[wp-trac] [WordPress Trac] #36669: Update SimplePie to Latest Version and possibly include PHP-MF2

WordPress Trac noreply at wordpress.org
Mon Apr 13 21:11:40 UTC 2020 

#36669: Update SimplePie to Latest Version and possibly include PHP-MF2
-------------------------------------------+-----------------------------
 Reporter:  dshanske                       |       Owner:  SergeyBiryukov
     Type:  defect (bug)                   |      Status:  reviewing
 Priority:  normal                         |   Milestone:  Future Release
Component:  External Libraries             |     Version:
 Severity:  normal                         |  Resolution:
 Keywords:  has-patch needs-testing early  |     Focuses:  SimplePie
-------------------------------------------+-----------------------------

Comment (by desrosj):

 I'd like to kindly remind everyone that time is a limited resource. The
 WordPress project is maintained almost entirely by volunteers (with the
 exception of a very, very small handful of people). While it is
 frustrating to see an issue repeatedly miss each new release, it is not
 because the ticket is being avoided. Leaving negative comments does
 nothing to progress the ticket closer to a resolution, and probably has
 the opposite affect. Newer contributors will be hesitant to jump in to
 help.

 I've created a PR with the latest version of SimplePie (and included the
 refreshed patch here), and it looks like all of the tests that are
 currently included pass.

 @stevenkword I dug in and looked at some of the top plugins using
 `SimplePie`. I [https://wpdirectory.net/search/01E5TBZ0FEKW4HNGGNB59YYK5A
 re-ran the scan linked above] by @Ipstenu and there were a few additional
 plugins. I looked at the top 5 plugins ordered by number of active
 installs. This is what I found:
 - UpdraftPlus: There are 2 occurrences of `SimplePie` in their code base.
 One never runs because it is intentionally disabled, and the other just
 pulls their news blog's RSS feed in and includes it in emails when backups
 run. I tested this out and looks like it works without issue.
 - Duplicator: Looks like this plugin has a list of all core WordPress
 files and classes and does not actually utilize the class.
 - WP Statistics: `SimplePie` is only included in their code base to
 identify what is crawling/accessing a site.
 - Google Tag Manager: `SimplePie` is only included in their code base to
 identify bots accessing the site.
 - Caldera Forms: `simplepie` is mentioned once, but looks like it is code
 from Wonolog, a package that is included with Composer.

 I also looked at the top 5 plugins ordered by the most occurrences of
 "simplepie" with at least 1,000 active installs:
 - RSSImport (10,000 active): This plugin worked when I used the shortcode
 and the default URL `[RSSImport]`, but broke when I attempted to pass a
 different feed URL to the shortcode with the `feedurl` argument. I am not
 sure if this is a block editor, plugin issue, or an issue from the
 upgrade.
 - WP Social Blogroll (1,000 active): This plugin doesn't even activate on
 5.4. Based on the support forums, it stopped working at WordPress version
 4.7. It also has not been updated in 7 years.
 - FeedWordPress (30,000 active): The plugin still works and successfully
 pulls in posts from a feed, but there are a few warnings thrown when
 SimplePie is upgraded.

 {{{
 Declaration of FeedWordPie_Item::get_id($hash = false) should be
 compatible with SimplePie_Item::get_id($hash = false, $fn = 'md5') in wp-
 content/plugins/feedwordpress/feedwordpie_item.class.php on line 4
 Declaration of FeedWordPress_Parser::parse(&$data, $encoding) should be
 compatible with SimplePie_Parser::parse(&$data, $encoding, $url = '') in
 wp-content/plugins/feedwordpress/feedwordpress_parser.class.php on line 28
 }}}
 - WPide (50,000 active) and AceIDE (20,000 active): These had a lot of
 shared code. They only had "simplepie" in strings within JS files.
 - Libsyn Publisher Hub (4,000 active): I was unable to test this because
 it appears you need an active Libsyn account, which is paid. But, I looked
 at the occurrences of "simplepie" in the code, and it seems to be very
 standard use of `SimplePie`.

 This research considered and the 5.5 release cycle being very, very early,
 I think we could make this change and publish a blog post on Make to test
 thoroughly to help identify problems. We should still work to increase the
 overall test coverage.

 Another thing I wanted to mention was that I was unable to find a full
 changelog for SimplePie on the GitHub repository. I could be missing it,
 though. When we make this change, we should have a full changelog
 somewhere that we can link to or include in a dev note or documentation.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/36669#comment:55>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list