Update sniff to catch more variables declared before returns where th…

classes/controllers/FrmAddonsController.php

@@ -769,19 +769,20 @@
 	 */
 	public static function get_addon_for_license( $addons, $license ) {
 		$download_id = $license->download_id;
-		$plugin      = array();
 
 		if ( ! $download_id && ! empty( $addons ) ) {
 			foreach ( $addons as $addon ) {
 				if ( strtolower( $license->plugin_name ) === strtolower( $addon['title'] ) ) {
 					return $addon;
 				}
+
+				$plugin = array();
 			}
 		} elseif ( isset( $addons[ $download_id ] ) ) {
 			$plugin = $addons[ $download_id ];
 		}
 
 		return $plugin;
 	}
 
 	/**

classes/controllers/FrmAppController.php

@@ -278,13 +278,13 @@ public static function get_form_nav( $form, $show_nav = false, $title = 'show' )
 	 * @return string
 	 */
 	private static function get_current_page() {
-		$page      = FrmAppHelper::simple_get( 'page', 'sanitize_title' );
-		$post_type = FrmAppHelper::simple_get( 'post_type', 'sanitize_title', 'None' );
-
 		if ( FrmAppHelper::is_view_builder_page() ) {
 			return 'frm_display';
 		}
 
+		$post_type = FrmAppHelper::simple_get( 'post_type', 'sanitize_title', 'None' );
+		$page      = FrmAppHelper::simple_get( 'page', 'sanitize_title' );
+
 		return isset( $_GET['page'] ) ? $page : $post_type;
 	}
 

classes/controllers/FrmFormActionsController.php

@@ -333,17 +333,18 @@
 			$temp_actions = $temp_actions->actions;
 		}
 
-		$actions = array();
 
 		foreach ( $temp_actions as $a ) {
 			if ( 'all' !== $action && $a->id_base === $action ) {
 				return $a;
 			}
 
+			$actions = array();
+
 			$actions[ $a->id_base ] = $a;
 		}
 
 		return $actions;
 	}
 
 	/**

classes/controllers/FrmWelcomeTourController.php

@@ -279,14 +279,15 @@ public static function maybe_mark_welcome_tour_as_seen() {
 	 * @return void
 	 */
 	public static function render() {
-		$view_path         = FrmAppHelper::plugin_path() . '/classes/views/welcome-tour/';
 		$is_tour_completed = self::is_tour_completed();
 		$current_form_id   = self::get_current_form_id();
 
 		if ( $is_tour_completed ) {
 			if ( ! $current_form_id ) {
 				return;
 			}
+
+			$view_path = FrmAppHelper::plugin_path() . '/classes/views/welcome-tour/';
 			self::mark_completed_as_seen();
 			$steps_path = $view_path . 'steps/step-completed.php';
 		} else {

classes/helpers/FrmAppHelper.php

@@ -3060,27 +3060,29 @@ public static function truncate( $original_string, $length, $minword = 3, $conti
 			return '';
 		}
 
-		$length       = (int) $length;
-		$str          = wp_strip_all_tags( (string) $original_string );
-		$original_len = self::mb_function( array( 'mb_strlen', 'strlen' ), array( $str ) );
+		$length = (int) $length;
 
 		if ( $length === 0 ) {
 			return '';
 		}
 
+		$str          = wp_strip_all_tags( (string) $original_string );
+		$original_len = self::mb_function( array( 'mb_strlen', 'strlen' ), array( $str ) );
+
 		if ( $length <= 10 ) {
 			$sub = self::mb_function( array( 'mb_substr', 'substr' ), array( $str, 0, $length ) );
 			return $sub . ( $length < $original_len ? $continue : '' );
 		}
 
 		$sub   = '';
-		$len   = 0;
 		$words = self::mb_function( array( 'mb_split', 'explode' ), array( ' ', $str ) );
 
 		if ( ! is_array( $words ) ) {
 			return $original_string;
 		}
 
+		$len = 0;
+
 		foreach ( $words as $word ) {
 			$part      = ( $sub !== '' ? ' ' : '' ) . $word;
 			$total_len = self::mb_function( array( 'mb_strlen', 'strlen' ), array( $sub . $part ) );

classes/helpers/FrmFieldsHelper.php

@@ -227,45 +227,46 @@
 		if ( isset( self::$context_is_safe_to_load_field_options_from_request_data ) ) {
 			return self::$context_is_safe_to_load_field_options_from_request_data;
 		}
+	}
+
+	if ( ! $_POST || ! isset( $_POST['field_options'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		return false;
+	}
+
+	if ( ! current_user_can( 'frm_edit_forms' ) ) {
+		return false;
+	}
 
