Strategy11 · Crabcyborg · Jan 27, 2026 · Jan 27, 2026 · coderabbitai · Jan 27, 2026
diff --git a/classes/controllers/FrmAddonsController.php b/classes/controllers/FrmAddonsController.php
@@ -1293,7 +1293,7 @@ public static function connect_link() {
 
 		if ( ! $auth ) {
 			$auth = hash( 'sha512', wp_rand() );
-			update_option( 'frm_connect_token', $auth, 'no' );
+			update_option( 'frm_connect_token', $auth, false );
 		}
 
 		$page = FrmAppHelper::simple_get( 'page', 'sanitize_title', 'formidable-settings' );

diff --git a/classes/controllers/FrmAppController.php b/classes/controllers/FrmAppController.php
@@ -1199,7 +1199,7 @@ public static function api_install() {
 			$running = get_option( 'frm_install_running' );
 
 			if ( false === $running || $running < strtotime( '-5 minutes' ) ) {
-				update_option( 'frm_install_running', time(), 'no' );
+				update_option( 'frm_install_running', time(), false );
 				self::install();
 				delete_option( 'frm_install_running' );
 			}

diff --git a/classes/controllers/FrmDashboardController.php b/classes/controllers/FrmDashboardController.php
@@ -541,7 +541,7 @@ private static function get_dashboard_options( $option_name = null ) {
 	private static function update_dashboard_options( $data, $option_name ) {
 		$options                 = self::get_dashboard_options();
 		$options[ $option_name ] = $data;
-		update_option( self::OPTION_META_NAME, $options, 'no' );
+		update_option( self::OPTION_META_NAME, $options, false );
 	}
 
 	/**

diff --git a/classes/controllers/FrmOnboardingWizardController.php b/classes/controllers/FrmOnboardingWizardController.php
@@ -455,7 +455,7 @@ public static function has_onboarding_been_skipped() {
 	 * @return void
 	 */
 	public static function mark_onboarding_as_skipped() {
-		update_option( self::ONBOARDING_SKIPPED_OPTION, true, 'no' );
+		update_option( self::ONBOARDING_SKIPPED_OPTION, true, false );
 	}
 
 	/**
@@ -507,7 +507,7 @@ private static function has_already_redirected() {
 			return true;
 		}
 
-		update_option( self::REDIRECT_STATUS_OPTION, FrmAppHelper::plugin_version(), 'no' );
+		update_option( self::REDIRECT_STATUS_OPTION, FrmAppHelper::plugin_version(), false );
 		return false;
 	}
 

diff --git a/classes/controllers/FrmOverlayController.php b/classes/controllers/FrmOverlayController.php
@@ -131,7 +131,7 @@ private function get_options_data() {
 	 * @return void
 	 */
 	private function update_options_data() {
-		update_option( $this->option_meta_name, $this->options_data, 'no' );
+		update_option( $this->option_meta_name, $this->options_data, false );
 	}
 
 	/**

diff --git a/classes/controllers/FrmSettingsController.php b/classes/controllers/FrmSettingsController.php
@@ -471,7 +471,7 @@ public static function settings_cta_dismiss() {
 		check_ajax_referer( 'frm_ajax', 'nonce' );
 		FrmAppHelper::permission_check( 'frm_change_settings' );
 
-		update_option( 'frm_lite_settings_upgrade', time(), 'no' );
+		update_option( 'frm_lite_settings_upgrade', time(), false );
 
 		wp_send_json_success();
 	}

diff --git a/classes/helpers/FrmAppHelper.php b/classes/helpers/FrmAppHelper.php
@@ -4882,7 +4882,7 @@ public static function dismiss_warning_message( $option = '' ) {
 		check_ajax_referer( 'frm_ajax', 'nonce' );
 
 		if ( $option ) {
-			update_option( $option, true, 'no' );
+			update_option( $option, true, false );
 		}
 
 		wp_send_json_success();

diff --git a/classes/helpers/FrmFormMigratorsHelper.php b/classes/helpers/FrmFormMigratorsHelper.php
@@ -190,7 +190,7 @@ public static function dismiss_migrator() {
 		}
 
 		$dismissed[] = FrmAppHelper::get_param( 'plugin', '', 'post', 'sanitize_text_field' );
-		update_option( 'frm_dismissed', array_filter( $dismissed ), 'no' );
+		update_option( 'frm_dismissed', array_filter( $dismissed ), false );
 		wp_die();
 	}
 }
diff --git a/classes/models/FrmFormState.php b/classes/models/FrmFormState.php
@@ -260,7 +260,7 @@ private static function get_encryption_secret() {
 
