Fix inability to delete via UI

josephfusco · josephfusco · commit 1c3c08c7107c · 2025-06-26T13:10:17.000-04:00
diff --git a/plugins/wp-graphql-headless-webhooks/src/Admin/WebhooksAdmin.php b/plugins/wp-graphql-headless-webhooks/src/Admin/WebhooksAdmin.php
@@ -147,10 +147,6 @@ public function handle_actions(): void {
 		if ( isset( $_POST['action'] ) && 'save_webhook' === $_POST['action'] ) {
 			$this->handle_webhook_save();
 		}
-
-		if ( isset( $_GET['action'] ) && 'delete' === $_GET['action'] && isset( $_GET['webhook_id'] ) ) {
-			$this->handle_webhook_delete();
-		}
 	}
 
 	/**
@@ -186,7 +182,7 @@ private function verify_nonce( string $nonce_name, string $action ): bool {
 	 */
 	public function handle_webhook_save() {
 		// Verify permissions and nonce
-		if ( ! $this->verify_admin_permission() || ! $this->verify_nonce( 'webhook_save', 'webhook_nonce' ) ) {
+		if ( ! $this->verify_admin_permission() || ! $this->verify_nonce( 'webhook_nonce', 'webhook_save' ) ) {
 			wp_die( __( 'Unauthorized', 'wp-graphql-webhooks' ) );
 		}
 
@@ -200,7 +196,7 @@ public function handle_webhook_save() {
 		];
 
 		// Validate data
-		$validation = $this->repository->validate_data( $data );
+		$validation = $this->repository->validate_data( $data['event'], $data['url'], $data['method'] );
 		if ( is_wp_error( $validation ) ) {
 			wp_die( $validation->get_error_message() );
 		}
@@ -231,15 +227,44 @@ public function handle_webhook_delete() {
 	 * Handle admin actions
 	 */
 	public function handle_admin_actions() {
-		// Handle bulk actions from WP_List_Table
-		if ( isset( $_REQUEST['action'] ) && 'delete' === $_REQUEST['action'] || 
-		     isset( $_REQUEST['action2'] ) && 'delete' === $_REQUEST['action2'] ) {
+		// Only process on our admin page
+		if ( ! isset( $_GET['page'] ) || self::ADMIN_PAGE_SLUG !== $_GET['page'] ) {
+			return;
+		}
+
+		// Handle single delete action
+		if ( isset( $_GET['action'] ) && 'delete' === $_GET['action'] && isset( $_GET['webhook'] ) ) {
+			if ( ! $this->verify_admin_permission() ) {
+				return;
+			}
+
+			$webhook_id = intval( $_GET['webhook'] );
+			$nonce = isset( $_GET['_wpnonce'] ) ? $_GET['_wpnonce'] : '';
+
+			if ( ! wp_verify_nonce( $nonce, 'delete-webhook-' . $webhook_id ) ) {
+				wp_die( __( 'Security check failed.', 'wp-graphql-headless-webhooks' ) );
+			}
+
+			if ( $this->repository->delete( $webhook_id ) ) {
+				wp_redirect( add_query_arg( [ 'deleted' => 1 ], remove_query_arg( [ 'action', 'webhook', '_wpnonce' ], $this->get_admin_url() ) ) );
+				exit;
+			}
+		}
+
+		// Handle bulk delete actions from WP_List_Table
+		if ( isset( $_POST['action'] ) && 'delete' === $_POST['action'] || 
+		     isset( $_POST['action2'] ) && 'delete' === $_POST['action2'] ) {
 			
-			if ( ! $this->verify_admin_permission() || ! $this->verify_nonce( 'bulk-webhooks', '_wpnonce' ) ) {
+			if ( ! $this->verify_admin_permission() ) {
 				return;
 			}
 
-			$webhook_ids = isset( $_REQUEST['webhook'] ) ? array_map( 'intval', (array) $_REQUEST['webhook'] ) : [];
+			// Check bulk action nonce
+			if ( ! isset( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'bulk-webhooks' ) ) {
+				wp_die( __( 'Security check failed.', 'wp-graphql-headless-webhooks' ) );
+			}
+
+			$webhook_ids = isset( $_POST['webhook'] ) ? array_map( 'intval', (array) $_POST['webhook'] ) : [];
 			$deleted = 0;
 
 			foreach ( $webhook_ids as $webhook_id ) {
@@ -249,7 +274,7 @@ public function handle_admin_actions() {
 			}
 
 			if ( $deleted > 0 ) {
-				wp_redirect( add_query_arg( [ 'deleted' => $deleted ], $this->get_admin_url() ) );
+				wp_redirect( add_query_arg( [ 'deleted' => $deleted ], remove_query_arg( [ 'action', 'action2', 'webhook', '_wpnonce' ], $this->get_admin_url() ) ) );
 				exit;
 			}
 		}
diff --git a/plugins/wp-graphql-headless-webhooks/src/Admin/WebhooksListTable.php b/plugins/wp-graphql-headless-webhooks/src/Admin/WebhooksListTable.php
@@ -77,47 +77,15 @@ public function get_sortable_columns() {
 	 */
 	public function get_bulk_actions() {
 		return [
-			'bulk-delete' => __( 'Delete', 'wp-graphql-webhooks' ),
+			'delete' => __( 'Delete', 'wp-graphql-webhooks' ),
 		];
 	}
 
-	/**
-	 * Process bulk actions
-	 */
-	public function process_bulk_action() {
-		// Handle bulk delete
-		if ( 'bulk-delete' === $this->current_action() ) {
-			$webhook_ids = isset( $_POST['webhook'] ) ? array_map( 'intval', $_POST['webhook'] ) : [];
-			
-			if ( ! empty( $webhook_ids ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'bulk-' . $this->_args['plural'] ) ) {
-				foreach ( $webhook_ids as $id ) {
-					$this->repository->delete( $id );
-				}
-				
-				wp_redirect( add_query_arg( 'deleted', count( $webhook_ids ), remove_query_arg( [ 'action', 'webhook', '_wpnonce' ] ) ) );
-				exit;
-			}
-		}
-		
-		// Handle single delete
-		if ( 'delete' === $this->current_action() ) {
-			$webhook_id = isset( $_GET['webhook'] ) ? intval( $_GET['webhook'] ) : 0;
-			$nonce = isset( $_GET['_wpnonce'] ) ? $_GET['_wpnonce'] : '';
-			
-			if ( $webhook_id && wp_verify_nonce( $nonce, 'delete-webhook-' . $webhook_id ) ) {
-				$this->repository->delete( $webhook_id );
-				wp_redirect( add_query_arg( 'deleted', 1, remove_query_arg( [ 'action', 'webhook', '_wpnonce' ] ) ) );
-				exit;
-			}
-		}
-	}
 
 	/**
 	 * Prepare items for display
 	 */
-	public function prepare_items() {
-		$this->process_bulk_action();
-		
+	public function prepare_items() {		
 		$per_page = $this->get_items_per_page( 'webhooks_per_page', 20 );
 		$current_page = $this->get_pagenum();
 		
