magdev/wp-fedistream
1
Fork 0
Code Issues Pull Requests Actions Releases 12 Activity

Compare commits

base: magdev:v0.4.0
Branches Tags
magdev:main magdev:dev
magdev:v0.6.0 magdev:v0.5.1 magdev:v0.5.0 magdev:v0.4.9 magdev:v0.4.8 magdev:v0.4.7 magdev:v0.4.6 magdev:v0.4.5 magdev:v0.4.4 magdev:v0.4.3 magdev:v0.4.2 magdev:v0.4.1 magdev:v0.4.0 magdev:v0.3.0 magdev:v0.2.0 magdev:v0.1.1 magdev:v0.1.0
..
compare: magdev:v0.4.9
Branches Tags
magdev:dev magdev:main
magdev:v0.6.0 magdev:v0.5.1 magdev:v0.5.0 magdev:v0.4.9 magdev:v0.4.8 magdev:v0.4.7 magdev:v0.4.6 magdev:v0.4.5 magdev:v0.4.4 magdev:v0.4.3 magdev:v0.4.2 magdev:v0.4.1 magdev:v0.4.0 magdev:v0.3.0 magdev:v0.2.0 magdev:v0.1.1 magdev:v0.1.0

13 Commits
v0.4.0 ... v0.4.9

Author SHA1 Message Date
magdev
bdc11d8769 revert: Restore conditional the_content filter usage
All checks were successful
Create Release Package / build-release (push) Successful in 1m1s
Details 
- Reverted nuclear option from v0.4.8
- get_post_data() now uses the_content filter conditionally
- All other protections remain in place
- Memory leak investigation to be continued later

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 20:05:59 +01:00
magdev
35ad390aeb fix: Nuclear option - never apply the_content filter
All checks were successful
Create Release Package / build-release (push) Successful in 1m2s
Details 
- get_post_data() now ALWAYS strips shortcodes and uses raw content
- Never calls apply_filters('the_content') or get_the_excerpt()
- FediStream posts don't need shortcode processing in content
- This guarantees no recursion through WordPress hook system

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 19:59:04 +01:00
magdev
b592e45d58 fix: Hard main template rendering lock
Some checks failed
Create Release Package / build-release (push) Failing after 53s
Details 
- Added $rendering_main_template flag that blocks all other renders
- Reduced MAX_RENDER_DEPTH from 5 to 2
- template-wrapper.php passes is_main_template=true to enable hard lock
- Any render attempt during main template rendering is blocked

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 19:55:23 +01:00
magdev
a41eddbc49 fix: Block shortcode rendering during page template loading
All checks were successful
Create Release Package / build-release (push) Successful in 1m2s
Details 
- Added $loading_page_template flag in TemplateLoader
- template-wrapper.php sets flag before loading theme header/footer
- Shortcodes::render_template() returns early if flag is set
- Prevents recursion from theme components, widgets, or other plugins

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 17:09:16 +01:00
magdev
eb85870909 fix: Multi-layer protection against Twig rendering recursion
All checks were successful
Create Release Package / build-release (push) Successful in 57s
Details 
- Added render depth tracking in Plugin::render() with max depth of 5
- Strip shortcodes from content when in shortcode context
- Prevents any later do_shortcode() calls from triggering recursion

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 17:04:38 +01:00
magdev
6988e49287 fix: Prevent get_the_excerpt() from triggering the_content filter
All checks were successful
Create Release Package / build-release (push) Successful in 58s
Details 
- get_the_excerpt() internally calls the_content filter when generating auto-excerpts
- When in shortcode context, now uses raw post_excerpt or wp_trim_words() instead
- This was the remaining recursion path causing memory exhaustion

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 16:56:52 +01:00
magdev
166a5e6f7c fix: Complete memory leak fix for shortcode context handling
All checks were successful
Create Release Package / build-release (push) Successful in 58s
Details 
- Changed shortcode context from boolean to depth counter for nested shortcodes
- Added shortcode context protection to template-wrapper.php for single page views
- Fixes remaining recursion path in single FediStream post views

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 16:52:13 +01:00
magdev
fedab21c2a fix: Complete memory leak fix with shortcode context tracking
All checks were successful
Create Release Package / build-release (push) Successful in 57s
Details 
The v0.4.1 fix was incomplete - shortcodes called get_*_data() methods
directly, bypassing the recursion tracking in get_post_data().

