[wp-trac] [WordPress Trac] #49386: Deprecate "Post via email" feature

WordPress Trac noreply at wordpress.org
Sat Feb 8 20:33:57 UTC 2020 

#49386: Deprecate "Post via email" feature
-------------------------+-------------------------------------
 Reporter:  ayeshrajans  |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Mail         |    Version:  trunk
 Severity:  normal       |   Keywords:  needs-patch 2nd-opinion
  Focuses:               |
-------------------------+-------------------------------------
 While working on a ticket to upgrade WordPress's email library (PHPMailer)
 to the latest version, the author of the PHPMailer library commented about
 the POP3 library.

 WordPress uses this POP3 class from within `./wp-mail.php` file to connect
 to a POP3 server, fetch emails, and post them on the WordPress site.

 > Frankly I feel a little unwell at the thought that some might still be
 using the POP3 library! Nobody should be using POP-before-SMTP for auth
 any more - the last time I used it was about 30 years ago. Indeed it
 doesn't have any test coverage - it was originally a third party library
 that was donated to the project, and it's a difficult thing to test as it
 requires coordination across protocols. Do you have any visibility on
 whether it's being used at all?

 Emails are hard by nature, and converting an email to a WordPress is quite
 difficult with the complexities involved in converting the 7-bit encoding
 that are common in emails to the modern UTF-8 characters, connection
 security, contect security, etc. Furthermore, with Gutenberg and numerous
 media improvements, the "Post via email" feature is lacking way behind.

 I propose to deprecate the "Post via email" feature (version 5.4 would be
 amazing!), and eventually remove it.

  - `wp-mail.php` file is not tested. While working on PHPMailer 6 upgrade
 patch, only one test failed.

  - Commentary by the PHPMailer library author about the POP3 class and how
 less active the development of it. The history of this file reveals only
 code styling and modernization changes (such as namespaces, doc comments,
 etc) were made. No bug fixes.

  - Possible security vulnerabilities
 [https://www.cvedetails.com/cve/CVE-2017-5491/ such as this one]

  - Possibility of moving this functionality to a contributed plugin, so
 even the (likely small percentage) users of this feature have an upgrade
 path.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/49386>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list