[wp-trac] [WordPress Trac] #54775: Allow int/float for esc_ functions

WordPress Trac noreply at wordpress.org
Mon Feb 28 09:32:26 UTC 2022

#54775: Allow int/float for esc_ functions
 Reporter:  malthert     |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Security     |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  close        |     Focuses:  coding-standards

Comment (by malthert):

 @swissspidy because esc_html does exactly this already (converts to
 string, if it isn't).
 I don't want a band-aid fix (in fact: instead of doing this, I just
 globally disable the error for esc_html because I know it will handle int
 just fine)

 @johnbillion could just typecast it to (int), as intval's performance is
 much worse than just typecasting it again (even though it's already int)
 >I think widening the accepted types for the escaping functions papers
 over the real issue which is outputting values of an unknown type.

 The type is not unknown, the type is int/float. In fact esc_html will
 convert those to string anyway.

Ticket URL: <https://core.trac.wordpress.org/ticket/54775#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list