Opened 4 months ago
Data returned via wp_count_comments() should be handled properly on output
|Reported by:||jeremyfelt||Owned by:|
There are a few cases in core where data returned from wp_count_comments() is used immediately to output without escaping it properly. While core provides the correct data types, a filter can be used to modify the data completely before it has a chance to do so. It makes sense to cast these as (int) when necessary.