let header handle redirect

Author: simonLeary42

resources/templates/header.php

@@ -2,12 +2,20 @@
 
 use UnityWebPortal\lib\UnitySite;
 
-if ((@$_SESSION["is_admin"] ?? false) == true
-    && $_SERVER["REQUEST_METHOD"] == "POST"
-    && (@$_POST["form_name"] ?? null) == "clearView"
-) {
-    unset($_SESSION["viewUser"]);
-    UnitySite::redirect($CONFIG["site"]["prefix"] . "/admin/user-mgmt.php");
+if (isset($_POST)) {
+    if ((@$_SESSION["is_admin"] ?? false) == true
+        && (@$_POST["form_name"] ?? null) == "clearView"
+    ) {
+        unset($_SESSION["viewUser"]);
+        UnitySite::redirect($CONFIG["site"]["prefix"] . "/admin/user-mgmt.php");
+    }
+    // Webroot files need to handle their own POSTs before loading the header
+    // so that they can do UnitySite::badRequest before anything else has been printed.
+    // They also must not redirect like standard PRG practice because this
+    // header also needs to handle POST data. So this header does the PRG redirect
+    // for all pages.
+    UnitySite::redirect($_SERVER['PHP_SELF']);
+    unset($_POST); // unset ensures that header must not come before POST handling
 }
 
 if (isset($SSO)) {

webroot/admin/content.php

@@ -12,7 +12,6 @@
     if (!empty($_POST["pageSel"])) {
         $SQL->editPage($_POST["pageSel"], $_POST["content"], $USER);
     }
-    UnitySite::redirect($_SERVER['PHP_SELF']);
 }
 
 include $LOC_HEADER;

webroot/admin/notices.php

@@ -23,7 +23,6 @@
 
             break;
     }
-    UnitySite::redirect($_SERVER['PHP_SELF']);
 }
 
 include $LOC_HEADER;

webroot/admin/pi-mgmt.php

@@ -50,7 +50,6 @@
 
             break;
     }
-    UnitySite::redirect($_SERVER['PHP_SELF']);
 }
 
 include $LOC_HEADER;

webroot/admin/user-mgmt.php

@@ -15,7 +15,6 @@
             UnitySite::redirect($CONFIG["site"]["prefix"] . "/panel/account.php");
             break;
     }
-    UnitySite::redirect($_SERVER['PHP_SELF']);
 }
 
 include $LOC_HEADER;

webroot/index.php

@@ -2,7 +2,7 @@
 
 require_once __DIR__ . "/../resources/autoload.php";
 
-require_once $LOC_HEADER;
+include $LOC_HEADER;
 ?>
 
 

webroot/panel/account.php

@@ -4,8 +4,6 @@
 
 use UnityWebPortal\lib\UnitySite;
 
-require_once $LOC_HEADER;
-
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
     switch (UnitySite::arrayGetOrBadRequest($_POST, "form_type")) {
         case "addKey":
@@ -72,8 +70,9 @@
             }
             break;
     }
-    UnitySite::redirect($_SERVER['PHP_SELF']);
 }
+
+include $LOC_HEADER;
 ?>
 
 <h1>Account Settings</h1>

webroot/panel/groups.php

@@ -41,7 +41,6 @@
                 break;
         }
     }
-    UnitySite::redirect($_SERVER['PHP_SELF']);
 }
 
 include $LOC_HEADER;

webroot/panel/new_account.php

@@ -42,9 +42,8 @@
     } else {
         UnitySite::badRequest("neither 'new_user_sel' or 'cancel' are set!");
     }
-    UnitySite::redirect($_SERVER['PHP_SELF']);
 }
-require_once $LOC_HEADER;
+include $LOC_HEADER;
 ?>
 
 <h1>Request Account</h1>

webroot/panel/pi.php

@@ -31,7 +31,6 @@
 
             break;
     }
-    UnitySite::redirect($_SERVER['PHP_SELF']);
 }
 
 include $LOC_HEADER;

webroot/panel/support.php

@@ -2,7 +2,7 @@
 
 require "../../resources/autoload.php";
 
-require_once $LOC_HEADER;
+include $LOC_HEADER;
 ?>
 
 <h1>Support</h1>