I ran into an issue recently where a plugin which stored all of its values in a serialized array in a single option blew up on me, which nearly caused the loss of lots of precious info. It looks like someone managed to get a single quote into a field stored by this plugin (it stores various user info), and the whole thing went down in flames.
I recognize that the plugin author probably should have done some escaping before it got sent into the option, but it seems like wordpress should probably handle this as a last resort before it gets put into the database?
I happened upon this fix:
although I havent tested it out yet. Does anybody have any advice on how to handle this?