 		// We don't have a secret, so let's generate one.
 		$secret_key = is_callable( 'sodium_crypto_secretbox_keygen' ) ? sodium_crypto_secretbox_keygen() : wp_generate_password( 32, true, true );
-		update_option( 'frm_form_state_key', base64_encode( $secret_key ), 'no' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
+		update_option( 'frm_form_state_key', base64_encode( $secret_key ), false ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
 
 		return $secret_key;
 	}

diff --git a/classes/models/FrmFormTemplateApi.php b/classes/models/FrmFormTemplateApi.php
@@ -79,7 +79,7 @@ protected function skip_categories() {
 	 * @return void
 	 */
 	public static function set_free_license_code( $code ) {
-		update_option( self::$code_option_name, $code, 'no' );
+		update_option( self::$code_option_name, $code, false );
 	}
 
 	/**

diff --git a/classes/models/FrmInbox.php b/classes/models/FrmInbox.php
@@ -406,7 +406,7 @@ public function remove( $key ) {
 	 * @return void
 	 */
 	private function update_list() {
-		update_option( $this->option, self::$messages, 'no' );
+		update_option( $this->option, self::$messages, false );
 	}
 
 	/**

diff --git a/classes/models/FrmPluginSearch.php b/classes/models/FrmPluginSearch.php
@@ -238,7 +238,7 @@ protected function get_dismissed_hints() {
 	 */
 	protected function add_to_dismissed_hints( $hint ) {
 		$hints = array_merge( $this->get_dismissed_hints(), array( $hint ) );
-		return update_option( self::$dismissed_opt, $hints, 'no' );
+		return update_option( self::$dismissed_opt, $hints, false );
 	}
 
 	/**

diff --git a/classes/models/FrmSettings.php b/classes/models/FrmSettings.php
@@ -280,7 +280,7 @@ private function translate_settings( $settings ) {
 		// If unserializing didn't work.
 		$settings = $this;
 
-		update_option( $this->option_name, $settings, 'yes' );
+		update_option( $this->option_name, $settings, true );
 
 		return $settings;
 	}

diff --git a/classes/models/FrmStyle.php b/classes/models/FrmStyle.php
@@ -422,7 +422,7 @@ public function save_settings() {
 		);
 		$create_file->create_file( $css );
 
-		update_option( 'frmpro_css', $css, 'no' );
+		update_option( 'frmpro_css', $css, false );
 		set_transient( 'frmpro_css', $css, MONTH_IN_SECONDS );
 	}
 

diff --git a/classes/models/FrmUsage.php b/classes/models/FrmUsage.php
@@ -61,7 +61,7 @@ public function uuid( $regenerate = false ) {
 			// Definitely not cryptographically secure but
 			// close enough to provide a unique id
 			$uuid = md5( uniqid() . site_url() );
-			update_option( $uuid_key, $uuid, 'no' );
+			update_option( $uuid_key, $uuid, false );
 		}
 
 		return $uuid;

