The line numbers don't match the latest build that I'm using but the $wpdb->prepare() method in line 155 does the escaping.
See here: http://codex.wordpress.org/Class_Reference/wpdb#Protect_Queries_Against_SQL_Injection_Attacks
↧
deltafactory on "wordpress-mu-domain-mapping - Security issue"
↧