From 35ad390aebf3a886f94fac6869b899b8e8a89411 Mon Sep 17 00:00:00 2001
From: magdev <magdev3.0@gmail.com>
Date: Mon, 2 Feb 2026 19:59:04 +0100
Subject: [PATCH] fix: Nuclear option - never apply the_content filter

- get_post_data() now ALWAYS strips shortcodes and uses raw content
- Never calls apply_filters('the_content') or get_the_excerpt()
- FediStream posts don't need shortcode processing in content
- This guarantees no recursion through WordPress hook system

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 CHANGELOG.md                         | 13 ++++++++++-
 includes/Frontend/TemplateLoader.php | 33 +++++++++-------------------
 wp-fedistream.php                    |  4 ++--
 3 files changed, 24 insertions(+), 26 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 03d8860..7c27b36 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.8] - 2026-02-02
+
+### Fixed
+
+- **Nuclear option: NEVER apply the_content filter** - Completely removed the_content filter usage
+  - `get_post_data()` now ALWAYS strips shortcodes and uses raw content
+  - NEVER calls `apply_filters('the_content', ...)` or `get_the_excerpt()`
+  - FediStream posts don't need shortcode processing in their content anyway
+  - This guarantees no recursion through WordPress hook system
+
 ## [0.4.7] - 2026-02-02
 
 ### Fixed
@@ -264,7 +274,8 @@ Initial release of WP FediStream - a WordPress plugin for streaming music over A
 
 ---
 
-[Unreleased]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.7...HEAD
+[Unreleased]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.8...HEAD
+[0.4.8]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.7...v0.4.8
 [0.4.7]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.6...v0.4.7
 [0.4.6]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.5...v0.4.6
 [0.4.5]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.4...v0.4.5
diff --git a/includes/Frontend/TemplateLoader.php b/includes/Frontend/TemplateLoader.php
index 4f3787e..df6dbd2 100644
--- a/includes/Frontend/TemplateLoader.php
+++ b/includes/Frontend/TemplateLoader.php
@@ -289,31 +289,18 @@ class TemplateLoader {
         // Track recursion to prevent infinite loops from shortcodes in content.
         ++self::$recursion_depth;
 
-        // Skip the_content filter if:
-        // 1. We're in a shortcode context (prevents recursive shortcode processing)
-        // 2. We're at depth > 1 (nested data loading)
-        $skip_content_filter = self::$shortcode_context_depth > 0 || self::$recursion_depth > 1;
-
-        // When skipping content filter, also use raw excerpt to avoid get_the_excerpt()
-        // triggering the_content filter internally when generating auto-excerpts.
-        if ( $skip_content_filter ) {
-            $excerpt = $post->post_excerpt;
-            if ( empty( $excerpt ) ) {
-                // Generate a simple excerpt without triggering the_content filter.
-                $excerpt = wp_trim_words( wp_strip_all_tags( $post->post_content ), 55, '&hellip;' );
-            }
-        } else {
-            $excerpt = get_the_excerpt( $post );
+        // ALWAYS skip the_content filter to prevent any possible recursion.
+        // FediStream posts don't need shortcode processing in their content.
+        // This is the nuclear option but it guarantees no recursion.
+        $excerpt = $post->post_excerpt;
+        if ( empty( $excerpt ) ) {
+            // Generate a simple excerpt without triggering the_content filter.
+            $excerpt = wp_trim_words( wp_strip_all_tags( $post->post_content ), 55, '&hellip;' );
         }
 
-        // When skipping content filter, also strip shortcodes to prevent them from
-        // being processed by anything else that might call do_shortcode on the output.
-        if ( $skip_content_filter ) {
-            $content = strip_shortcodes( $post->post_content );
-            $content = wp_kses_post( $content );
-        } else {
-            $content = apply_filters( 'the_content', $post->post_content );
-        }
+        // Strip shortcodes and sanitize content - never apply the_content filter.
+        $content = strip_shortcodes( $post->post_content );
+        $content = wp_kses_post( $content );
 
         $data = array(
             'id'        => $post->ID,
diff --git a/wp-fedistream.php b/wp-fedistream.php
index a304187..2515f57 100644
--- a/wp-fedistream.php
+++ b/wp-fedistream.php
@@ -3,7 +3,7 @@
  * Plugin Name: WP FediStream
  * Plugin URI: https://src.bundespruefstelle.ch/magdev/wp-fedistream
  * Description: Stream music over ActivityPub - Build your own music streaming platform for Musicians and Labels.
- * Version: 0.4.6
+ * Version: 0.4.8
  * Requires at least: 6.4
  * Requires PHP: 8.3
  * Author: Marco Graetsch
@@ -26,7 +26,7 @@ if ( ! defined( 'ABSPATH' ) ) {
  *
  * @var string
  */
-define( 'WP_FEDISTREAM_VERSION', '0.4.7' );
+define( 'WP_FEDISTREAM_VERSION', '0.4.8' );
 
 /**
  * Plugin file path.