diff --git a/CHANGELOG.md b/CHANGELOG.md index e42dc0a..5d3d97e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.4.1] - 2026-02-02 + +### Fixed + +- **Critical memory leak** causing "Allowed memory size exhausted" errors in Twig's StagingExtension + - Root cause: `apply_filters('the_content')` in `get_post_data()` triggered shortcode processing, causing infinite recursion when post content contained FediStream shortcodes + - Added recursion depth tracking with `MAX_RECURSION_DEPTH = 3` to prevent runaway nesting + - Nested items now skip `the_content` filter, using `wp_kses_post()` instead + - Nested data loading (albums within artists, tracks within albums) is now properly bounded + +### Changed + +- Made `get_artist_data()`, `get_album_data()`, `get_track_data()`, and `get_playlist_data()` public methods in TemplateLoader (previously private but called externally) +- These methods now accept both `int` post IDs and `WP_Post` objects for flexibility +- Added `$load_nested` parameter to control whether nested items are fully loaded or just counted + ## [0.4.0] - 2026-01-29 ### Added @@ -191,7 +207,8 @@ Initial release of WP FediStream - a WordPress plugin for streaming music over A --- -[Unreleased]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.0...HEAD +[Unreleased]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.1...HEAD +[0.4.1]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.0...v0.4.1 [0.4.0]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.3.0...v0.4.0 [0.3.0]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.2.0...v0.3.0 [0.2.0]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.1.1...v0.2.0 diff --git a/includes/Frontend/TemplateLoader.php b/includes/Frontend/TemplateLoader.php index 936a5e9..32be4c7 100644 --- a/includes/Frontend/TemplateLoader.php +++ b/includes/Frontend/TemplateLoader.php @@ -21,6 +21,20 @@ if ( ! defined( 'ABSPATH' ) ) { */ class TemplateLoader { + /** + * Recursion depth for get_post_data calls. + * + * @var int + */ + private static int $recursion_depth = 0; + + /** + * Maximum allowed recursion depth. + * + * @var int + */ + private const MAX_RECURSION_DEPTH = 3; + /** * Constructor. */ @@ -191,14 +205,21 @@ class TemplateLoader { /** * Get post data for template. * - * @param \WP_Post $post Post object. + * @param \WP_Post $post Post object. + * @param bool $skip_nested Whether to skip loading nested items (albums, tracks, etc.). * @return array Post data. */ - public static function get_post_data( \WP_Post $post ): array { + public static function get_post_data( \WP_Post $post, bool $skip_nested = false ): array { + // Track recursion to prevent infinite loops from shortcodes in content. + ++self::$recursion_depth; + + // At depth > 1, skip the_content filter to prevent shortcode recursion. + $is_nested = self::$recursion_depth > 1; + $data = array( 'id' => $post->ID, 'title' => get_the_title( $post ), - 'content' => apply_filters( 'the_content', $post->post_content ), + 'content' => $is_nested ? wp_kses_post( $post->post_content ) : apply_filters( 'the_content', $post->post_content ), 'excerpt' => get_the_excerpt( $post ), 'permalink' => get_permalink( $post ), 'thumbnail' => get_the_post_thumbnail_url( $post->ID, 'large' ), @@ -206,19 +227,21 @@ class TemplateLoader { 'author' => get_the_author_meta( 'display_name', $post->post_author ), ); - // Add post type specific data. + // Add post type specific data (skip nested items if at max depth). + $load_nested = ! $skip_nested && self::$recursion_depth < self::MAX_RECURSION_DEPTH; + switch ( $post->post_type ) { case 'fedistream_artist': - $data = array_merge( $data, self::get_artist_data( $post->ID ) ); + $data = array_merge( $data, self::get_artist_data( $post->ID, $load_nested ) ); break; case 'fedistream_album': - $data = array_merge( $data, self::get_album_data( $post->ID ) ); + $data = array_merge( $data, self::get_album_data( $post->ID, $load_nested ) ); break; case 'fedistream_track': $data = array_merge( $data, self::get_track_data( $post->ID ) ); break; case 'fedistream_playlist': - $data = array_merge( $data, self::get_playlist_data( $post->ID ) ); + $data = array_merge( $data, self::get_playlist_data( $post->ID, $load_nested ) ); break; } @@ -226,16 +249,23 @@ class TemplateLoader { $data['genres'] = self::get_terms( $post->ID, 'fedistream_genre' ); $data['moods'] = self::get_terms( $post->ID, 