Inspection of "Add option validation" - Strategy11/formidable-forms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#2337)

unknown

created 2025-04-29 16:16 UTC

Status

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

@@ -491,7 +491,8 @@
 block discarded – undo
 
 	public static function process_entry( $errors = '', $ajax = false ) {
 		$form_id = FrmAppHelper::get_post_param( 'form_id', '', 'absint' );
-		if ( FrmAppHelper::is_admin() || empty( $_POST ) || empty( $form_id ) || ! isset( $_POST['item_key'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		if ( FrmAppHelper::is_admin() || empty( $_POST ) || empty( $form_id ) || ! isset( $_POST['item_key'] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 			return;
 		}
 

Please login to merge, or discard this patch.

classes/helpers/FrmEntriesHelper.php 1 patch

Braces +14 added lines, -7 removed lines patch added patch discarded remove patch

@@ -114,13 +114,16 @@  discard block
 block discarded – undo
 	 */
 	public static function value_is_posted( $field, $args ) {
 		$value_is_posted = false;
-		if ( $_POST ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		if ( $_POST ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 			$repeating = isset( $args['repeating'] ) && $args['repeating'];
 			if ( $repeating ) {
-				if ( isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ][ $field->id ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+				if ( isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ][ $field->id ] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 					$value_is_posted = true;
 				}
-			} elseif ( isset( $_POST['item_meta'][ $field->id ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+			} elseif ( isset( $_POST['item_meta'][ $field->id ] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 				$value_is_posted = true;
 			}
 		}
@@ -322,8 +325,10 @@  discard block
 block discarded – undo
 	 * @since 4.01
 	 */
 	private static function set_parent_field_posted_value( $field, $value, $args ) {
-		if ( isset( $_POST['item_meta'][ $args['parent_field_id'] ] ) && is_array( $_POST['item_meta'][ $args['parent_field_id'] ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
-			if ( ! isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ] ) || ! is_array( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		if ( isset( $_POST['item_meta'][ $args['parent_field_id'] ] ) && is_array( $_POST['item_meta'][ $args['parent_field_id'] ] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
+			if ( ! isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ] ) || ! is_array( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 				$_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ] = array(); // phpcs:ignore WordPress.Security.NonceVerification.Missing
 			}
 		} else {
@@ -395,7 +400,8 @@  discard block
 block discarded – undo
 		self::set_other_repeating_vals( $field, $value, $args );
 
 		// Check if there are any posted "Other" values.
-		if ( FrmField::is_option_true( $field, 'other' ) && isset( $_POST['item_meta']['other'][ $field->id ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		if ( FrmField::is_option_true( $field, 'other' ) && isset( $_POST['item_meta']['other'][ $field->id ] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 
 			// Save original value.
 			$args['temp_value'] = $value;
@@ -425,7 +431,8 @@  discard block
 block discarded – undo
 		}
 
 		// Check if there are any other posted "other" values for this field.
-		if ( FrmField::is_option_true( $field, 'other' ) && isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ]['other'][ $field->id ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		if ( FrmField::is_option_true( $field, 'other' ) && isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ]['other'][ $field->id ] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 			// Save original value
 			$args['temp_value'] = $value;
 			$args['other']      = true;

Please login to merge, or discard this patch.

classes/models/FrmSolution.php 1 patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

@@ -42,7 +42,8 @@
 block discarded – undo
 		}
 
 		// Only do this for single site installs.
-		if ( isset( $_GET['activate-multi'] ) || is_network_admin() ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		if ( isset( $_GET['activate-multi'] ) || is_network_admin() ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 			return;
 		}
 

Please login to merge, or discard this patch.

classes/models/FrmStyle.php 1 patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

@@ -67,7 +67,8 @@
 block discarded – undo
 			$new_instance = (array) $new_instance;
 			$this->id     = $new_instance['ID'];
 
-			if ( $id != $this->id || ! $_POST || ! isset( $_POST['frm_style_setting'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+			if ( $id != $this->id || ! $_POST || ! isset( $_POST['frm_style_setting'] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 				// Don't continue if not saving this style.
 				continue;
 			}

Please login to merge, or discard this patch.

classes/helpers/FrmStylesHelper.php 1 patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

@@ -285,7 +285,8 @@
 block discarded – undo
 	public static function get_settings_for_output( $style ) {
 		if ( self::previewing_style() ) {
 			$frm_style = new FrmStyle();
-			if ( isset( $_POST['frm_style_setting'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+			if ( isset( $_POST['frm_style_setting'] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 
 				// Sanitizing is done later.
 				$posted = wp_unslash( $_POST['frm_style_setting'] ); //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing

Please login to merge, or discard this patch.

classes/models/FrmEntryValidate.php 1 patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

@@ -145,7 +145,8 @@
 block discarded – undo
 
 		if ( $posted_field->required == '1' && FrmAppHelper::is_empty_value( $value ) ) {
 			$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' );
-		} elseif ( ! isset( $_POST['item_name'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		} elseif ( ! isset( $_POST['item_name'] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 			self::maybe_add_item_name( $value, $posted_field );
 		}
 