Changes:
- Added $in_shortcode_context flag to TemplateLoader
- Added enter/exit_shortcode_context() methods
- All shortcode render methods now enter context before data loading
- When in shortcode context, the_content filter is always skipped

This fully prevents infinite recursion when post content contains
FediStream shortcodes that would otherwise recursively render.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 16:44:51 +01:00
magdev
eaefcff9c9 fix: Critical memory leak in TemplateLoader causing OOM errors
All checks were successful
Create Release Package / build-release (push) Successful in 57s
Details 
- Added recursion depth tracking to prevent infinite loops from shortcodes in content
- Nested items now skip the_content filter, using wp_kses_post() instead
- Made get_artist_data(), get_album_data(), get_track_data(), get_playlist_data() public
- Methods now accept both int post IDs and WP_Post objects
- Added $load_nested parameter to control nested item loading

Fixes memory exhaustion in Twig's StagingExtension when post content
contains FediStream shortcodes that trigger recursive template rendering.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 16:37:43 +01:00
magdev
04201a66f8 docs: Update session history with CI/CD fixes 
Document all CI/CD pipeline fixes:
- Gitea API for releases (not GitHub action)
- Git submodule with relative URL
- Composer path repository
- gettext installation
- SIGPIPE fix

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 18:46:06 +01:00
magdev
8ae703787c chore: Reorder exclusions in release workflow 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 18:38:37 +01:00
magdev
c540cde0a4 docs: Update README for v0.4.0 
- Update version badge to 0.4.0
- Add CI/CD badge
- Add release package installation instructions
- Add license key section
- Add releases section
- Update from-source instructions for submodules

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 18:35:06 +01:00
magdev
d96e3e3a4d chore: Exclude .gitea and .gitmodules from release package 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 18:33:54 +01:00
9 changed files with 527 additions and 80 deletions
Expand all files Collapse all files

2
.gitea/workflows/release.yml
View File

@@ -78,6 +78,7 @@ jobs:
-x "${PLUGIN_NAME}/.github/*" \
-x "${PLUGIN_NAME}/.vscode/*" \
-x "${PLUGIN_NAME}/.claude/*" \
-x "${PLUGIN_NAME}/.gitea/*" \
-x "${PLUGIN_NAME}/CLAUDE.md" \
-x "${PLUGIN_NAME}/wp-core" \
-x "${PLUGIN_NAME}/wp-core/*" \
@@ -87,6 +88,7 @@ jobs:
-x "${PLUGIN_NAME}/composer.lock" \
-x "${PLUGIN_NAME}/*.log" \
-x "${PLUGIN_NAME}/.gitignore" \
-x "${PLUGIN_NAME}/.gitmodules" \
-x "${PLUGIN_NAME}/.editorconfig" \
-x "${PLUGIN_NAME}/phpcs.xml*" \
-x "${PLUGIN_NAME}/phpunit.xml*" \

103
CHANGELOG.md
View File

@@ -7,6 +7,98 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
## [0.4.9] - 2026-02-02
### Changed
- **Reverted nuclear option** - Restored conditional the_content filter usage
- `get_post_data()` now uses the_content filter only when NOT in shortcode context, NOT at depth > 1, and NOT loading page template
- All other protections remain in place (render depth, page template loading flag, main template lock, shortcode context)
- Memory leak investigation to be continued later
## [0.4.8] - 2026-02-02
### Fixed
- **Nuclear option: NEVER apply the_content filter** - Completely removed the_content filter usage (reverted in 0.4.9)
- `get_post_data()` now ALWAYS strips shortcodes and uses raw content
- NEVER calls `apply_filters('the_content', ...)` or `get_the_excerpt()`
- FediStream posts don't need shortcode processing in their content anyway
- This guarantees no recursion through WordPress hook system
## [0.4.7] - 2026-02-02
### Fixed
- **Hard main template rendering lock** - Added additional protection at Plugin::render() level
- Added `$rendering_main_template` flag that completely blocks any other render calls while main template is rendering
- Reduced MAX_RENDER_DEPTH from 5 to 2 (allows one level of {% include %} but prevents deeper recursion)
- template-wrapper.php now passes `is_main_template = true` to enable the hard lock
- Any render attempt during main template rendering is immediately blocked
## [0.4.6] - 2026-02-02
### Fixed
- **Page template loading lock** - Block ALL shortcode rendering during page template loading
- Added `$loading_page_template` flag in TemplateLoader
- template-wrapper.php now sets this flag before loading theme header/footer
- Shortcodes::render_template() checks this flag and returns early if set
- This prevents any recursion triggered by theme components, widgets, or other plugins during page template loading
- Main template rendering still works (uses Plugin::render() directly, not through Shortcodes)
## [0.4.5] - 2026-02-02
### Fixed
- **Multi-layer recursion protection** - Added additional safeguards against infinite Twig rendering
- Added render depth tracking in `Plugin::render()` with max depth of 5
- Strip shortcodes from content when in shortcode context (prevents any later `do_shortcode()` calls from triggering recursion)
- This addresses the Twig StagingExtension.php recursion error
## [0.4.4] - 2026-02-02
### Fixed
- **Fix excerpt-triggered recursion** - `get_the_excerpt()` internally calls `the_content` filter when generating auto-excerpts
- When in shortcode context, now uses raw `$post->post_excerpt` or generates simple excerpt with `wp_trim_words()` instead
- This was the remaining recursion path causing memory exhaustion in `class-wp-hook.php`
## [0.4.3] - 2026-02-02
### Fixed
- **Further memory leak fix** - v0.4.2 fix was still incomplete
- Changed `$in_shortcode_context` boolean to `$shortcode_context_depth` counter to properly handle nested shortcodes
- Added shortcode context protection to `template-wrapper.php` for single page views
- This fixes the remaining recursion path where `the_content` filter was still being applied when viewing single FediStream posts (artists, albums, tracks, playlists)
## [0.4.2] - 2026-02-02
### Fixed
- **Complete fix for memory leak** - v0.4.1 fix was incomplete
- Added `$in_shortcode_context` flag to TemplateLoader to track when we're rendering shortcodes
- All shortcode render methods now call `enter_shortcode_context()` before loading data
- When in shortcode context, `the_content` filter is always skipped to prevent recursive shortcode processing
- This prevents infinite recursion when post content contains FediStream shortcodes
## [0.4.1] - 2026-02-02
### Fixed
- **Critical memory leak** causing "Allowed memory size exhausted" errors in Twig's StagingExtension
- Root cause: `apply_filters('the_content')` in `get_post_data()` triggered shortcode processing, causing infinite recursion when post content contained FediStream shortcodes
- Added recursion depth tracking with `MAX_RECURSION_DEPTH = 3` to prevent runaway nesting
- Nested items now skip `the_content` filter, using `wp_kses_post()` instead
- Nested data loading (albums within artists, tracks within albums) is now properly bounded
### Changed
- Made `get_artist_data()`, `get_album_data()`, `get_track_data()`, and `get_playlist_data()` public methods in TemplateLoader (previously private but called externally)
- These methods now accept both `int` post IDs and `WP_Post` objects for flexibility
- Added `$load_nested` parameter to control whether nested items are fully loaded or just counted
## [0.4.0] - 2026-01-29
### Added
@@ -191,7 +283,16 @@ Initial release of WP FediStream - a WordPress plugin for streaming music over A
---
[Unreleased]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.0...HEAD
[Unreleased]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.9...HEAD
[0.4.9]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.8...v0.4.9
[0.4.8]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.7...v0.4.8
[0.4.7]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.6...v0.4.7
[0.4.6]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.5...v0.4.6
[0.4.5]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.4...v0.4.5
[0.4.4]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.3...v0.4.4
[0.4.3]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.2...v0.4.3
[0.4.2]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.1...v0.4.2
[0.4.1]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.4.0...v0.4.1
[0.4.0]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.3.0...v0.4.0
[0.3.0]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.2.0...v0.3.0
[0.2.0]: https://src.bundespruefstelle.ch/magdev/wp-fedistream/compare/v0.1.1...v0.2.0

