DB: ::constructor() sets charset, ::db_connect() does not
|Reported by:||hakre||Owned by:|
I just ran over duplicated code in wpdb regarding making use of the mysql_connect function while looking into #14654. That smell lead me to the reconnigtion of an inconsistency between the default contructor of the class and the (undocumented) db_connect() function:
the constructor does make use of the blogs charset setting while connecting to the database, while db_connect() does not contain anything like that. This leaves db_connect() open to charset based sql injections. Basically  as a fix for #5455 is missing for db access that is relying on db_connect() (Multisite?).