handleFormAction(); } $pendingInvites = $this->invites->findPending(); include USC_PLUGIN_DIR . 'templates/admin/invites.php'; } private function handleFormAction(): void { // Nonce is verified by the caller (renderPage) before this method runs. // phpcs:disable WordPress.Security.NonceVerification.Missing $action = sanitize_key( wp_unslash( $_POST['usc_action'] ?? '' ) ); if ( 'invite' === $action ) { $email = sanitize_email( wp_unslash( $_POST['email'] ?? '' ) ); if ( is_email( $email ) && false === email_exists( $email ) && null === $this->invites->findPendingByEmail( $email ) ) { $this->invites->insert( new Invite( email: $email, token: wp_generate_password( 32, false ), invitedBy: get_current_user_id(), ) ); } } if ( 'revoke' === $action ) { $inviteId = absint( $_POST['invite_id'] ?? 0 ); if ( $inviteId > 0 ) { $this->invites->revoke( $inviteId ); } } // phpcs:enable WordPress.Security.NonceVerification.Missing } }