24
CLAUDE.md
View File

@@ -507,7 +507,7 @@ wp-fedistream/
### 2026-01-29 - CI/CD Pipeline v0.4.0
**Summary:** Added Gitea Actions workflow for automated release package creation.
**Summary:** Added Gitea Actions workflow for automated release package creation with multiple iterations to fix CI issues.
**Features:**
@@ -520,23 +520,35 @@ wp-fedistream/
- SHA256 checksum generation
- Package structure verification
- Changelog extraction for release notes
- Automatic Gitea release creation with attachments
- Automatic Gitea release creation via API
- Pre-release detection for tags containing `-`
**Files Created:**
- `.gitea/workflows/release.yml` - CI/CD release pipeline
- `.gitmodules` - Git submodule configuration
- `lib/wc-licensed-product-client/` - Submodule for private dependency
**Files Modified:**
- `CLAUDE.md` - Added CI/CD documentation and updated directory structure
- `CHANGELOG.md` - Added v0.4.0 entry
- `wp-fedistream.php` - Version bump to 0.4.0
- `composer.json` - Changed to path repository for submodule
- `README.md` - Updated for v0.4.0, added release/installation docs
**CI/CD Fixes Applied:**
1. `actions/gitea-release-action@v1` doesn't exist - use Gitea API directly with curl
2. Private repo network issue - use git submodule with relative URL (`../wc-licensed-product-client.git`)
3. Composer path repository for submodule dependency
4. `msgfmt` not found - install gettext package
5. SIGPIPE error (exit 141) - use `set +o pipefail` and `|| true`
**Notes:**
- Requires `GITEA_TOKEN` secret configured in repository settings
- Requires `SRC_GITEA_TOKEN` secret configured in repository settings
- Uses `shivammathur/setup-php@v2` for PHP setup
- Uses `actions/gitea-release-action@v1` for release creation
- Compatible with GitHub Actions syntax
- User simplified checksums to SHA256 only (removed MD5)
- Uses Gitea API directly for release creation (not GitHub Actions)
- Submodule uses relative URL for CI compatibility
- Composer symlinks from `lib/wc-licensed-product-client` to vendor

