id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
11788	barely sanitized strings are put straight in the database in ms-site.php	Denis-de-Bernardy		"there arguably are magic quotes, but it's freaky scary to read things such as:

{{{
$s = wp_specialchars( trim( $_GET[ 's' ] ) );
...
"" AND ( {$wpdb->blogs}.domain LIKE '%{$s}%' OR {$wpdb->blogs}.path LIKE '%{$s}%' ) "";
}}}

"	enhancement	closed	normal	3.0	Multisite	3.0	major	fixed