Because DW pulls the form data from php's $_REQUEST superglobal, any cookies which the browser sends which have names matching form field names in the user creation form will be used instead of the submitted data. In this case, my browser was sending a 'userid' cookie to the DW website as the cookie had been set in the parent domain of the installation's FQDN. To alleviate the issue locally, I've replaced all occurrences of $_REQUEST with $_POST in:
Confirmed in devel revision: create a cookie with name=userid, value=anything then add a user by filling in the form and the created user has name anything.
Thanks for reporting this issue.
Not sure about the fix. Andi ?
I added the following line to inc/init.php:
$_REQUEST = array_merge($_GET,$_POST);
It rebuilds the $_REQUEST array using GET and POST vars only. This should solve this and any other possibly cookie interference problems.
Yes this fix is OK. Thanks!