Strip shortcodes from the excerpt

[pfefferle]

This PR removes the shortcodes from the excerpt, because it seems to be possible to sneak them into the summary... shomehow...

Fixes https://c.im/@michael_martinez/114576417875641281

Update: While working on the unit-tests I found some glitches that bypassed the sanitization. This PR will also fix that issue.

Proposed changes:

• Remove shortcodes from the excerpt
• Remove the early bailing of the excerpt, to not have to duplicate the remove_shortcode and the other checks

Other information:

• Have you written new tests for your changes, if applicable?

Testing instructions:

• Go to '..'

Changelog entry

• Automatically create a changelog entry from the details below.

Changelog Entry Details

Significance

• Patch
• Minor
• Major

Type

• Added - for new features
• Changed - for changes in existing functionality
• Deprecated - for soon-to-be removed features
• Removed - for now removed features
• Fixed - for any bug fixes
• Security - in case of vulnerabilities

Message

Improved excerpt handling and improved sanitization of summaries.

[Copilot]

Pull Request Overview

This PR aims to improve the excerpt handling by removing shortcodes to avoid potential abuse in the summary.

• Added a call to remove shortcodes from the content in the generate_post_summary function.

Comments suppressed due to low confidence (1)

includes/functions.php:1215

• [nitpick] Consider evaluating the order of content sanitization. Removing shortcodes before stripping all HTML tags might result in a cleaner excerpt if shortcode patterns could interfere with tag removal.

$content = \strip_shortcodes( $content );

[obenland]

This feels like a good change to add a unit test for?

[pfefferle]

The thing is, that this is not the normal behaviour... must be some plugin that adds the shortcodes directly to the excerpt...

[pfefferle]

But sure, will add some tests...

[pfefferle]

@obenland I optimized the code a bit and added tests for all known cases.

[obenland]

Would you mind updating the "Proposed Changes" list in the PR description with your changes? It looks like existing excerpts no longer short-circuit the function but now get processed fully, is that correct?

[pfefferle]

yes, because that bypassed all the following sanitization

[pfefferle]

@obenland done.

[obenland]

yes, because that bypassed all the following sanitization

My assumption would be that Core's sanitization for excerpts is enough—is it not? If not, what's missing?

Optimize excerpt/summary generation and sanitization

What's the change in that optimization?

[pfefferle]

My assumption would be that Core's sanitization for excerpts is enough—is it not? If not, what's missing?

This has some history: Sadly other plugins are doing too much weird things with the excerpt, so that is was needed. Here is some background: https://github.com/Automattic/wordpress-activitypub/issues?q=is%3Aissue%20excerpt

What's the change in that optimization?

I changed it to a more descriptive one... I am sorry for the confusion.

[obenland]

Thank you!