41
README.md
View File

@@ -2,10 +2,11 @@
Stream music over ActivityPub - Build your own music streaming platform for Musicians and Labels.
[![Version](https://img.shields.io/badge/version-0.2.0-blue.svg)](CHANGELOG.md)
[![Version](https://img.shields.io/badge/version-0.4.0-blue.svg)](CHANGELOG.md)
[![PHP](https://img.shields.io/badge/PHP-%3E%3D8.3-purple.svg)](https://php.net)
[![WordPress](https://img.shields.io/badge/WordPress-%3E%3D6.4-blue.svg)](https://wordpress.org)
[![License](https://img.shields.io/badge/license-GPL--2.0%2B-green.svg)](https://www.gnu.org/licenses/gpl-2.0.html)
[![CI/CD](https://img.shields.io/badge/CI%2FCD-Gitea%20Actions-green.svg)](https://src.bundespruefstelle.ch/magdev/wp-fedistream/actions)
## Description
@@ -31,29 +32,47 @@ WP FediStream is a WordPress plugin that enables musicians, bands, and labels to
- PHP 8.3 or higher
- WordPress 6.4 or higher
- Composer (for development/installation)
- Valid license key (required for frontend features)
### Optional
- [ActivityPub Plugin](https://wordpress.org/plugins/activitypub/) - For Fediverse integration
- [WooCommerce](https://woocommerce.com/) 10.0+ - For selling music
## License Key
WP FediStream requires a valid license key for frontend functionality (player, shortcodes, ActivityPub). The admin dashboard works without a license, allowing you to configure the plugin before activation.
To obtain a license key, contact the author or purchase from the official website.
## Installation
### From Source
### From Release Package (Recommended)
1. Clone or download the repository to your WordPress plugins directory:
1. Download the latest release from the [Releases page](https://src.bundespruefstelle.ch/magdev/wp-fedistream/releases)
2. Upload the ZIP file via **Plugins > Add New > Upload Plugin** in WordPress admin
3. Activate the plugin under **Plugins > Installed Plugins**
4. Navigate to **FediStream > Settings** and enter your license key
5. Start using the plugin via the **FediStream** admin menu
### From Source (Development)
1. Clone the repository to your WordPress plugins directory:
```bash
cd wp-content/plugins/
git clone https://src.bundespruefstelle.ch/magdev/wp-fedistream.git
git clone --recurse-submodules https://src.bundespruefstelle.ch/magdev/wp-fedistream.git
```
2. Install Composer dependencies:
```bash
cd wp-fedistream
composer install --no-dev
composer install
```
3. Activate the plugin in WordPress admin under **Plugins > Installed Plugins**
@@ -133,6 +152,16 @@ wp-fedistream/
└── wp-fedistream.php # Plugin entry point
```
## Releases
Release packages are automatically built via Gitea Actions when a version tag is pushed. Each release includes:
- Production-ready ZIP package with all dependencies
- SHA256 checksum for verification
- Changelog notes extracted from CHANGELOG.md
Download releases from: <https://src.bundespruefstelle.ch/magdev/wp-fedistream/releases>
## Contributing
This project is in early development. Contributions, bug reports, and feature requests are welcome.

44
includes/Frontend/Shortcodes.php
View File

@@ -81,6 +81,9 @@ class Shortcodes {
* @return string
*/
public function render_artist( array $atts ): string {
// Enter shortcode context to prevent recursive shortcode processing during data loading.
TemplateLoader::enter_shortcode_context();
$atts = shortcode_atts(
array(
'id' => 0,
@@ -95,6 +98,7 @@ class Shortcodes {
$post = $this->get_post( $atts, 'fedistream_artist' );
if ( ! $post ) {
TemplateLoader::exit_shortcode_context();
return '';
}
@@ -119,6 +123,9 @@ class Shortcodes {
* @return string
*/
public function render_album( array $atts ): string {
// Enter shortcode context to prevent recursive shortcode processing during data loading.
TemplateLoader::enter_shortcode_context();
$atts = shortcode_atts(
array(
'id' => 0,
@@ -132,6 +139,7 @@ class Shortcodes {
$post = $this->get_post( $atts, 'fedistream_album' );
if ( ! $post ) {
TemplateLoader::exit_shortcode_context();
return '';
}
@@ -155,6 +163,9 @@ class Shortcodes {
* @return string
*/
public function render_track( array $atts ): string {
// Enter shortcode context to prevent recursive shortcode processing during data loading.
TemplateLoader::enter_shortcode_context();
$atts = shortcode_atts(
array(
'id' => 0,
@@ -168,6 +179,7 @@ class Shortcodes {
$post = $this->get_post( $atts, 'fedistream_track' );
if ( ! $post ) {
TemplateLoader::exit_shortcode_context();
return '';
}
@@ -191,6 +203,9 @@ class Shortcodes {
* @return string
*/
public function render_playlist( array $atts ): string {
// Enter shortcode context to prevent recursive shortcode processing during data loading.
TemplateLoader::enter_shortcode_context();
$atts = shortcode_atts(
array(
