The function secf_check_sqli_all(); checks all the headers and, it is true that in the From Name header check, the double quotes are omitted, but I forgot to omit the single quotes, maybe because in my country it is not common to use it in the name.
Double quotes are ignored in From Name by the function `secf_get_from` only if they are located at the first or last position of the string. Appart from first and last chars, From Name is is checked with `sf_check_sqli` as other fields. Here I suggest to completly remove single quote check in From Name.
Are still OK to remove single quote check in From Name ? And maybe in To Name? Or do we need flags as proposed by @henningw earlier ?