Index: wp-includes/user.php
===================================================================
--- wp-includes/user.php	(revision 13532)
+++ wp-includes/user.php	(working copy)
@@ -237,6 +237,7 @@
  */
 function update_user_option( $user_id, $option_name, $newvalue, $global = false ) {
 	global $wpdb;
+	$option_name = preg_replace('|[^a-z0-9_]|i', '', $option_name);
 	if ( !$global )
 		$option_name = $wpdb->prefix . $option_name;
 	return update_user_meta( $user_id, $option_name, $newvalue );
@@ -666,4 +667,4 @@
 	wp_cache_delete($user->user_nicename, 'userslugs');
 }
 
-?>
\ No newline at end of file
+?>
Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 13532)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -1019,11 +1019,11 @@
 		die('-1');
 
 	if ( is_array($closed) )
-		update_user_meta($user->ID, 'closedpostboxes_'.$page, $closed);
+		update_user_option($user->ID, "closedpostboxes_$page", $closed);
 
 	if ( is_array($hidden) ) {
 		$hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv') ); // postboxes that are always shown
-		update_user_meta($user->ID, 'meta-box-hidden_'.$page, $hidden);
+		update_user_option($user->ID, "meta-box-hidden_$page", $hidden);
 	}
 
 	die('1');
@@ -1041,7 +1041,7 @@
 		die('-1');
 
 	if ( is_array($hidden) )
-		update_user_meta($user->ID, "manage-$page-columns-hidden", $hidden);
+		update_user_option($user->ID, "manage-$page-columns-hidden", $hidden);
 
 	die('1');
 	break;
@@ -1061,7 +1061,7 @@
 		update_user_option($user->ID, "meta-box-order_$page", $order);
 
 	if ( $page_columns )
-		update_user_meta($user->ID, "screen_layout_$page", $page_columns);
+		update_user_option($user->ID, "screen_layout_$page", $page_columns);
 
 	die('1');
 	break;