'id' => 0,
@@ -204,6 +219,7 @@ class Shortcodes {
$post = $this->get_post( $atts, 'fedistream_playlist' );
if ( ! $post ) {
TemplateLoader::exit_shortcode_context();
return '';
}
@@ -227,6 +243,9 @@ class Shortcodes {
* @return string
*/
public function render_latest_releases( array $atts ): string {
// Enter shortcode context to prevent recursive shortcode processing during data loading.
TemplateLoader::enter_shortcode_context();
$atts = shortcode_atts(
array(
'count' => 6,
@@ -292,6 +311,9 @@ class Shortcodes {
* @return string
*/
public function render_popular_tracks( array $atts ): string {
// Enter shortcode context to prevent recursive shortcode processing during data loading.
TemplateLoader::enter_shortcode_context();
$atts = shortcode_atts(
array(
'count' => 10,
@@ -359,6 +381,9 @@ class Shortcodes {
* @return string
*/
public function render_artists_grid( array $atts ): string {
// Enter shortcode context to prevent recursive shortcode processing during data loading.
TemplateLoader::enter_shortcode_context();
$atts = shortcode_atts(
array(
'count' => 12,
@@ -426,6 +451,9 @@ class Shortcodes {
* @return string
*/
public function render_player( array $atts ): string {
// Enter shortcode context to prevent recursive shortcode processing during data loading.
TemplateLoader::enter_shortcode_context();
$atts = shortcode_atts(
array(
'track' => 0,
@@ -471,6 +499,7 @@ class Shortcodes {
}
if ( empty( $tracks ) ) {
TemplateLoader::exit_shortcode_context();
return '';
}
@@ -523,18 +552,31 @@ class Shortcodes {
* @return string
*/
private function render_template( string $template, array $context ): string {
// Block shortcode rendering while loading page template to prevent recursion.
// This catches any shortcodes triggered by theme header/footer, widgets, etc.
if ( TemplateLoader::is_loading_page_template() ) {
return '<!-- FediStream: shortcode blocked during page template loading -->';
}
// Check for unlicensed mode.
if ( $this->unlicensed_mode ) {
return $this->get_unlicensed_message();
}
// Enter shortcode context to prevent recursive shortcode processing.
TemplateLoader::enter_shortcode_context();
try {
return $this->plugin->render( $template, $context );
$result = $this->plugin->render( $template, $context );
} catch ( \Exception $e ) {
TemplateLoader::exit_shortcode_context();
if ( WP_DEBUG ) {
return '<p class="fedistream-error">' . esc_html( $e->getMessage() ) . '</p>';
}
return '';
}
TemplateLoader::exit_shortcode_context();
return $result;
}
}

322
includes/Frontend/TemplateLoader.php
View File

@@ -21,6 +21,96 @@ if ( ! defined( 'ABSPATH' ) ) {
*/
class TemplateLoader {
/**
* Recursion depth for get_post_data calls.
*
* @var int
*/
private static int $recursion_depth = 0;
/**
* Maximum allowed recursion depth.
*
* @var int
*/
private const MAX_RECURSION_DEPTH = 3;
/**
* Shortcode rendering context depth counter.
* When > 0, the_content filter is skipped to prevent recursive shortcode processing.
* Using a counter instead of boolean to handle nested shortcodes properly.
*
* @var int
*/
private static int $shortcode_context_depth = 0;
/**
* Flag indicating we're currently loading a FediStream page template.
* This completely blocks any nested FediStream shortcode rendering.
*
* @var bool
*/
private static bool $loading_page_template = false;
/**
* Enter page template loading mode.
* This blocks ALL shortcode rendering during page template loading.
*
* @return void
*/
public static function enter_page_template_loading(): void {
self::$loading_page_template = true;
}
/**
* Exit page template loading mode.
*
* @return void
*/
public static function exit_page_template_loading(): void {
self::$loading_page_template = false;
}
/**
* Check if we're loading a page template.
*
* @return bool
*/
public static function is_loading_page_template(): bool {
return self::$loading_page_template;
}
/**
* Enter shortcode rendering context.
* Call this before rendering shortcode content to prevent recursive shortcode processing.
*
* @return void
*/
public static function enter_shortcode_context(): void {
++self::$shortcode_context_depth;
}
/**
* Exit shortcode rendering context.
* Call this after shortcode rendering is complete.
*
* @return void
*/
public static function exit_shortcode_context(): void {
if ( self::$shortcode_context_depth > 0 ) {
--self::$shortcode_context_depth;
}
}
/**
* Check if we're in a shortcode rendering context.
*
* @return bool
*/
public static function is_in_shortcode_context(): bool {
return self::$shortcode_context_depth > 0;
}
/**
* Constructor.
*/
@@ -191,34 +281,69 @@ class TemplateLoader {
/**
* Get post data for template.
*
* @param \WP_Post $post Post object.
* @param \WP_Post $post Post object.