diff --git a/phpcs-sniffs/Formidable/Sniffs/CodeAnalysis/UpdateOptionAutoloadBooleanSniff.php b/phpcs-sniffs/Formidable/Sniffs/CodeAnalysis/UpdateOptionAutoloadBooleanSniff.php
@@ -0,0 +1,176 @@
+<?php
+/**
+ * Ensure update_option autoload flag uses booleans instead of strings.
+ *
+ * @package Formidable\Sniffs\CodeAnalysis
+ */
+
+namespace Formidable\Sniffs\CodeAnalysis;
+
+use PHP_CodeSniffer\Files\File;
+use PHP_CodeSniffer\Sniffs\Sniff;
+
+/**
+ * Converts `update_option( ..., 'yes' )`/`'no'` autoload values to bool true/false.
+ */
+class UpdateOptionAutoloadBooleanSniff implements Sniff {
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function register() {
+		return array( T_STRING );
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function process( File $phpcsFile, $stackPtr ) {
+		$tokens = $phpcsFile->getTokens();
+
+		if ( strtolower( $tokens[ $stackPtr ]['content'] ) !== 'update_option' ) {
+			return;
+		}
+
+		$openParen = $phpcsFile->findNext( T_WHITESPACE, $stackPtr + 1, null, true );
+
+		if ( false === $openParen || $tokens[ $openParen ]['code'] !== T_OPEN_PARENTHESIS ) {
+			return;
+		}
+
+		$arguments = $this->getFunctionArguments( $phpcsFile, $openParen );
+
+		if ( count( $arguments ) < 3 ) {
+			return;
+		}
+
+		$autoloadArg = $arguments[2];
+		$value       = $this->normalizeLiteral( $phpcsFile, $autoloadArg );
+
+		if ( null === $value ) {
+			return;
+		}
+
+		$replacement = ( $value === 'yes' ) ? 'true' : 'false';
+
+		$fix = $phpcsFile->addFixableError(
+			sprintf( 'update_option autoload flag should be boolean, found string \'%s\'.', $value ),
+			$autoloadArg['start'],
+			'AutoloadString'
+		);
+
+		if ( true === $fix ) {
+			$this->replaceArgumentWithBoolean( $phpcsFile, $autoloadArg, $replacement );
+		}
+	}
+
+	/**
+	 * Convert a literal argument to yes/no string if applicable.
+	 *
+	 * @param File $phpcsFile File reference.
+	 * @param array $argument Argument boundaries.
+	 *
+	 * @return string|null
+	 */
+	private function normalizeLiteral( File $phpcsFile, array $argument ) {
+		$content = trim( $phpcsFile->getTokensAsString( $argument['start'], $argument['end'] - $argument['start'] + 1 ) );
+
+		// Only match quoted strings.
+		if ( strlen( $content ) < 2 || $content[0] !== $content[ strlen( $content ) - 1 ] || ( $content[0] !== '\'' && $content[0] !== '"' ) ) {
+			return null;
+		}
+
+		$value = trim( substr( $content, 1, -1 ) );
+		$value = strtolower( $value );
+
+		if ( in_array( $value, array( 'yes', 'no' ), true ) ) {
+			return $value;
+		}
+
+		return null;
+	}
+
+	/**
+	 * Replace the argument tokens with the boolean literal.
+	 *
+	 * @param File  $phpcsFile  File reference.
+	 * @param array $argument   Argument boundaries.
+	 * @param string $replacement Replacement text.
+	 *
+	 * @return void
+	 */
+	private function replaceArgumentWithBoolean( File $phpcsFile, array $argument, $replacement ) {
+		$fixer = $phpcsFile->fixer;
+		$fixer->beginChangeset();
+
+		for ( $i = $argument['start']; $i <= $argument['end']; $i++ ) {
+			if ( $i === $argument['start'] ) {
+				$fixer->replaceToken( $i, $replacement );
+				continue;
+			}
+
+			$fixer->replaceToken( $i, '' );
+		}
+
+		$fixer->endChangeset();
+	}
+
+	/**
+	 * Basic function argument parser.
+	 *
+	 * @param File $phpcsFile  File reference.
+	 * @param int  $openParen  Position of the opening parenthesis.
+	 *
+	 * @return array<int, array{start:int,end:int}>
+	 */
+	private function getFunctionArguments( File $phpcsFile, $openParen ) {
+		$tokens   = $phpcsFile->getTokens();
+		$arguments = array();
+
+		if ( ! isset( $tokens[ $openParen ]['parenthesis_closer'] ) ) {
+			return $arguments;
+		}
+
+		$closeParen = $tokens[ $openParen ]['parenthesis_closer'];
+		$argStart   = null;
+
+		$level = 0;
+
+		for ( $i = $openParen + 1; $i < $closeParen; $i++ ) {
+			$code = $tokens[ $i ]['code'];
+
+			if ( $code === T_OPEN_PARENTHESIS || $code === T_OPEN_SHORT_ARRAY || $code === T_OPEN_SQUARE_BRACKET ) {
+				$level++;
+			} elseif ( $code === T_CLOSE_PARENTHESIS || $code === T_CLOSE_SQUARE_BRACKET ) {
+				$level--;
+			}
-			if ( $code === T_OPEN_PARENTHESIS || $code === T_OPEN_SHORT_ARRAY || $code === T_OPEN_SQUARE_BRACKET ) {
-				$level++;
-			} elseif ( $code === T_CLOSE_PARENTHESIS || $code === T_CLOSE_SQUARE_BRACKET ) {
-				$level--;
-			}
+			if ( $code === T_OPEN_PARENTHESIS || $code === T_OPEN_SHORT_ARRAY || $code === T_OPEN_SQUARE_BRACKET ) {
+				$level++;
+			} elseif ( $code === T_CLOSE_PARENTHESIS || $code === T_CLOSE_SQUARE_BRACKET || $code === T_CLOSE_SHORT_ARRAY ) {
+				$level--;
+			}
-			if ( $code === T_OPEN_PARENTHESIS || $code === T_OPEN_SHORT_ARRAY || $code === T_OPEN_SQUARE_BRACKET ) {
-				$level++;
-			} elseif ( $code === T_CLOSE_PARENTHESIS || $code === T_CLOSE_SQUARE_BRACKET ) {
-				$level--;
-			}
+			if ( $code === T_OPEN_PARENTHESIS || $code === T_OPEN_SHORT_ARRAY || $code === T_OPEN_SQUARE_BRACKET ) {
+				$level++;
+			} elseif ( $code === T_CLOSE_PARENTHESIS || $code === T_CLOSE_SQUARE_BRACKET || $code === T_CLOSE_SHORT_ARRAY ) {
+				$level--;
+			}
+
+			$nextIsSeparator = ( $code === T_COMMA && 0 === $level );
+
+			if ( false === $argStart ) {
+				continue;
+			}
+
+			if ( $nextIsSeparator || $i === $closeParen - 1 ) {
+				$end = $nextIsSeparator ? $i - 1 : $i;
+
+				while ( $end >= $argStart && $tokens[ $end ]['code'] === T_WHITESPACE ) {
+					$end--;
+				}
+
+				if ( $argStart <= $end && $tokens[ $argStart ]['code'] !== T_COMMA ) {
+					$arguments[] = array(
+						'start' => $argStart,
+						'end'   => $end,
+					);
+				}
+
+				$argStart = null;
+			} elseif ( null === $argStart && $tokens[ $i ]['code'] !== T_WHITESPACE ) {
+				$argStart = $i;
+			}
+		}
+
+		return $arguments;
+	}
+}
diff --git a/phpcs-sniffs/Formidable/ruleset.xml b/phpcs-sniffs/Formidable/ruleset.xml
@@ -61,6 +61,7 @@
 	<rule ref="Formidable.CodeAnalysis.FlipLargeIfSmallElse" />
 	<rule ref="Formidable.CodeAnalysis.FlipLoopIfElseToContinue" />
 	<rule ref="Formidable.CodeAnalysis.CheckFunctionCallable" />
+	<rule ref="Formidable.CodeAnalysis.UpdateOptionAutoloadBoolean" />
 