 		$function = function () {
 			if ( ! FrmAppHelper::is_admin_page() ) {
 				return false;
-			}
 
-			if ( ! $_POST || ! isset( $_POST['field_options'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
-				return false;
-			}
-
-			if ( ! current_user_can( 'frm_edit_forms' ) ) {
-				return false;
-			}
+				$action = FrmAppHelper::get_post_param( 'action', '', 'sanitize_title' );
 
-			$action = FrmAppHelper::get_post_param( 'action', '', 'sanitize_title' );
+				if ( 'frm_forms_preview' === $action ) {
+					// Never trigger when previewing.
+					return false;
+				}
 
-			if ( 'frm_forms_preview' === $action ) {
-				// Never trigger when previewing.
-				return false;
-			}
+				// Confirm an allowed action is being used, and that the correct nonce is being used.
+				if ( 'update' === $action ) {
+					$nonce = FrmAppHelper::get_post_param( 'frm_save_form', '', 'sanitize_text_field' );
+					return wp_verify_nonce( $nonce, 'frm_save_form_nonce' );
+				}
 
-			// Confirm an allowed action is being used, and that the correct nonce is being used.
-			if ( 'update' === $action ) {
-				$nonce = FrmAppHelper::get_post_param( 'frm_save_form', '', 'sanitize_text_field' );
-				return wp_verify_nonce( $nonce, 'frm_save_form_nonce' );
-			}
+				$action = FrmAppHelper::get_post_param( 'frm_action', '', 'sanitize_title' );
 
-			$action = FrmAppHelper::get_post_param( 'frm_action', '', 'sanitize_title' );
+				if ( 'update_settings' === $action ) {
+					$nonce = FrmAppHelper::get_post_param( 'process_form', '', 'sanitize_text_field' );
+					return wp_verify_nonce( $nonce, 'process_form_nonce' );
+				}
+			};//end if
 
-			if ( 'update_settings' === $action ) {
-				$nonce = FrmAppHelper::get_post_param( 'process_form', '', 'sanitize_text_field' );
-				return wp_verify_nonce( $nonce, 'process_form_nonce' );
-			}
-		};
 
-		self::$context_is_safe_to_load_field_options_from_request_data = $function();
+			self::$context_is_safe_to_load_field_options_from_request_data = $function();
 
-		return self::$context_is_safe_to_load_field_options_from_request_data;
-	}
+			return self::$context_is_safe_to_load_field_options_from_request_data;
+		}
 
 	/**
 	 * Fill the required message, invalid message,
@@ -278,7 +279,7 @@
 	 *
 	 * @return void
 	 */
 	private static function fill_cleared_strings( $field, array &$field_array ) {
 		// phpcs:ignore Universal.Operators.StrictComparisons
 		if ( '' == $field_array['blank'] && '1' === $field_array['required'] ) {
 			$field_array['blank'] = self::default_blank_msg();
@@ -304,7 +305,7 @@
 	 *
 	 * @return string
 	 */
 	public static function default_invalid_msg() {
 		/* translators: %s: [field_name] shortcode (Which gets replaced by a Field Name) */
 		return sprintf( __( '%s is invalid', 'formidable' ), '[field_name]' );
 	}
@@ -314,7 +315,7 @@
 	 *
 	 * @return string
 	 */
 	public static function default_unique_msg() {
 		$frm_settings   = FrmAppHelper::get_settings();
 		$unique_message = $frm_settings->unique_msg;
 		return str_replace( 'This value', '[field_name]', $unique_message );
@@ -325,7 +326,7 @@
 	 *
 	 * @return string
 	 */
 	public static function default_blank_msg() {
 		$frm_settings  = FrmAppHelper::get_settings();
 		$blank_message = $frm_settings->blank_msg;
 		return str_replace( 'This field', '[field_name]', $blank_message );
@@ -341,7 +342,7 @@
 	 *
 	 * @return void
 	 */
 	private static function get_posted_field_setting( $setting, &$value ) {
 		if ( ! isset( $_POST['field_options'][ $setting ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
 			return;
 		}
@@ -1529,8 +1530,6 @@
 		$args      = wp_parse_args( $args, $defaults );
 		$opt_key   = $args['opt_key'];
 		$field     = $args['field'];
-		$parent    = $args['parent'];
-		$pointer   = $args['pointer'];
 		$other_val = '';
 
 		// If option is an "other" option and there is a value set for this field,
@@ -1539,6 +1538,9 @@
 			return $other_val;
 		}
 