* @param bool $skip_nested Whether to skip loading nested items (albums, tracks, etc.).
* @return array Post data.
*/
public static function get_post_data( \WP_Post $post ): array {
public static function get_post_data( \WP_Post $post, bool $skip_nested = false ): array {
// Track recursion to prevent infinite loops from shortcodes in content.
++self::$recursion_depth;
// Skip the_content filter if:
// 1. We're in a shortcode context (prevents recursive shortcode processing)
// 2. We're at depth > 1 (nested data loading)
// 3. We're loading a page template
$skip_content_filter = self::$shortcode_context_depth > 0
|| self::$recursion_depth > 1
|| self::$loading_page_template;
// When skipping content filter, use raw excerpt to avoid get_the_excerpt()
// triggering the_content filter internally when generating auto-excerpts.
if ( $skip_content_filter ) {
$excerpt = $post->post_excerpt;
if ( empty( $excerpt ) ) {
// Generate a simple excerpt without triggering the_content filter.
$excerpt = wp_trim_words( wp_strip_all_tags( $post->post_content ), 55, '&hellip;' );
}
} else {
$excerpt = get_the_excerpt( $post );
}
// When skipping content filter, strip shortcodes to prevent them from
// being processed by anything else that might call do_shortcode on the output.
if ( $skip_content_filter ) {
$content = strip_shortcodes( $post->post_content );
$content = wp_kses_post( $content );
} else {
$content = apply_filters( 'the_content', $post->post_content );
}
$data = array(
'id' => $post->ID,
'title' => get_the_title( $post ),
'content' => apply_filters( 'the_content', $post->post_content ),
'excerpt' => get_the_excerpt( $post ),
'content' => $content,
'excerpt' => $excerpt,
'permalink' => get_permalink( $post ),
'thumbnail' => get_the_post_thumbnail_url( $post->ID, 'large' ),
'date' => get_the_date( '', $post ),
'author' => get_the_author_meta( 'display_name', $post->post_author ),
);
// Add post type specific data.
// Add post type specific data (skip nested items if at max depth).
$load_nested = ! $skip_nested && self::$recursion_depth < self::MAX_RECURSION_DEPTH;
switch ( $post->post_type ) {
case 'fedistream_artist':
$data = array_merge( $data, self::get_artist_data( $post->ID ) );
$data = array_merge( $data, self::get_artist_data( $post->ID, $load_nested ) );
break;
case 'fedistream_album':
$data = array_merge( $data, self::get_album_data( $post->ID ) );
$data = array_merge( $data, self::get_album_data( $post->ID, $load_nested ) );
break;
case 'fedistream_track':
$data = array_merge( $data, self::get_track_data( $post->ID ) );
break;
case 'fedistream_playlist':
$data = array_merge( $data, self::get_playlist_data( $post->ID ) );
$data = array_merge( $data, self::get_playlist_data( $post->ID, $load_nested ) );
break;
}
@@ -226,16 +351,23 @@ class TemplateLoader {
$data['genres'] = self::get_terms( $post->ID, 'fedistream_genre' );
$data['moods'] = self::get_terms( $post->ID, 'fedistream_mood' );
--self::$recursion_depth;
return $data;
}
/**
* Get artist-specific data.
*
* @param int $post_id Post ID.
* @param int|\WP_Post $post_id Post ID or WP_Post object.
* @param bool $load_nested Whether to load nested albums.
* @return array Artist data.
*/
private static function get_artist_data( int $post_id ): array {
public static function get_artist_data( int|\WP_Post $post_id, bool $load_nested = true ): array {
// Support both post ID and WP_Post object.
if ( $post_id instanceof \WP_Post ) {
$post_id = $post_id->ID;
}
$type = get_post_meta( $post_id, '_fedistream_artist_type', true ) ?: 'solo';
$types = array(
'solo' => __( 'Solo Artist', 'wp-fedistream' ),
@@ -244,23 +376,48 @@ class TemplateLoader {
'collective' => __( 'Collective', 'wp-fedistream' ),
);
$albums = get_posts(
array(
'post_type' => 'fedistream_album',
'posts_per_page' => -1,
'post_status' => 'publish',
'meta_key' => '_fedistream_album_artist',
'meta_value' => $post_id,
'orderby' => 'meta_value',
'meta_query' => array(
array(
'key' => '_fedistream_album_release_date',
'compare' => 'EXISTS',
$albums = array();
$album_count = 0;
if ( $load_nested ) {
$album_posts = get_posts(
array(
'post_type' => 'fedistream_album',
'posts_per_page' => -1,
'post_status' => 'publish',
'meta_key' => '_fedistream_album_artist',
'meta_value' => $post_id,
'orderby' => 'meta_value',
'meta_query' => array(
array(
'key' => '_fedistream_album_release_date',
'compare' => 'EXISTS',
),
),
),
'order' => 'DESC',
)
);
'order' => 'DESC',
)
);
$album_count = count( $album_posts );
$albums = array_map(
function ( $album ) {
return self::get_post_data( $album, true ); // Skip further nesting.
},
$album_posts
);
} else {
// Just get the count without loading full data.
$album_count = (int) get_posts(