Please login to merge, or discard this patch.

classes/models/FrmAddon.php 1 patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

@@ -465,7 +465,8 @@
 block discarded – undo
 	}
 
 	private function is_license_revoked() {
-		if ( empty( $this->license ) || empty( $this->plugin_slug ) || isset( $_POST['license'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		if ( empty( $this->license ) || empty( $this->plugin_slug ) || isset( $_POST['license'] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 			return;
 		}
 

Please login to merge, or discard this patch.

classes/controllers/FrmOnboardingWizardController.php 1 patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

@@ -138,7 +138,8 @@
 block discarded – undo
 		}
 
 		// Only do this for single site installs.
-		if ( is_network_admin() ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		if ( is_network_admin() ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 			self::mark_onboarding_as_skipped();
 			return;
 		}

Please login to merge, or discard this patch.

classes/helpers/FrmAppHelper.php 1 patch

Braces +4 added lines, -2 removed lines patch added patch discarded remove patch

@@ -524,7 +524,8 @@  discard block
 block discarded – undo
 
 		if ( $src === 'get' ) {
 			$value = isset( $_POST[ $param ] ) ? wp_unslash( $_POST[ $param ] ) : ( isset( $_GET[ $param ] ) ? wp_unslash( $_GET[ $param ] ) : $default ); // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
-			if ( ! isset( $_POST[ $param ] ) && isset( $_GET[ $param ] ) && ! is_array( $value ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+			if ( ! isset( $_POST[ $param ] ) && isset( $_GET[ $param ] ) && ! is_array( $value ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 				// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
 				$value = htmlspecialchars_decode( wp_unslash( $_GET[ $param ] ) );
 			}
@@ -612,7 +613,8 @@  discard block
 block discarded – undo
 				$value = wp_unslash( $_GET[ $args['param'] ] );
 			}
 		} elseif ( $args['type'] === 'post' ) {
-			if ( isset( $_POST[ $args['param'] ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+			if ( isset( $_POST[ $args['param'] ] ) ) {
+// phpcs:ignore WordPress.Security.NonceVerification.Missing
 				// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
 				$value = wp_unslash( $_POST[ $args['param'] ] );
 				if ( $args['serialized'] === true && is_serialized_string( $value ) && is_serialized( $value ) ) {

Please login to merge, or discard this patch.

		@@ -491,7 +491,8 @@
		block discarded – undo
491	491
492	492	public static function process_entry( $errors = '', $ajax = false ) {
493	493	$form_id = FrmAppHelper::get_post_param( 'form_id', '', 'absint' );
494		- if ( FrmAppHelper::is_admin() \|\| empty( $_POST ) \|\| empty( $form_id ) \|\| ! isset( $_POST['item_key'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	494	+ if ( FrmAppHelper::is_admin() \|\| empty( $_POST ) \|\| empty( $form_id ) \|\| ! isset( $_POST['item_key'] ) ) {
	495	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
495	496	return;
496	497	}
497	498

		@@ -114,13 +114,16 @@ discard block
		block discarded – undo
114	114	*/
115	115	public static function value_is_posted( $field, $args ) {
116	116	$value_is_posted = false;
117		- if ( $_POST ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	117	+ if ( $_POST ) {
	118	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
118	119	$repeating = isset( $args['repeating'] ) && $args['repeating'];
119	120	if ( $repeating ) {
120		- if ( isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ][ $field->id ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	121	+ if ( isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ][ $field->id ] ) ) {
	122	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
121	123	$value_is_posted = true;
122	124	}
123		- } elseif ( isset( $_POST['item_meta'][ $field->id ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	125	+ } elseif ( isset( $_POST['item_meta'][ $field->id ] ) ) {
	126	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
124	127	$value_is_posted = true;
125	128	}
126	129	}
		@@ -322,8 +325,10 @@ discard block
		block discarded – undo
322	325	* @since 4.01
323	326	*/
324	327	private static function set_parent_field_posted_value( $field, $value, $args ) {
325		- if ( isset( $_POST['item_meta'][ $args['parent_field_id'] ] ) && is_array( $_POST['item_meta'][ $args['parent_field_id'] ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
326		- if ( ! isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ] ) \|\| ! is_array( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	328	+ if ( isset( $_POST['item_meta'][ $args['parent_field_id'] ] ) && is_array( $_POST['item_meta'][ $args['parent_field_id'] ] ) ) {
	329	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
	330	+ if ( ! isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ] ) \|\| ! is_array( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ] ) ) {
	331	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
327	332	$_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ] = array(); // phpcs:ignore WordPress.Security.NonceVerification.Missing
328	333	}
329	334	} else {
		@@ -395,7 +400,8 @@ discard block
		block discarded – undo
395	400	self::set_other_repeating_vals( $field, $value, $args );
396	401
397	402	// Check if there are any posted "Other" values.
398		- if ( FrmField::is_option_true( $field, 'other' ) && isset( $_POST['item_meta']['other'][ $field->id ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	403	+ if ( FrmField::is_option_true( $field, 'other' ) && isset( $_POST['item_meta']['other'][ $field->id ] ) ) {
	404	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
399	405
400	406	// Save original value.
401	407	$args['temp_value'] = $value;
		@@ -425,7 +431,8 @@ discard block
		block discarded – undo
425	431	}
426	432
427	433	// Check if there are any other posted "other" values for this field.
428		- if ( FrmField::is_option_true( $field, 'other' ) && isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ]['other'][ $field->id ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	434	+ if ( FrmField::is_option_true( $field, 'other' ) && isset( $_POST['item_meta'][ $args['parent_field_id'] ][ $args['key_pointer'] ]['other'][ $field->id ] ) ) {
	435	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
429	436	// Save original value
430	437	$args['temp_value'] = $value;
431	438	$args['other'] = true;

