id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
11778	ms-edit.php updates options without the slightest sanitization or unslashing	Denis-de-Bernardy		"we're at least missing a call to strip_slashes_deep() over in:

{{{
			foreach ( (array) $_POST['option'] as $key => $val ) {
				if( $key === 0 )
					continue; // Avoids ""0 is a protected WP option and may not be modified"" error when edit blog options
				if( $c == $count ) {
					update_option( $key, $val );
				} else {
					update_option( $key, $val, false ); // no need to refresh blog details yet
				}
				$c++;
			}

}}}
"	defect (bug)	closed	normal	3.0	Multisite	3.0	major	fixed