+		$pointer = $args['pointer'];
+		$parent  = $args['parent'];
+
 		// Check posted vals before checking saved values
 		// For fields inside repeating sections - note, don't check if $pointer is true because it will often be zero
 		if ( $parent && isset( $_POST['item_meta'][ $parent ][ $pointer ]['other'][ $field['id'] ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing

classes/helpers/FrmFormsHelper.php

@@ -1853,15 +1853,16 @@ private static function get_unsafe_params( $url ) {
 	 * @return bool|string A string with an unsafe param message or false.
 	 */
 	private static function create_unsafe_param_warning( $unsafe_params_in_redirect ) {
-		$count                = count( $unsafe_params_in_redirect );
-		$caution              = esc_html__( 'Is this intentional?', 'formidable' );
-		$reserved_words_intro = esc_html__( 'See the list of reserved words in WordPress.', 'formidable' );
-		$reserved_words_link  = '<a href="https://codex.wordpress.org/WordPress_Query_Vars" target="_blank"> ' . $reserved_words_intro . '</a>';
+		$count = count( $unsafe_params_in_redirect );
 
 		if ( $count === 0 ) {
 			return false;
 		}
 
+		$reserved_words_intro = esc_html__( 'See the list of reserved words in WordPress.', 'formidable' );
+		$reserved_words_link  = '<a href="https://codex.wordpress.org/WordPress_Query_Vars" target="_blank"> ' . $reserved_words_intro . '</a>';
+		$caution              = esc_html__( 'Is this intentional?', 'formidable' );
+
 		if ( $count === 1 ) {
 			/* translators: %s: the name of a single parameter in the redirect URL */
 			return sprintf( esc_html__( 'The redirect URL is using the parameter "%s", which is reserved by WordPress. ', 'formidable' ), $unsafe_params_in_redirect[0] ) . $caution . $reserved_words_link; // phpcs:ignore SlevomatCodingStandard.Files.LineLength.LineTooLong

classes/helpers/FrmListHelper.php

@@ -500,12 +500,12 @@ private function get_bulk_action( $action_name ) {
 	 */
 	protected function row_actions( $actions, $always_visible = false ) {
 		$action_count = count( $actions );
-		$i            = 0;
 
 		if ( ! $action_count ) {
 			return '';
 		}
 
+		$i   = 0;
 		$out = '<div class="' . ( $always_visible ? 'row-actions visible' : 'row-actions' ) . '">';
 
 		foreach ( $actions as $action => $link ) {

classes/helpers/FrmSubmitHelper.php

@@ -201,13 +201,13 @@ public static function remove_submit_field_from_list( &$fields ) {
 	 * @return false|object Return the last found submit field, or `false` if there is at least another field.
 	 */
 	public static function only_contains_submit_field( $fields ) {
-		$submit_field = false;
-
 		foreach ( $fields as $field ) {
 			if ( self::FIELD_TYPE !== FrmField::get_field_type( $field ) ) {
 				return false;
 			}
 
+			$submit_field = false;
+
 			$submit_field = $field;
 		}
 

classes/helpers/FrmXMLHelper.php

@@ -1796,14 +1796,15 @@ private static function add_image_src_to_image_options( $field ) {
 			return;
 		}
 
-		$updated = false;
 		$options = $field->options;
 		FrmAppHelper::unserialize_or_decode( $options );
 
 		if ( ! $options || ! is_array( $options ) ) {
 			return;
 		}
 
+		$updated = false;
+
 		foreach ( $options as $key => $option ) {
 			if ( is_array( $option ) && ! empty( $option['image'] ) ) {
 				$options[ $key ]['src'] = wp_get_attachment_url( $option['image'] );

classes/models/FrmApplicationTemplate.php

@@ -246,9 +246,8 @@ private function is_available_for_purchase() {
 			return false;
 		}
 
-		$license_type = '';
-		$api          = new FrmFormApi();
-		$addons       = $api->get_api_info();
+		$api    = new FrmFormApi();
+		$addons = $api->get_api_info();
 
 		if ( ! array_key_exists( 93790, $addons ) ) {
 			return false;
@@ -260,6 +259,8 @@ private function is_available_for_purchase() {
 			return false;
 		}
 
