wip nonce actually dont work

plugins/fbpatch/html/menu.html

@@ -1,5 +1,7 @@
-<form method="POST">
+<form method="POST" action="<?php echo admin_url( 'admin-post.php' ); ?>">
-	<?php wp_nonce_field('action_name', 'nonce_name'); ?>
+	<?php wp_nonce_field($nonce['_action'], $nonce['_name']); ?>
+	<!-- https://developer.wordpress.org/reference/hooks/admin_post_action/ -->
+	<input type="hidden" name="action" value="add_patches">
 	<div>
 		<input type="checkbox" id="calculation_patch" name="calculation" checked />
 		<label for="calculation_patch">calculation patch</label>

plugins/fbpatch/menu/menu_content.php

@@ -16,12 +16,10 @@ if (!defined('ABSPATH')) {
 *
 */
 function plugin_content() {
-	$base_rest_route = Fbpatch::URL_BASE_REST_ROUTE;
+//	Fbpatch::get_patchs();
-	$fetch_nonce = wp_create_nonce('wp_rest');
+	$nonce = Fbpatch::NONCE;
-	$fetch_url = get_site_url() . "/wp-json";
 	ob_start();
 		include(plugin_dir_path(__DIR__) . '/html/menu.html');
-		\FBPATCH\choose_patches();
 	$html = ob_get_clean();
 
 	echo $html;
@@ -31,25 +29,48 @@ function plugin_content() {
 
 
 function choose_patches() {
-	$nonce = $_POST['nonce_name'];
+	error_log("_POST: " . json_encode($_POST));
-	if (!wp_verify_nonce($nonce, 'action_name')) {
+	$nonce = Fbpatch::NONCE;
-		exit;
+	if (!isset($_POST[$nonce['_name']])) {
+		error_log("_POST[{$nonce['_name']}] is not set");
+		\FBPATCH\redirect_menu($_POST);
+		return;
+	}
+	if (!wp_verify_nonce($nonce['_name'], $nonce['_action'])) {
+		error_log("is logged in: " . json_encode(is_user_logged_in()));
+		error_log("verify nonce false");
+		\FBPATCH\redirect_menu($_POST);
+		return;
 	}
 	error_log("is logged in: " . json_encode(is_user_logged_in()));
 }
+add_action('admin_post_add_patches', __NAMESPACE__.'\choose_patches');
 
 
 
-//// handling routes and endpoints
+
-//// diff routes and endpoints : https://stackoverflow.com/q/56075017/9497573
+function redirect_menu($post) {
-//function admin_menu_routes_endpoints() {
+	if (!isset($post)) {
-//	$base_rest_route = Fbpatch::URL_BASE_REST_ROUTE;
+		wp_redirect(admin_url(), 301);
-//	register_rest_route($base_rest_route, '/choose', array(
+		exit;
-//		'methods' => 'POST',
+	}
-//		'callback' => __NAMESPACE__.'\choose_patches',
+	if (is_null($post)) {
-//	));
+		wp_redirect(admin_url(), 301);
-//};
+		exit;
-//add_action('rest_api_init', __NAMESPACE__.'\admin_menu_routes_endpoints');
+	}
+	if (empty($post)) {
+		wp_redirect(admin_url(), 301);
+		exit;
+	}
+
+	if (!isset($post['_wp_http_referer'])) {
+		wp_redirect(admin_url(), 301);
+		exit;
+	}
+
+	wp_redirect(home_url($post['_wp_http_referer']), 301);
+	exit;
+}
 
 
 

plugins/fbpatch/php/fbpatch_class.php

@@ -19,10 +19,22 @@ class Fbpatch {
 
 	const SLUG_TOOGLE_ADMIN_MENU = ['_name'=>'toogle_admin_menu_url_fbpatch', 'toggle'=>'toggle', 'show'=>'show', 'hide'=>'hide'];
 	const OPTION_TOGGLE_MENU = ['_name'=>'toggle_admin_menu_option_fbpatch', 'show'=>'show', 'hide'=>'hide'];
-	const URL_BASE_REST_ROUTE = 'fbpatch_plugin/api/v1';                                                   // for routes, in php/paypal/routes.php && php/admin_modif_prof.php
+	const NONCE = ['_name'=>'nonce_name', '_action'=>'action_name'];
 
-	//private static $_is_
+	private static $_patchs = ['calculations', 'hide_show'];
+//	const PATCH_CALCULATIONS = ['_name'=>'calculations', 'title'=>'calculations title', '_description'=>'description---'];
+//	const PATCH_HIDE_SHOW = ['_name'=>'hide_chow', '_title'=>'hide/show title', '_description'=>'description...'];
 
+	private static function set_patchs() {
+		foreach (self::$_patchs as $patch) {
+			error_log("patch : " . $patch);
+		}
+	}
+	public static function get_patchs() {
+		self::set_patchs();
+	}
+	public static function update_patchs($query) {
+	}
 }