HEX
Server: nginx
System: Linux pool195-106-36.bur.atomicsites.net 6.12.57+deb12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.57-1~bpo12+1 (2025-11-17) x86_64
User: (0)
PHP: 8.3.32
Disabled: pcntl_fork
Upload Files
File: /wordpress/plugins/wp-cloud-client/1.2.0/src/Handler/SetLoginVisibilityHandler.php
<?php

declare(strict_types=1);

namespace VPlugins\WPCloudClient\Handler;

use VPlugins\WPCloudClient\Settings\SettingsRepository;

final class SetLoginVisibilityHandler extends AbstractHandler {

	/**
	 * Class constructor.
	 *
	 * @param SettingsRepository $settings Settings repository.
	 */
	public function __construct(
		private readonly SettingsRepository $settings,
	) {}

	/**
	 * Return the action name.
	 *
	 * @return string Action name.
	 */
	public function action(): string {
		return 'set_login_visibility';
	}

	/**
	 * Expose or hide the wp-login.php page.
	 *
	 * Persists the choice to wpcc_settings so LoginPageGuard can redirect
	 * unauthenticated visitors away from wp-login.php when hidden. When hiding,
	 * 'redirect_url' is required so LoginPageGuard knows where to send visitors.
	 *
	 * @param array<string, mixed> $params Must contain 'expose' (bool); 'redirect_url' required when expose is false.
	 * @return array<string, mixed> Applied login visibility state.
	 *
	 * @throws \InvalidArgumentException If params are invalid or redirect_url is missing when hiding.
	 */
	public function execute( array $params ): array {
		$this->requireParams( $params, 'expose' );

		// FILTER_NULL_ON_FAILURE so unrecognised values (e.g. 2, "garbage") are
		// rejected rather than silently coerced to false and hiding the login page.
		$expose = filter_var( $params['expose'], FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE );

		if ( null === $expose ) {
			throw new \InvalidArgumentException( "'expose' must be a boolean value." );
		}

		if ( ! $expose ) {
			$this->requireParams( $params, 'redirect_url' );
			$redirect_url = trim( (string) $params['redirect_url'] );
			if ( '' === $redirect_url || ! in_array( wp_parse_url( $redirect_url, PHP_URL_SCHEME ), [ 'http', 'https' ], true ) ) {
				throw new \InvalidArgumentException( "'redirect_url' must be a valid http or https URL." );
			}
			$this->settings->setLoginRedirectUrl( $redirect_url );
		}

		$this->settings->setLoginExposed( $expose );

		return [
			'expose_login' => $expose,
			'message'      => $expose ? 'Login page exposed.' : 'Login page hidden.',
		];
	}
}