ClassicPress PetitionsClassicPress Petitions
This is a read-only archive. Post or comment on the live version of this page on our forums.

Remove post via e-mail

June 17, 2019 · 07:55 · ALS
Description

Please move this to a plugin.
Business sites are very unlikely to post from e-mail.
People who do need this feature should of course still be able to access it, but for the vast majority it is an attack vector that we don't want / need and currently need to secure with more code.
Thanks for reading.

Voters
+18 more
Discussion
James Nylen

+1 on moving this out to a core plugin.

James Walker

+1 move to plugin.

Jason

+1 removing this to a plugin

William Patton

+1 on disabled by default. Does it need ported out to a plugin though? That would add additional overhead to runtime and extra unnecessary steps for users that did choose to use this feature.

Laurence Bahiirwa

William would you suggest a checkbox in the options page?

James Nylen

Yes, this should be moved out to a core plugin as defined in our v2 roadmap. This way it is consistent with other similar features, and the code involved can be completely removed if it is not needed.

The runtime overhead is minimal, and there is not an extra step so much as it is different (deactivate the core plugin for this feature, which may be on a separate screen or at least have its own filter in the plugins list).

Deleting the plugin entirely would be an extra step, but this isn't possible if it's just an option.

Jesse

Agreed, and it has nothing to do with being a Business-focused CMS either. It's simply a feature that 90% or more of users don't use, so its creating a security and performance issue with no obvious benefits.