'fedistream_mood' ); + --self::$recursion_depth; + return $data; } /** * Get artist-specific data. * - * @param int $post_id Post ID. + * @param int|\WP_Post $post_id Post ID or WP_Post object. + * @param bool $load_nested Whether to load nested albums. * @return array Artist data. */ - private static function get_artist_data( int $post_id ): array { + public static function get_artist_data( int|\WP_Post $post_id, bool $load_nested = true ): array { + // Support both post ID and WP_Post object. + if ( $post_id instanceof \WP_Post ) { + $post_id = $post_id->ID; + } $type = get_post_meta( $post_id, '_fedistream_artist_type', true ) ?: 'solo'; $types = array( 'solo' => __( 'Solo Artist', 'wp-fedistream' ), @@ -244,23 +274,48 @@ class TemplateLoader { 'collective' => __( 'Collective', 'wp-fedistream' ), ); - $albums = get_posts( - array( - 'post_type' => 'fedistream_album', - 'posts_per_page' => -1, - 'post_status' => 'publish', - 'meta_key' => '_fedistream_album_artist', - 'meta_value' => $post_id, - 'orderby' => 'meta_value', - 'meta_query' => array( - array( - 'key' => '_fedistream_album_release_date', - 'compare' => 'EXISTS', + $albums = array(); + $album_count = 0; + + if ( $load_nested ) { + $album_posts = get_posts( + array( + 'post_type' => 'fedistream_album', + 'posts_per_page' => -1, + 'post_status' => 'publish', + 'meta_key' => '_fedistream_album_artist', + 'meta_value' => $post_id, + 'orderby' => 'meta_value', + 'meta_query' => array( + array( + 'key' => '_fedistream_album_release_date', + 'compare' => 'EXISTS', + ), ), - ), - 'order' => 'DESC', - ) - ); + 'order' => 'DESC', + ) + ); + $album_count = count( $album_posts ); + $albums = array_map( + function ( $album ) { + return self::get_post_data( $album, true ); // Skip further nesting. + }, + $album_posts + ); + } else { + // Just get the count without loading full data. + $album_count = (int) get_posts( + array( + 'post_type' => 'fedistream_album', + 'posts_per_page' => -1, + 'post_status' => 'publish', + 'meta_key' => '_fedistream_album_artist', + 'meta_value' => $post_id, + 'fields' => 'ids', + ) + ); + $album_count = is_array( $album_count ) ? count( $album_count ) : 0; + } return array( 'artist_type' => $type, @@ -270,18 +325,23 @@ class TemplateLoader { 'website' => get_post_meta( $post_id, '_fedistream_artist_website', true ), 'social_links' => get_post_meta( $post_id, '_fedistream_artist_social_links', true ) ?: array(), 'members' => get_post_meta( $post_id, '_fedistream_artist_members', true ) ?: array(), - 'albums' => array_map( array( __CLASS__, 'get_post_data' ), $albums ), - 'album_count' => count( $albums ), + 'albums' => $albums, + 'album_count' => $album_count, ); } /** * Get album-specific data. * - * @param int $post_id Post ID. + * @param int|\WP_Post $post_id Post ID or WP_Post object. + * @param bool $load_nested Whether to load nested tracks. * @return array Album data. */ - private static function get_album_data( int $post_id ): array { + public static function get_album_data( int|\WP_Post $post_id, bool $load_nested = true ): array { + // Support both post ID and WP_Post object. + if ( $post_id instanceof \WP_Post ) { + $post_id = $post_id->ID; + } $type = get_post_meta( $post_id, '_fedistream_album_type', true ) ?: 'album'; $types = array( 'album' => __( 'Album', 'wp-fedistream' ), @@ -293,24 +353,49 @@ class TemplateLoader { ); $artist_id = get_post_meta( $post_id, '_fedistream_album_artist', true ); - $tracks = get_posts( - array( - 'post_type' => 'fedistream_track', - 'posts_per_page' => -1, - 'post_status' => 'publish', - 'meta_key' => '_fedistream_track_album', - 'meta_value' => $post_id, - 'orderby' => 'meta_value_num', - 'meta_query' => array( - 'relation' => 'AND', - array( - 'key' => '_fedistream_track_number', - 'compare' => 'EXISTS', + $tracks = array(); + $total_tracks = 0; + + if ( $load_nested ) { + $track_posts = get_posts( + array( + 'post_type' => 'fedistream_track', + 'posts_per_page' => -1, + 'post_status' => 'publish', + 'meta_key' => '_fedistream_track_album', + 'meta_value' => $post_id, + 'orderby' => 'meta_value_num', + 'meta_query' => array( + 'relation' => 'AND', + array( + 'key' => '_fedistream_track_number', + 'compare' => 'EXISTS', + ), ), - ), - 'order' => 'ASC', - ) - ); + 'order' => 'ASC', + ) + ); + $total_tracks = count( $track_posts ); + $tracks = array_map( + function ( $track ) { + return