Make WordPress Core

Opened 3 years ago

Last modified 2 months ago

#36669 assigned defect (bug)

Update SimplePie to Latest Version and possibly include PHP-MF2

Reported by: dshanske Owned by:
Milestone: 5.3 Priority: normal
Severity: normal Version:
Component: External Libraries Keywords: has-patch early needs-testing
Focuses: SimplePie Cc:


SimplePie Version 1.4 is now available.


It is the first release in 3 years and has a large number of bug fixes. It also is the first version that includes support for new types of feeds as described by the IndieWebCamp community.

These feeds are made up of h-feed and h-entry microformats, which allows the feed to be parsed from the html rather than a separate xml file.

SimplePie will now detect when it finds such a feed and parse them when it finds the php-mf2 parser available.

Attachments (3)

update-simplepie.patch (86.6 KB) - added by slushman 3 years ago.
Patch updating SimplePie to version 1.4.
SimplePie-1.5.2.diff (120.1 KB) - added by wpshades 11 months ago.
The latest release of SimplePie found at - https://github.com/simplepie/simplepie/releases
36669.diff (121.2 KB) - added by Hareesh Pillai 3 months ago.
Adding refreshed patch

Download all attachments as: .zip

Change History (30)

#1 @jorbin
3 years ago

  • Owner set to rmccue
  • Status changed from new to assigned

@rmccue - thoughts?

This ticket was mentioned in Slack in #core by dshanske. View the logs.

3 years ago

3 years ago

Patch updating SimplePie to version 1.4.

#3 @slushman
3 years ago

  • Keywords has-patch added

I've run into an issue with a plugin trying to read an RSS feed from a site with a Lets Encrypt (self-signed) cert. It appears this was fixed in [May 2015](https://github.com/simplepie/simplepie/pull/407) and that fix is part of SimplePie 1.4.
Submitting patch to update SimplePie to version 1.4.

This ticket was mentioned in Slack in #core by dshanske. View the logs.

3 years ago

#5 @jhabdas
2 years ago

SimplePie 1.5 has been released. It still does not support PHP 7.0, which is what I believe WP suggests. It seems apt to deprecate or make private fetch_feed() entirely and let the plugins manage the use cases and forward-facing support role for end users.

Last edited 2 years ago by jhabdas (previous) (diff)

#6 @Presskopp
22 months ago

1.5.1 is latest now

#7 @aquakitty
22 months ago

#42515 was marked as a duplicate.

#8 @etruel
16 months ago

Hi all, someone recommended me to tell the following here. I'll try to say some different behaviours that we have in our plugin WPeMatico by reading different feeds.

I can't give too much technical details, but we're attending so much tickets of lot of users with problems using the Simplepie 1.3.1 included in WordPress that we solved just by using the new version 1.5 or newer.

Almost all the new things we found in the 1.5 version (already to download in simplepie.org) was related with fixed issues and improvements. (https://github.com/simplepie/simplepie/releases)

Using 1.3.1 included in WP, some of the feeds with problem are solved with force_feed and others by changing to a known User-agent. (But in 1.5 works by default)

There are feeds giving different errors in 1.3.1 than 1.5. And some of them work well in 1.5 and not in 1.3 (1.3 tried with and without force_feed)

For example http://thenationonlineng.net/feed/
Works well with 1.5.

1.3.1 = ERROR: The feed http://thenationonlineng.net/feed/ cannot be parsed. Simplepie said: This XML document is invalid, likely due to invalid characters. XML error: Reserved XML Name at line 2, column 38

Many errors that produce notices like examples below are fixed easily by using the new 1.5:

ERROR: Feed https://www.cryptocoinsnews.com/feed could not be parsed. (SimplePie said: A feed could not be found at https://www.cryptocoinsnews.com/feed. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.)

ERROR: Feed https://www.youtube.com/feeds/videos.xml?channel_id=UCCWYNcRdRteOF3wIRVeaJZQ could not be parsed. (SimplePie said: cURL error 60: SSL certificate problem: unable to get local issuer certificate)

Hope this helps.



#9 @swissspidy
15 months ago

#44309 was marked as a duplicate.

11 months ago

The latest release of SimplePie found at - https://github.com/simplepie/simplepie/releases

#10 @wpshades
11 months ago

  • Focuses SimplePie added
  • Version changed from 4.6 to 4.9.8

Hi everyone!

