fix: Multi-layer protection against Twig rendering recursion

- Added render depth tracking in Plugin::render() with max depth of 5
- Strip shortcodes from content when in shortcode context
- Prevents any later do_shortcode() calls from triggering recursion

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

includes/Plugin.php

@@ -55,6 +55,20 @@ final class Plugin {
      */
     private ?\Twig\Environment $twig = null;
 
+    /**
+     * Current Twig render depth to prevent infinite recursion.
+     *
+     * @var int
+     */
+    private static int $render_depth = 0;
+
+    /**
+     * Maximum allowed Twig render depth.
+     *
+     * @var int
+     */
+    private const MAX_RENDER_DEPTH = 5;
+
     /**
      * Post type instances.
      *
@@ -843,7 +857,20 @@ final class Plugin {
      * @return string Rendered template.
      */
     public function render( string $template, array $context = array() ): string {
-        return $this->twig->render( $template . '.twig', $context );
+        // Prevent infinite recursion in Twig rendering.
+        if ( self::$render_depth >= self::MAX_RENDER_DEPTH ) {
+            return '<!-- FediStream: render depth exceeded -->';
+        }
+
+        ++self::$render_depth;
+
+        try {
+            $result = $this->twig->render( $template . '.twig', $context );
+        } finally {
+            --self::$render_depth;
+        }
+
+        return $result;
     }
 
     /**