If numeric then don't need to escape

Numeric should be safe as a pass thru.
2025-12-30 00:53:50 +00:00 · 2023-05-05 13:23:44 -06:00
parent b40005c11e
commit 0038395009
1 changed files with 4 additions and 1 deletions
--- a/resources/functions.php
+++ b/resources/functions.php
@@ -1892,9 +1892,12 @@ function number_pad($number,$n) {

 //escape user data
 	function escape($string) {
-		if (is_string($string) || is_numeric($string)) {
+		if (is_string($string)) {
 			return htmlentities($string, ENT_QUOTES | ENT_HTML5, 'UTF-8');
 		}
+		elseif (is_numeric($string)) {
+			return $string;
+		}
 		else {
 			$string = (array) $string;
 			if (is_string($string[0])) {