breznflow/breznflow/includes/Admin/views/wizard-step-3.php

<?php
/**
 * Template: Wizard step 3 — preview and publish.
 *
 * @package BreznFlow
 * @since   1.0.0
 */

if ( ! defined( 'ABSPATH' ) ) {
	exit;
}
// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound -- template file, not global scope

// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.WP.GlobalVariablesOverride.Prohibited -- nonce verified in AdminMenu::render_wizard() before this template loads.
$post_id  = isset( $_GET['post_id'] ) ? (int) $_GET['post_id'] : 0;
$workflow = $post_id > 0 ? get_post( $post_id ) : null;

if ( ! $workflow || 'breznflow_workflow' !== $workflow->post_type ) {
	wp_die( esc_html__( 'Invalid workflow.', 'breznflow' ) );
}

$raw_json     = get_post_meta( $post_id, '_breznflow_raw_json', true );
$mask_log_raw = get_post_meta( $post_id, '_breznflow_mask_log', true );
$mask_log     = json_decode( $mask_log_raw ? $mask_log_raw : '[]', true );
$node_count   = (int) get_post_meta( $post_id, '_breznflow_node_count', true );
$has_ai       = (int) get_post_meta( $post_id, '_breznflow_has_ai_nodes', true );
$meta_mode    = get_post_meta( $post_id, '_breznflow_default_mode', true );
$display_mode = $meta_mode ? $meta_mode : 'visual';
$meta_zoom    = (int) get_post_meta( $post_id, '_breznflow_default_zoom', true );
$zoom         = $meta_zoom ? $meta_zoom : 100;
$show_infobox = (int) get_post_meta( $post_id, '_breznflow_show_infobox', true );

// Check for code nodes with jsCode.
$has_code_nodes = false;
if ( $raw_json ) {
	$data = json_decode( $raw_json, true );
	if ( is_array( $data ) && ! empty( $data['nodes'] ) ) {
		foreach ( $data['nodes'] as $node ) {
			if ( isset( $node['parameters']['jsCode'] ) ) {
				$has_code_nodes = true;
				break;
			}
		}
	}
}

$settings        = \BreznFlow\Admin\SettingsPage::get_defaults();
$saved           = get_option( 'breznflow_settings', array() );
$settings        = array_merge( $settings, $saved );
$icon_registry   = \BreznFlow\Features\NodeTypeRegistry::get_registry();
$saved_theme_raw = get_post_meta( $post_id, '_breznflow_default_theme', true );
$saved_theme     = $saved_theme_raw ? $saved_theme_raw : ( $settings['default_theme'] ?? 'dark' );
$allowed_themes  = \BreznFlow\Features\ThemeRegistry::get_theme_ids();
$preview_theme   = in_array( $saved_theme, $allowed_themes, true ) ? $saved_theme : 'dark';
?>
<div class="wrap breznflow-wizard">
	<h1 class="wp-heading-inline">
		<?php esc_html_e( 'Preview & Publish', 'breznflow' ); ?>
	</h1>

	<div class="breznflow-wizard-steps">
		<span class="breznflow-step done"><?php esc_html_e( '1. Import JSON', 'breznflow' ); ?></span>
		<span class="breznflow-step done"><?php esc_html_e( '2. Configure', 'breznflow' ); ?></span>
		<span class="breznflow-step active"><?php esc_html_e( '3. Preview & Publish', 'breznflow' ); ?></span>
	</div>

	<?php if ( $has_code_nodes ) : ?>
	<div class="notice notice-warning">
		<p><strong><?php esc_html_e( 'Note:', 'breznflow' ); ?></strong>
		<?php
		esc_html_e( 'This workflow contains Code nodes. JavaScript code is displayed as-is and cannot be automatically scanned for hardcoded secrets. Please review the code in the node detail panel before publishing.', 'breznflow' ); // phpcs:ignore Generic.Files.LineLength.MaxExceeded
		?>
		</p>
	</div>
	<?php endif; ?>

