id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
11775,"in ms-edit.php, illegal_names gets updated without the slightest validation",Denis-de-Bernardy,ryan,"it just goes:

{{{
		$illegal_names = split( ' ', $_POST['illegal_names'] );
		foreach( (array) $illegal_names as $name ) {
			$name = trim( $name );
			if( $name != '' )
				$names[] = trim( $name );
		}
		update_site_option( ""illegal_names"", $names );
}}}

aren't we missing at least some sanitization here?

also, $names should be initialized to array()",defect (bug),closed,normal,3.0,Security,3.0,normal,fixed,multisite,