array(
'post_type' => 'fedistream_album',
'posts_per_page' => -1,
'post_status' => 'publish',
'meta_key' => '_fedistream_album_artist',
'meta_value' => $post_id,
'fields' => 'ids',
)
);
$album_count = is_array( $album_count ) ? count( $album_count ) : 0;
}
return array(
'artist_type' => $type,
@@ -270,18 +427,23 @@ class TemplateLoader {
'website' => get_post_meta( $post_id, '_fedistream_artist_website', true ),
'social_links' => get_post_meta( $post_id, '_fedistream_artist_social_links', true ) ?: array(),
'members' => get_post_meta( $post_id, '_fedistream_artist_members', true ) ?: array(),
'albums' => array_map( array( __CLASS__, 'get_post_data' ), $albums ),
'album_count' => count( $albums ),
'albums' => $albums,
'album_count' => $album_count,
);
}
/**
* Get album-specific data.
*
* @param int $post_id Post ID.
* @param int|\WP_Post $post_id Post ID or WP_Post object.
* @param bool $load_nested Whether to load nested tracks.
* @return array Album data.
*/
private static function get_album_data( int $post_id ): array {
public static function get_album_data( int|\WP_Post $post_id, bool $load_nested = true ): array {
// Support both post ID and WP_Post object.
if ( $post_id instanceof \WP_Post ) {
$post_id = $post_id->ID;
}
$type = get_post_meta( $post_id, '_fedistream_album_type', true ) ?: 'album';
$types = array(
'album' => __( 'Album', 'wp-fedistream' ),
@@ -293,24 +455,49 @@ class TemplateLoader {
);
$artist_id = get_post_meta( $post_id, '_fedistream_album_artist', true );
$tracks = get_posts(
array(
'post_type' => 'fedistream_track',
'posts_per_page' => -1,
'post_status' => 'publish',
'meta_key' => '_fedistream_track_album',
'meta_value' => $post_id,
'orderby' => 'meta_value_num',
'meta_query' => array(
'relation' => 'AND',
array(
'key' => '_fedistream_track_number',
'compare' => 'EXISTS',
$tracks = array();
$total_tracks = 0;
if ( $load_nested ) {
$track_posts = get_posts(
array(
'post_type' => 'fedistream_track',
'posts_per_page' => -1,
'post_status' => 'publish',
'meta_key' => '_fedistream_track_album',
'meta_value' => $post_id,
'orderby' => 'meta_value_num',
'meta_query' => array(
'relation' => 'AND',
array(
'key' => '_fedistream_track_number',
'compare' => 'EXISTS',
),
),
),
'order' => 'ASC',
)
);
'order' => 'ASC',
)
);
$total_tracks = count( $track_posts );
$tracks = array_map(
function ( $track ) {
return self::get_post_data( $track, true ); // Skip further nesting.
},
$track_posts
);
} else {
// Just get the count without loading full data.
$track_ids = get_posts(
array(
'post_type' => 'fedistream_track',
'posts_per_page' => -1,
'post_status' => 'publish',
'meta_key' => '_fedistream_track_album',
'meta_value' => $post_id,
'fields' => 'ids',
)
);
$total_tracks = is_array( $track_ids ) ? count( $track_ids ) : 0;
}
return array(
'album_type' => $type,
@@ -322,19 +509,23 @@ class TemplateLoader {
'artist_url' => $artist_id ? get_permalink( $artist_id ) : '',
'upc' => get_post_meta( $post_id, '_fedistream_album_upc', true ),
'catalog_number' => get_post_meta( $post_id, '_fedistream_album_catalog_number', true ),
'total_tracks' => count( $tracks ),
'total_tracks' => $total_tracks,
'total_duration' => (int) get_post_meta( $post_id, '_fedistream_album_total_duration', true ),
'tracks' => array_map( array( __CLASS__, 'get_post_data' ), $tracks ),
'tracks' => $tracks,
);
}
/**
* Get track-specific data.
*
* @param int $post_id Post ID.
* @param int|\WP_Post $post_id Post ID or WP_Post object.
* @return array Track data.
*/
private static function get_track_data( int $post_id ): array {
public static function get_track_data( int|\WP_Post $post_id ): array {
// Support both post ID and WP_Post object.
if ( $post_id instanceof \WP_Post ) {
$post_id = $post_id->ID;
}
$album_id = get_post_meta( $post_id, '_fedistream_track_album', true );
$audio_file = get_post_meta( $post_id, '_fedistream_track_audio_file', true );
$artists = get_post_meta( $post_id, '_fedistream_track_artists', true ) ?: array();
@@ -374,16 +565,21 @@ class TemplateLoader {
/**
* Get playlist-specific data.
*
* @param int $post_id Post ID.
* @param int|\WP_Post $post_id Post ID or WP_Post object.
* @param bool $load_nested Whether to load nested tracks.
* @return array Playlist data.
*/
private static function get_playlist_data( int $post_id ): array {
public static function get_playlist_data( int|\WP_Post $post_id, bool $load_nested = true ): array {
// Support both post ID and WP_Post object.
if ( $post_id instanceof \WP_Post ) {
$post_id = $post_id->ID;
}
global $wpdb;
$table = $wpdb->prefix . 'fedistream_playlist_tracks';
$table = $wpdb->prefix . 'fedistream_playlist_tracks';
$duration = (int) get_post_meta( $post_id, '_fedistream_playlist_total_duration', true );
