From baba912570187a9428dd58e38e1177737b0998a2 Mon Sep 17 00:00:00 2001 From: Nicolas Jaussaud Date: Thu, 21 May 2026 20:47:17 +0200 Subject: [PATCH] RequestRouter: POST Requests - Make sure to process POST request early enough as they trigger redirections --- src/DataView/DataView.php | 2 + src/DataView/RequestRouter.php | 75 +++++++++++++++++++++------------- 2 files changed, 49 insertions(+), 28 deletions(-) diff --git a/src/DataView/DataView.php b/src/DataView/DataView.php index 43ffce5..0ea5ef2 100644 --- a/src/DataView/DataView.php +++ b/src/DataView/DataView.php @@ -295,6 +295,8 @@ public function register(): static { ] ); } + add_action( 'admin_init', [ $this->router, 'maybe_redirect' ] ); + // Register admin menu. $this->register_admin_menu(); diff --git a/src/DataView/RequestRouter.php b/src/DataView/RequestRouter.php index 2b88d07..201048c 100644 --- a/src/DataView/RequestRouter.php +++ b/src/DataView/RequestRouter.php @@ -106,13 +106,19 @@ public function set_renderer( Renderer $renderer ): void { } /** - * Route the current request to the appropriate handler. + * Check capability. */ - public function route(): void { - // Check capability. + protected function check_capability() { if ( ! current_user_can( $this->config->capability ) ) { wp_die( __( 'You do not have permission to access this page.' ) ); } + } + + /** + * Route the current request to the appropriate handler. + */ + public function route(): void { + $this->check_capability(); $action = $this->url_builder->get_current_action(); $id = $this->url_builder->get_current_id(); @@ -128,33 +134,51 @@ public function route(): void { } /** - * Route plural (multi-entity) requests. + * POST requests will trigger a redirect so they have to be processed + * earlier than GET request, before any content is displayed * * @param string $action Current action. * @param int|null $id Entity ID. */ - protected function route_plural( string $action, ?int $id ): void { - // Handle POST submissions. - if ( $this->is_post_request() ) { - switch ( $action ) { - case 'create': - $this->handle_create_submit(); + public function maybe_redirect(): void { + $this->check_capability(); + + if ( ! $this->is_post_request() ) return; + + if ( $this->config->is_singular() ) { + $this->handle_settings_submit(); + return; + } + + $action = $this->url_builder->get_current_action(); + $id = $this->url_builder->get_current_id(); + + switch ( $action ) { + case 'create': + $this->handle_create_submit(); + return; + case 'edit': + if ( $id !== null ) { + $this->handle_edit_submit( $id ); return; - case 'edit': - if ( $id !== null ) { - $this->handle_edit_submit( $id ); - return; - } - break; - case 'delete': - if ( $id !== null ) { - $this->handle_delete( $id ); - return; - } - break; - } + } + break; + case 'delete': + if ( $id !== null ) { + $this->handle_delete( $id ); + return; + } + break; } + } + /** + * Route plural (multi-entity) requests. + * + * @param string $action Current action. + * @param int|null $id Entity ID. + */ + protected function route_plural( string $action, ?int $id ): void { // Handle GET requests. switch ( $action ) { case 'create': @@ -184,11 +208,6 @@ protected function route_plural( string $action, ?int $id ): void { * Route singular (single-entity) requests. */ protected function route_singular(): void { - if ( $this->is_post_request() ) { - $this->handle_settings_submit(); - return; - } - $this->render_settings_form(); }