+		$license_type = '';
+
 		$license_type = strtolower( $pro['type'] );
 		$args         = array(
 			'license_type'  => $license_type,

classes/models/FrmField.php

@@ -433,12 +433,13 @@ public static function create( $values, $return = true ) {
 		}
 
 		self::delete_form_transient( $new_values['form_id'] );
-		$new_id = $wpdb->insert_id;
 
 		if ( ! $return ) {
 			return false;
 		}
 
+		$new_id = $wpdb->insert_id;
+
 		if ( isset( $values['id'] ) ) {
 			$frm_duplicate_ids[ $values['id'] ] = $new_id;
 		}

classes/models/FrmFormAction.php

@@ -459,13 +459,14 @@ private function duplicate_array_walk( $action, $subkey, $val ) {
 	public function update_callback( $form_id ) {
 		$this->form_id = $form_id;
 
-		$all_instances = $this->get_settings();
 
 		// We need to update the data
 		if ( $this->updated ) {
 			return null;
 		}
 
+		$all_instances = $this->get_settings();
+
 		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		if ( isset( $_POST[ $this->option_name ] ) && is_array( $_POST[ $this->option_name ] ) ) {
 			// Sanitizing removes scripts and <email> type of values.

classes/models/FrmFormApi.php

@@ -258,13 +258,14 @@ public function get_addon_for_license( $license_plugin, $addons = array() ) {
 		}
 
 		$download_id = $license_plugin->download_id;
-		$plugin      = array();
 
 		if ( ! $download_id && ! empty( $addons ) ) {
 			foreach ( $addons as $addon ) {
 				if ( is_array( $addon ) && ! empty( $addon['title'] ) && strtolower( $license_plugin->plugin_name ) === strtolower( $addon['title'] ) ) {
 					return $addon;
 				}
+
+				$plugin = array();
 			}
 		} elseif ( isset( $addons[ $download_id ] ) ) {
 			$plugin = $addons[ $download_id ];

classes/models/FrmInbox.php

@@ -447,13 +447,13 @@ private static function get_prepared_banner_cta( $cta ) {
 			 * @return string
 			 */
 			function ( $matches ) {
-				$url   = $matches[2];
-				$parts = parse_url( $url );
+				$url = $matches[2];
 
 				if ( '#' === $url ) {
 					return 'href="#"';
 				}
 
+				$parts = parse_url( $url );
 				$query = array();
 
 				if ( isset( $parts['query'] ) ) {

classes/models/FrmSpamCheckUseWPComments.php

@@ -31,13 +31,14 @@ protected function check() {
 		$ip_address      = FrmAppHelper::get_ip_address();
 		$whitelist_ip    = FrmAntiSpamController::get_allowed_ips();
 		$is_whitelist_ip = in_array( $ip_address, $whitelist_ip, true );
-		$item_meta       = FrmAppHelper::array_flatten( $this->values['item_meta'] );
 
 		foreach ( $spam_comments as $comment ) {
 			if ( ! $is_whitelist_ip && $ip_address === $comment->comment_author_IP ) {
 				return true;
 			}
 
+			$item_meta = FrmAppHelper::array_flatten( $this->values['item_meta'] );
+
 			foreach ( $item_meta as $value ) {
 				if ( ! $value ) {
 					continue;

classes/models/fields/FrmFieldCaptcha.php

@@ -288,10 +288,9 @@ protected function allow_multiple( $frm_settings ) {
 	 * @return array
 	 */
 	protected function validate_against_api( $args ) {
-		$errors       = array();
-		$frm_settings = FrmAppHelper::get_settings();
-		$resp         = $this->send_api_check();
-		$response     = json_decode( wp_remote_retrieve_body( $resp ), true );
+		$errors   = array();
+		$resp     = $this->send_api_check();
+		$response = json_decode( wp_remote_retrieve_body( $resp ), true );
 
 		if ( is_wp_error( $resp ) ) {
 			$error_string                     = $resp->get_error_message();
@@ -304,6 +303,8 @@ protected function validate_against_api( $args ) {
 			return $errors;
 		}
 
+		$frm_settings = FrmAppHelper::get_settings();
+
 		if ( $frm_settings->active_captcha === 'recaptcha' ) {
 			if ( 'v3' === $frm_settings->re_type && array_key_exists( 'score', $response ) ) {
 				$threshold = floatval( $frm_settings->re_threshold );

classes/models/fields/FrmFieldName.php

@@ -148,12 +148,13 @@ protected function prepare_display_value( $value, $atts ) {
 			return $value;
 		}
 
-		$name_layout = $this->get_name_layout();
 
 		if ( ! empty( $atts['show'] ) ) {
 			return $value[ $atts['show'] ] ?? '';
 		}
 
+		$name_layout = $this->get_name_layout();
+
 		$value = wp_parse_args(
 			$value,
 			array(