id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
11788,barely sanitized strings are put straight in the database in ms-site.php,Denis-de-Bernardy,,"there arguably are magic quotes, but it's freaky scary to read things such as:

{{{
$s = wp_specialchars( trim( $_GET[ 's' ] ) );
...
"" AND ( {$wpdb->blogs}.domain LIKE '%{$s}%' OR {$wpdb->blogs}.path LIKE '%{$s}%' ) "";
}}}

",enhancement,closed,normal,3.0,Multisite,3.0,major,fixed,,