		@@ -67,7 +67,8 @@
		block discarded – undo
67	67	$new_instance = (array) $new_instance;
68	68	$this->id = $new_instance['ID'];
69	69
70		- if ( $id != $this->id \|\| ! $_POST \|\| ! isset( $_POST['frm_style_setting'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	70	+ if ( $id != $this->id \|\| ! $_POST \|\| ! isset( $_POST['frm_style_setting'] ) ) {
	71	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
71	72	// Don't continue if not saving this style.
72	73	continue;
73	74	}

		@@ -285,7 +285,8 @@
		block discarded – undo
285	285	public static function get_settings_for_output( $style ) {
286	286	if ( self::previewing_style() ) {
287	287	$frm_style = new FrmStyle();
288		- if ( isset( $_POST['frm_style_setting'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	288	+ if ( isset( $_POST['frm_style_setting'] ) ) {
	289	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
289	290
290	291	// Sanitizing is done later.
291	292	$posted = wp_unslash( $_POST['frm_style_setting'] ); //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing

		@@ -145,7 +145,8 @@
		block discarded – undo
145	145
146	146	if ( $posted_field->required == '1' && FrmAppHelper::is_empty_value( $value ) ) {
147	147	$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' );
148		- } elseif ( ! isset( $_POST['item_name'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	148	+ } elseif ( ! isset( $_POST['item_name'] ) ) {
	149	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
149	150	self::maybe_add_item_name( $value, $posted_field );
150	151	}
151	152

		@@ -42,7 +42,8 @@
		block discarded – undo
42	42	}
43	43
44	44	// Only do this for single site installs.
45		- if ( isset( $_GET['activate-multi'] ) \|\| is_network_admin() ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	45	+ if ( isset( $_GET['activate-multi'] ) \|\| is_network_admin() ) {
	46	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
46	47	return;
47	48	}
48	49

		@@ -465,7 +465,8 @@
		block discarded – undo
465	465	}
466	466
467	467	private function is_license_revoked() {
468		- if ( empty( $this->license ) \|\| empty( $this->plugin_slug ) \|\| isset( $_POST['license'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	468	+ if ( empty( $this->license ) \|\| empty( $this->plugin_slug ) \|\| isset( $_POST['license'] ) ) {
	469	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
469	470	return;
470	471	}
471	472

		@@ -138,7 +138,8 @@
		block discarded – undo
138	138	}
139	139
140	140	// Only do this for single site installs.
141		- if ( is_network_admin() ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	141	+ if ( is_network_admin() ) {
	142	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
142	143	self::mark_onboarding_as_skipped();
143	144	return;
144	145	}

		@@ -524,7 +524,8 @@ discard block
		block discarded – undo
524	524
525	525	if ( $src === 'get' ) {
526	526	$value = isset( $_POST[ $param ] ) ? wp_unslash( $_POST[ $param ] ) : ( isset( $_GET[ $param ] ) ? wp_unslash( $_GET[ $param ] ) : $default ); // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
527		- if ( ! isset( $_POST[ $param ] ) && isset( $_GET[ $param ] ) && ! is_array( $value ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	527	+ if ( ! isset( $_POST[ $param ] ) && isset( $_GET[ $param ] ) && ! is_array( $value ) ) {
	528	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
528	529	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
529	530	$value = htmlspecialchars_decode( wp_unslash( $_GET[ $param ] ) );
530	531	}
		@@ -612,7 +613,8 @@ discard block
		block discarded – undo
612	613	$value = wp_unslash( $_GET[ $args['param'] ] );
613	614	}
614	615	} elseif ( $args['type'] === 'post' ) {
615		- if ( isset( $_POST[ $args['param'] ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
	616	+ if ( isset( $_POST[ $args['param'] ] ) ) {
	617	+// phpcs:ignore WordPress.Security.NonceVerification.Missing
616	618	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
617	619	$value = wp_unslash( $_POST[ $args['param'] ] );
618	620	if ( $args['serialized'] === true && is_serialized_string( $value ) && is_serialized( $value ) ) {

Strategy11 / formidable-forms

Pull Request — master (#2337)

Status

Category

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

Braces +14 added lines, -7 removed lines patch added patch discarded remove patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

Braces +2 added lines, -1 removed lines patch added patch discarded remove patch

Braces +4 added lines, -2 removed lines patch added patch discarded remove patch