837#c2257 (though not in the recent comments feed at http://www.mediawiki.org/w/index.php?title=Special:Code/MediaWiki/comments&offset=20090420132558&limit=1 ).
Also happens in preview, expandtemplates http://en.wikipedia.org/wiki/Special:ExpandTemplates?input=%3D%3DFoobar%3D%3D%0A%0A%0A%7B%7BREVISIONUSER%7D%7D#Foobar
and any parsing with no revisions: http://en.wikipedia.org/w/api.php?action=parse&text={{REVISIONUSER}}
This is also possible with many system messages, most notably Newarticletext and Editnotice. I brought this up at the VPT http://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_(technical)&oldid=293258249#Constructed_link_in_editnotice_is_a_problem after a quick test in http://test.wikipedia.org/w/index.php?title=MediaWiki:Newarticletext&diff=74417&oldid=73916 ... and soon a very interesting hack was performed: http://en.wikipedia.org/w/index.php?title=Template:Editnotices/Page/User:Amalthea/test16&oldid=293105080&action=edit is used on User:Amalthea/test16?action=edit and transcludes the currently editing user's userpage.
This sort of behavior should probably be disabled? Though would that preclude the ability to subst it (similar to REVISIONID) or is there a workaround?
Version: 1.15.x
Severity: minor