id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
11778,ms-edit.php updates options without the slightest sanitization or unslashing,Denis-de-Bernardy,,"we're at least missing a call to strip_slashes_deep() over in:

{{{
			foreach ( (array) $_POST['option'] as $key => $val ) {
				if( $key === 0 )
					continue; // Avoids ""0 is a protected WP option and may not be modified"" error when edit blog options
				if( $c == $count ) {
					update_option( $key, $val );
				} else {
					update_option( $key, $val, false ); // no need to refresh blog details yet
				}
				$c++;
			}

}}}
",defect (bug),closed,normal,3.0,Multisite,3.0,major,fixed,,