From 721b602a0ac7681721baacb13f9f69a1292ff653 Mon Sep 17 00:00:00 2001 From: David Stone Date: Sat, 14 Feb 2026 09:55:40 -0700 Subject: [PATCH] Fix Stripe Connect button to save settings before OAuth redirect The Connect with Stripe button previously navigated directly to the OAuth init URL without saving settings first. When a user enabled Stripe and toggled sandbox mode for the first time, the unsaved settings meant the OAuth flow used the wrong Stripe environment. Changed the connect button from an link to a form submit button that saves all settings before redirecting to the OAuth init URL via a new wu_settings_save_redirect filter. Co-Authored-By: Claude Opus 4.6 --- inc/admin-pages/class-settings-admin-page.php | 18 +++++++++- inc/gateways/class-stripe-gateway.php | 33 ++++++++++++++++--- 2 files changed, 46 insertions(+), 5 deletions(-) diff --git a/inc/admin-pages/class-settings-admin-page.php b/inc/admin-pages/class-settings-admin-page.php index ea6a0e48..a2adaf9a 100644 --- a/inc/admin-pages/class-settings-admin-page.php +++ b/inc/admin-pages/class-settings-admin-page.php @@ -554,7 +554,23 @@ public function default_handler(): void { WP_Ultimo()->settings->save_settings($filtered_data); - wp_safe_redirect(add_query_arg('updated', 1, wu_get_current_url())); + $redirect_url = add_query_arg('updated', 1, wu_get_current_url()); + + /** + * Filters the redirect URL after settings are saved. + * + * Allows gateways or other components to redirect elsewhere + * after a settings save (e.g. to initiate an OAuth flow). + * + * @since 2.x.x + * + * @param string $redirect_url The default redirect URL. + * @param array $filtered_data The saved settings data. + * @return string + */ + $redirect_url = apply_filters('wu_settings_save_redirect', $redirect_url, $filtered_data); + + wp_safe_redirect($redirect_url); exit; } diff --git a/inc/gateways/class-stripe-gateway.php b/inc/gateways/class-stripe-gateway.php index 653f3377..6f0b50d8 100644 --- a/inc/gateways/class-stripe-gateway.php +++ b/inc/gateways/class-stripe-gateway.php @@ -48,6 +48,9 @@ public function hooks(): void { // Handle OAuth callbacks and disconnects add_action('admin_init', [$this, 'handle_oauth_callbacks']); + // Redirect to OAuth init after settings save when connect button was clicked + add_filter('wu_settings_save_redirect', [$this, 'maybe_redirect_to_stripe_oauth'], 10, 2); + add_filter( 'wu_customer_payment_methods', function ($fields, $customer): array { @@ -63,6 +66,29 @@ function ($fields, $customer): array { ); } + /** + * Redirect to Stripe OAuth init URL after settings are saved. + * + * When the user clicks the "Connect with Stripe" button, the settings form + * is submitted first (saving sandbox mode, active gateways, etc.), then + * this filter redirects to the OAuth init URL instead of the normal + * settings page. + * + * @since 2.x.x + * + * @param string $redirect_url The default redirect URL. + * @param array $saved_data The saved settings data. + * @return string + */ + public function maybe_redirect_to_stripe_oauth(string $redirect_url, array $saved_data): string { + + if (empty($_POST['wu_connect_stripe'])) { // phpcs:ignore WordPress.Security.NonceVerification + return $redirect_url; + } + + return $this->get_oauth_init_url(); + } + /** * Adds the Stripe Gateway settings to the settings screen. * @@ -891,18 +917,17 @@ public function render_oauth_connection(): void { ); } - // Disconnected state - show connect button + // Disconnected state - show connect button (submits form to save settings first) printf( '

%s

- +

%s

', esc_html__('Connect your Stripe account with one click.', 'ultimate-multisite'), - esc_url($this->get_oauth_init_url()), esc_html__('Connect with Stripe', 'ultimate-multisite'), esc_html__('You will be redirected to Stripe to securely authorize the connection.', 'ultimate-multisite'), );