Index: wp-includes/user.php
===================================================================
--- wp-includes/user.php	(revision 6895)
+++ wp-includes/user.php	(working copy)
@@ -82,6 +82,7 @@
 function get_user_option( $option, $user = 0 ) {
 	global $wpdb;
 
+	$option = preg_replace('|[^a-z0-9_]|i', '', $option);
 	if ( empty($user) )
 		$user = wp_get_current_user();
 	else