self::get_post_data( $track, true ); // Skip further nesting. + }, + $track_posts + ); + } else { + // Just get the count without loading full data. + $track_ids = get_posts( + array( + 'post_type' => 'fedistream_track', + 'posts_per_page' => -1, + 'post_status' => 'publish', + 'meta_key' => '_fedistream_track_album', + 'meta_value' => $post_id, + 'fields' => 'ids', + ) + ); + $total_tracks = is_array( $track_ids ) ? count( $track_ids ) : 0; + } return array( 'album_type' => $type, @@ -322,19 +407,23 @@ class TemplateLoader { 'artist_url' => $artist_id ? get_permalink( $artist_id ) : '', 'upc' => get_post_meta( $post_id, '_fedistream_album_upc', true ), 'catalog_number' => get_post_meta( $post_id, '_fedistream_album_catalog_number', true ), - 'total_tracks' => count( $tracks ), + 'total_tracks' => $total_tracks, 'total_duration' => (int) get_post_meta( $post_id, '_fedistream_album_total_duration', true ), - 'tracks' => array_map( array( __CLASS__, 'get_post_data' ), $tracks ), + 'tracks' => $tracks, ); } /** * Get track-specific data. * - * @param int $post_id Post ID. + * @param int|\WP_Post $post_id Post ID or WP_Post object. * @return array Track data. */ - private static function get_track_data( int $post_id ): array { + public static function get_track_data( int|\WP_Post $post_id ): array { + // Support both post ID and WP_Post object. + if ( $post_id instanceof \WP_Post ) { + $post_id = $post_id->ID; + } $album_id = get_post_meta( $post_id, '_fedistream_track_album', true ); $audio_file = get_post_meta( $post_id, '_fedistream_track_audio_file', true ); $artists = get_post_meta( $post_id, '_fedistream_track_artists', true ) ?: array(); @@ -374,16 +463,21 @@ class TemplateLoader { /** * Get playlist-specific data. * - * @param int $post_id Post ID. + * @param int|\WP_Post $post_id Post ID or WP_Post object. + * @param bool $load_nested Whether to load nested tracks. * @return array Playlist data. */ - private static function get_playlist_data( int $post_id ): array { + public static function get_playlist_data( int|\WP_Post $post_id, bool $load_nested = true ): array { + // Support both post ID and WP_Post object. + if ( $post_id instanceof \WP_Post ) { + $post_id = $post_id->ID; + } global $wpdb; - $table = $wpdb->prefix . 'fedistream_playlist_tracks'; + $table = $wpdb->prefix . 'fedistream_playlist_tracks'; $duration = (int) get_post_meta( $post_id, '_fedistream_playlist_total_duration', true ); - // Get tracks. + // Get track IDs. // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching $track_ids = $wpdb->get_col( $wpdb->prepare( @@ -392,11 +486,15 @@ class TemplateLoader { ) ); - $tracks = array(); - foreach ( $track_ids as $track_id ) { - $track = get_post( $track_id ); - if ( $track && 'publish' === $track->post_status ) { - $tracks[] = self::get_post_data( $track ); + $tracks = array(); + $track_count = count( $track_ids ); + + if ( $load_nested && ! empty( $track_ids ) ) { + foreach ( $track_ids as $track_id ) { + $track = get_post( $track_id ); + if ( $track && 'publish' === $track->post_status ) { + $tracks[] = self::get_post_data( $track, true ); // Skip further nesting. + } } } @@ -404,7 +502,7 @@ class TemplateLoader { 'visibility' => get_post_meta( $post_id, '_fedistream_playlist_visibility', true ) ?: 'public', 'collaborative' => (bool) get_post_meta( $post_id, '_fedistream_playlist_collaborative', true ), 'federated' => (bool) get_post_meta( $post_id, '_fedistream_playlist_federated', true ), - 'track_count' => count( $tracks ), + 'track_count' => $load_nested ? count( $tracks ) : $track_count, 'total_duration' => $duration, 'duration_formatted' => $duration >= 3600 ? sprintf( '%d:%02d:%02d', floor( $duration / 3600 ), floor( ( $duration % 3600 ) / 60 ), $duration % 60 ) diff --git a/wp-fedistream.php b/wp-fedistream.php index 3c7d906..91d3fc9 100644 --- a/wp-fedistream.php +++ b/wp-fedistream.php @@ -3,7 +3,7 @@ * Plugin Name: WP FediStream * Plugin URI: https://src.bundespruefstelle.ch/magdev/wp-fedistream * Description: Stream music over ActivityPub - Build your own music streaming platform for Musicians and Labels. - * Version: 0.4.0 + * Version: 0.4.1 * Requires at least: 6.4 * Requires PHP: 8.3 * Author: Marco Graetsch @@ -26,7 +26,7 @@ if ( ! defined( 'ABSPATH' ) ) { * * @var string */ -define( 'WP_FEDISTREAM_VERSION', '0.4.0' ); +define( 'WP_FEDISTREAM_VERSION', '0.4.1' ); /** * Plugin file path.