// Get tracks.
// Get track IDs.
// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$track_ids = $wpdb->get_col(
$wpdb->prepare(
@@ -392,11 +588,15 @@ class TemplateLoader {
)
);
$tracks = array();
foreach ( $track_ids as $track_id ) {
$track = get_post( $track_id );
if ( $track && 'publish' === $track->post_status ) {
$tracks[] = self::get_post_data( $track );
$tracks = array();
$track_count = count( $track_ids );
if ( $load_nested && ! empty( $track_ids ) ) {
foreach ( $track_ids as $track_id ) {
$track = get_post( $track_id );
if ( $track && 'publish' === $track->post_status ) {
$tracks[] = self::get_post_data( $track, true ); // Skip further nesting.
}
}
}
@@ -404,7 +604,7 @@ class TemplateLoader {
'visibility' => get_post_meta( $post_id, '_fedistream_playlist_visibility', true ) ?: 'public',
'collaborative' => (bool) get_post_meta( $post_id, '_fedistream_playlist_collaborative', true ),
'federated' => (bool) get_post_meta( $post_id, '_fedistream_playlist_federated', true ),
'track_count' => count( $tracks ),
'track_count' => $load_nested ? count( $tracks ) : $track_count,
'total_duration' => $duration,
'duration_formatted' => $duration >= 3600
? sprintf( '%d:%02d:%02d', floor( $duration / 3600 ), floor( ( $duration % 3600 ) / 60 ), $duration % 60 )

13
includes/Frontend/template-wrapper.php
View File

@@ -13,6 +13,12 @@ if ( ! defined( 'ABSPATH' ) ) {
use WP_FediStream\Plugin;
use WP_FediStream\Frontend\TemplateLoader;
// Enter page template loading mode - this completely blocks nested FediStream rendering.
TemplateLoader::enter_page_template_loading();
// Also enter shortcode context to prevent recursive shortcode processing in post content.
TemplateLoader::enter_shortcode_context();
// Get template context.
$context = TemplateLoader::get_context();
@@ -54,7 +60,8 @@ get_header();
if ( $template_name ) {
try {
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
echo $plugin->render( $template_name, $context );
// Pass true for is_main_template to set the hard rendering lock.
echo $plugin->render( $template_name, $context, true );
} catch ( \Exception $e ) {
if ( WP_DEBUG ) {
echo '<div class="fedistream-error">';
@@ -75,4 +82,8 @@ get_header();
</main>
<?php
// Exit shortcode context and page template loading mode.
TemplateLoader::exit_shortcode_context();
TemplateLoader::exit_page_template_loading();
get_footer();

54
includes/Plugin.php
View File

@@ -55,6 +55,29 @@ final class Plugin {
*/
private ?\Twig\Environment $twig = null;
/**
* Current Twig render depth to prevent infinite recursion.
*
* @var int
*/
private static int $render_depth = 0;
/**
* Maximum allowed Twig render depth.
* Set to 2 to allow one level of nested includes but prevent deeper recursion.
*
* @var int
*/
private const MAX_RENDER_DEPTH = 2;
/**
* Flag to track if we're currently rendering the main page template.
* This is a hard lock that prevents ANY other rendering.
*
* @var bool
*/
private static bool $rendering_main_template = false;
/**
* Post type instances.
*
@@ -842,8 +865,35 @@ final class Plugin {
* @param array $context Template context variables.
* @return string Rendered template.
*/
public function render( string $template, array $context = array() ): string {
return $this->twig->render( $template . '.twig', $context );
public function render( string $template, array $context = array(), bool $is_main_template = false ): string {
// If we're already rendering the main template, block any other renders.
if ( self::$rendering_main_template && ! $is_main_template ) {
return '<!-- FediStream: blocked during main template render -->';
}
// Prevent infinite recursion in Twig rendering.
if ( self::$render_depth >= self::MAX_RENDER_DEPTH ) {
return '<!-- FediStream: render depth exceeded -->';
}
// Set main template lock if this is the main template.
$was_main = self::$rendering_main_template;
if ( $is_main_template ) {
self::$rendering_main_template = true;
}
++self::$render_depth;
try {
$result = $this->twig->render( $template . '.twig', $context );
} finally {
--self::$render_depth;
if ( $is_main_template ) {
self::$rendering_main_template = $was_main;
}
}
return $result;
}
/**

4
wp-fedistream.php
View File

@@ -3,7 +3,7 @@
* Plugin Name: WP FediStream
* Plugin URI: https://src.bundespruefstelle.ch/magdev/wp-fedistream
* Description: Stream music over ActivityPub - Build your own music streaming platform for Musicians and Labels.
* Version: 0.4.0
* Version: 0.4.9
* Requires at least: 6.4
* Requires PHP: 8.3
* Author: Marco Graetsch
@@ -26,7 +26,7 @@ if ( ! defined( 'ABSPATH' ) ) {
*
* @var string
*/
define( 'WP_FEDISTREAM_VERSION', '0.4.0' );
define( 'WP_FEDISTREAM_VERSION', '0.4.9' );
/**
* Plugin file path.