This sort of theme mod is only capable of conveying a string into the markup regardless of any sanitization callback – any PHP included within the string will never be interpreted by the PHP engine, short of running the output through eval()
which would be extremely dangerous and likely result in the theme failing review for any marketplace.
In this case, since you’re running the mod value through shortcodes anyway, I think it would be easiest and provide the best end-user experience to just include a shortcode which outputs the current year, or as a wrapper around the wp_date()
function:
function wpse406257_date( $atts, $content ) {
$atts = shortcode_atts( [
'format' => 'F j, Y',
'timezone' => null,
], $atts, 'date' );
$timestamp = !empty( $content ) ? strtotime( $content ) : null;
return wp_date( $atts['format'], $timestamp, $atts['timezone'] );
}
add_shortcode( 'date', 'wpse406257_date' );
//...
'default' => 'Copyright © [date format="Y"] . All Rights Reserved'
//...
You could achieve a similar effect without shortcodes by running the string output through str_replace()
and swapping out custom placeholders such as {year}
.