 	<!-- PHPUnit -->
 	<rule ref="Formidable.PHPUnit.PreferAssertIsArray" />

diff --git a/square/helpers/FrmSquareLiteConnectHelper.php b/square/helpers/FrmSquareLiteConnectHelper.php
@@ -158,7 +158,7 @@ public static function get_oauth_redirect_url() {
 		}
 
 		if ( ! empty( $data->password ) ) {
-			update_option( self::get_server_side_token_option_name( $mode ), $data->password, 'no' );
+			update_option( self::get_server_side_token_option_name( $mode ), $data->password, false );
 		}
 
 		if ( ! is_object( $data ) || empty( $data->redirect_url ) ) {
@@ -355,7 +355,7 @@ private static function get_server_side_token_option_name( $mode = 'auto' ) {
 	 */
 	private static function generate_client_password( $mode ) {
 		$client_password = wp_generate_password();
-		update_option( self::get_client_side_token_option_name( $mode ), $client_password, 'no' );
+		update_option( self::get_client_side_token_option_name( $mode ), $client_password, false );
 		return $client_password;
 	}
 
@@ -484,17 +484,17 @@ private static function check_server_for_oauth_merchant_id() {
 		$data = self::post_to_connect_server( 'oauth_merchant_status', $body );
 
 		if ( is_object( $data ) && ! empty( $data->merchant_id ) ) {
-			update_option( self::get_merchant_id_option_name( $mode ), $data->merchant_id, 'no' );
+			update_option( self::get_merchant_id_option_name( $mode ), $data->merchant_id, false );
 
 			$currency    = self::get_merchant_currency( true, $mode );
 			$location_id = self::get_location_id( true, $mode );
 
 			if ( $currency ) {
-				update_option( self::get_merchant_currency_option_name( $mode ), $currency, 'no' );
+				update_option( self::get_merchant_currency_option_name( $mode ), $currency, false );
 			}
 
 			if ( $location_id ) {
-				update_option( self::get_location_id_option_name( $mode ), $location_id, 'no' );
+				update_option( self::get_location_id_option_name( $mode ), $location_id, false );
 			}
 
 			FrmTransLiteAppController::install();
@@ -634,7 +634,7 @@ public static function get_location_id( $force = false, $mode = 'auto' ) {
 		$response = self::post_with_authenticated_body( 'get_location_id', $request_body );
 
 		if ( is_object( $response ) ) {
-			update_option( self::get_location_id_option_name( $mode ), $response->id, 'no' );
+			update_option( self::get_location_id_option_name( $mode ), $response->id, false );
 			return $response->id;
 		}
 
@@ -768,7 +768,7 @@ public static function get_merchant_currency( $force = false, $mode = 'auto' ) {
 		$response = self::post_with_authenticated_body( 'get_merchant_currency', $request_body );
 
 		if ( is_object( $response ) && ! empty( $response->currency ) ) {
-			update_option( self::get_merchant_currency_option_name( $mode ), $response->currency, 'no' );
+			update_option( self::get_merchant_currency_option_name( $mode ), $response->currency, false );
 			return $response->currency;
 		}