More than two years ago, I wrote a scathing, obscenity-filled tirade about WordPress's misuse of
addslashes() to escape user-supplied strings used in SQL queries.
Lots of people posted comments. Some said I was being pedantic, some said I was downright wrong, and one person linked to a diff showing a fix that was supposedly going to be in the next release.
Apparently they never got around to releasing that fix.