I have just submitted a patch that includes the latest release of SimplePie(1.5.2).
If there's any way in which I can help test this out, please let me know.


#11 follow-up: @dmenard
10 months ago


I would like to second this request.

With WP 4.9.8 and PHP 7.2, the WordPress RSS widget generates many warnings like this:

Warning: A non-numeric value encountered in wordpress\wp-includes\SimplePie\Parse\Date.php on line 694

10	SimplePie->get_items( $start = ???, $end = ??? )			...\class-simplepie.php:2812
11	SimplePie_Item->get_date( $date_format = 'U' )				...\class-simplepie.php:2925
12	SimplePie_Parse_Date->parse( $date = '2018-10-02T08:38:56Z' )		...\Item.php:773
13	SimplePie_Parse_Date->date_w3cdtf( $date = '2018-10-02T08:38:56Z' )	...\Date.php:603

These are caused by the way SimplePie 1.3.1 parses dates and by the new E_WARNINGs introduced in PHP 7.1.

A simple fix for this has been made in july 2016 and is included since SimplePie 1.4.2.

So upgrading SimplePie to the latest version would solve these warnings.


#12 in reply to: ↑ 11 @miunosoft
10 months ago

Just in case for someone who are facing this issue and need to get away from the warnings without modifying the core, here is a plugin, Fix - SimplePie Errors: https://github.com/michaeluno/_fix-simplepie-errors).

#13 @pento
9 months ago

#45436 was marked as a duplicate.

#14 @Znuff
8 months ago

This bug has been present for years and it affects all production websites on current PHP versions.

There have been patches submitted, people even made plugins.

How come this is taking so long to be adopted in the core?

It's spamming our servers logs so hard that we ended up at 3GB in 3 days. It's incredible.

This ticket was mentioned in Slack in #core by dshanske. View the logs.

8 months ago

#16 @pento
7 months ago

#42684 was marked as a duplicate.

#17 @pento
7 months ago

  • Milestone changed from Awaiting Review to 5.2
  • Version 4.9.8 deleted

PHP 5.2 support was dropped in SimplePie 1.4, 1.5 requires PHP 5.3+.

I'm moving this to the 5.2 milestone, when we'll be bumping WordPress' minimum PHP version to 5.6.

#18 @knutsp
5 months ago

#42515 was marked as a duplicate.

#19 @desrosj
5 months ago

  • Keywords early needs-refresh added
  • Milestone changed from 5.2 to 5.3

5.2 beta is in less than 2 days. The latest patch needs to be refreshed to apply cleanly to trunk, and this needs to be tested. Punting to 5.3.

@rmccue do you have any thoughts about this?

#20 @dshanske
5 months ago

@rmccue was assigned this task 3 years ago and has not commented on this or noted his acceptance of the assignment. Can I suggest that, if he is occupied with other things, this revert to unassigned in the hopes someone else will take this on?

#21 @rmccue
5 months ago

  • Owner rmccue deleted

@Hareesh Pillai
3 months ago

Adding refreshed patch

#22 @Hareesh Pillai
3 months ago

  • Keywords needs-testing added; needs-refresh removed

#23 @elexem
2 months ago

not sure I understand the implications of the latest entries in this thread.
Can we expect the error-causing-behaviour to go away sometime soon? Looking into /wp-includes/SimplePie seems to still be on ver 1.3.1 while https://github.com/simplepie/simplepie/releases/ lists 1.5.2 as released early Aug 2018 - so perhaps I'm too incompetent to grasp the monumental hindrances impeding adapting that.
Either way, it would be nice if that could be mended; the nuisant oversight pelts us with error lines we could clearly do without; 91953 in the last cycle.


#24 @dshanske
2 months ago

No one with privileges to commit wants to take ownership of it.

#25 @Znuff
2 months ago

How about mark this as a BUG instead of an "enhancement" and mark it as a blocker?

The amount of pussyfooting around this issue is astounding.

At this rate, I'm gonna have to patch that file manually until Wordpress 8.0. And I'm sick of patching it every release.

#26 @elexem
2 months ago

I'll have to agree with @Znuff here.

+1 :/

#27 @dshanske
2 months ago

  • Type changed from enhancement to defect (bug)

Okay. I will classify it as a bug...

Note: See TracTickets for help on using tickets.