Index: wp-includes/taxonomy.php
===================================================================
--- wp-includes/taxonomy.php	(revision 13499)
+++ wp-includes/taxonomy.php	(working copy)
@@ -866,7 +866,7 @@
 	}
 
 	if ( !empty($search) ) {
-		$search = like_escape($search);
+		$search = esc_sql(like_escape(stripslashes($search)));
 		$where .= " AND (t.name LIKE '%$search%')";
 	}
 
Index: wp-includes/bookmark.php
===================================================================
--- wp-includes/bookmark.php	(revision 13499)
+++ wp-includes/bookmark.php	(working copy)
@@ -181,7 +181,7 @@
 	}
 
 	if ( ! empty($search) ) {
-		$search = like_escape($search);
+		$search = esc_sql(like_escape(stripslashes($search)));
 		$search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) ";
 	}
 
Index: wp-includes/formatting.php
===================================================================
--- wp-includes/formatting.php	(revision 13499)
+++ wp-includes/formatting.php	(working copy)
@@ -2325,11 +2325,11 @@
  *
  * @since 2.5.0
  *
- * @param string $text The text to be escaped.
- * @return string text, safe for inclusion in LIKE query.
+ * @param string $text The text to be escaped (expected unslashed).
+ * @return string text, NOT safe for inclusion in LIKE query (needs an additional esc_sql()).
  */
 function like_escape($text) {
-	return str_replace(array("%", "_"), array("\\%", "\\_"), $text);
+	return addcslashes($text, '_%\\');
 }
 
 /**
Index: wp-admin/ms-sites.php
===================================================================
--- wp-admin/ms-sites.php	(revision 13499)
+++ wp-admin/ms-sites.php	(working copy)
@@ -328,8 +328,9 @@
 	default:
 		$apage = ( isset($_GET['apage'] ) && intval( $_GET['apage'] ) ) ? absint( $_GET['apage'] ) : 1;
 		$num = ( isset($_GET['num'] ) && intval( $_GET['num'] ) ) ? absint( $_GET['num'] ) : 15;
-		$s = isset($_GET['s']) ? esc_attr( trim( $_GET[ 's' ] ) ) : '';
-		$like_s = like_escape($s);
+		$s = isset($_GET['s']) ? stripslashes(trim( $_GET[ 's' ])) : '';
+		$like_s = esc_sql(like_escape($s));
+		$s = esc_attr($s);
 
 		$query = "SELECT * FROM {$wpdb->blogs} WHERE site_id = '{$wpdb->siteid}' ";