id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
1394,add_slashes() does not escape all database input correctly,auroraeosrose,anonymous,"wp-db.php - the database class - the escape function uses add_slashes to try to escape data for sql use/insertion

This will fail under several methods
1. Mysql in ansi mode
2. NULL, \x00, \n, \r, \, "" and \x1a characters not escaped
3. Mysql 4.1 with a different character set or earlier versions when mysql is run in a different character set

mysql_escape_string() has been around since 4.0.3
since wordpress requires 4.1 it shouldn't be a problem",defect (bug),closed,normal,,Security,1.5.1.1,major,fixed,,