	<div class="breznflow-card">
		<h2><?php esc_html_e( 'Workflow Preview', 'breznflow' ); ?></h2>
		<p class="description">
			<?php
			printf(
				/* translators: 1: node count, 2: workflow name */
				esc_html__( 'Showing %1$d nodes from "%2$s".', 'breznflow' ),
				absint( $node_count ),
				esc_html( $workflow->post_title )
			);
			?>
		</p>

		<?php if ( $raw_json ) : ?>
		<div class="breznflow-preview-container">
			<?php
			wp_enqueue_style( 'breznflow-renderer', BREZNFLOW_URL . 'assets/renderer.css', array(), BREZNFLOW_VERSION );
			wp_enqueue_script( 'breznflow-renderer', BREZNFLOW_URL . 'assets/renderer.js', array(), BREZNFLOW_VERSION, true );
			foreach ( \BreznFlow\Features\ThemeRegistry::BUILTIN as $bf_theme_id => $bf_theme_name ) {
				wp_enqueue_style(
					'breznflow-theme-' . $bf_theme_id,
					\BreznFlow\Features\ThemeRegistry::get_builtin_url( $bf_theme_id ),
					array( 'breznflow-renderer' ),
					BREZNFLOW_VERSION
				);
			}
			$bf_custom_css = \BreznFlow\Features\ThemeRegistry::get_custom_theme_css();
			if ( $bf_custom_css ) {
				wp_add_inline_style( 'breznflow-renderer', wp_strip_all_tags( $bf_custom_css ) );
			}
			wp_localize_script(
				'breznflow-renderer',
				'breznflowData',
				array(
					array(
						'id'             => $post_id,
						'workflow'       => json_decode( $raw_json, true ),
						'mode'           => $display_mode,
						'zoom'           => $zoom,
						'show_infobox'   => $show_infobox,
						'show_title'     => 0,
						'max_code_lines' => (int) $settings['max_code_lines'],
						'theme'          => $preview_theme,
					),
				)
			);
			wp_localize_script( 'breznflow-renderer', 'breznflowIcons', $icon_registry );
			wp_localize_script( 'breznflow-renderer', 'breznflowI18n', \BreznFlow\Shortcode::get_js_i18n() );
			?>
			<div id="breznflow-wrap-<?php echo esc_attr( (string) $post_id ); ?>" class="breznflow-embed"
				data-id="<?php echo esc_attr( (string) $post_id ); ?>">
			</div>
		</div>
		<?php endif; ?>
	</div>

	<?php if ( ! empty( $mask_log ) ) : ?>
	<div class="breznflow-card breznflow-card-security">
		<h2><?php esc_html_e( 'Security Summary', 'breznflow' ); ?></h2>
		<p>
			<?php
			printf(
				/* translators: %d: number of masked items */
				esc_html( _n( '%d value was masked for security.', '%d values were masked for security.', count( $mask_log ), 'breznflow' ) ),
				(int) count( $mask_log )
			);
			?>
		</p>
	</div>
	<?php endif; ?>

	<div class="breznflow-card">
		<h2><?php esc_html_e( 'Publish', 'breznflow' ); ?></h2>
		<p><?php esc_html_e( 'Use the shortcode below in any post or page to embed this workflow.', 'breznflow' ); ?></p>
		<p><code>[breznflow id="<?php echo esc_html( (string) $post_id ); ?>"]</code></p>

		<form method="post" action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>">
			<input type="hidden" name="action" value="breznflow_publish_workflow" />
			<input type="hidden" name="breznflow_post_id" value="<?php echo esc_attr( (string) $post_id ); ?>" />
			<?php wp_nonce_field( 'breznflow_publish', 'breznflow_nonce' ); ?>
			<p>
				<a href="
				<?php
				echo esc_url(
					add_query_arg(
						array(
							'page'     => 'breznflow-add',
							'step'     => '2',
							'post_id'  => $post_id,
							'_wpnonce' => wp_create_nonce( 'breznflow_wizard_step' ),
						),
						admin_url( 'admin.php' )
					)
				);
				?>
				"
					class="button button-secondary"><?php esc_html_e( '← Edit Settings', 'breznflow' ); ?></a>
				<button type="submit" class="button button-primary button-hero">
					<?php esc_html_e( 'Publish Workflow', 'breznflow' ); ?>
				</button>
			</p>
		</form>
	</div>
</div>