Filter fields through kses upon display. Introduce sanitize_user_object() and sanitize_user_field(). see #10751

git-svn-id: http://svn.automattic.com/wordpress/trunk@11929 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/template.php

@@ -1892,6 +1892,7 @@ function user_row( $user_object, $style = '', $role = '' ) {
 
 	if ( !( is_object( $user_object) && is_a( $user_object, 'WP_User' ) ) )
 		$user_object = new WP_User( (int) $user_object );
+	$user_object = sanitize_user_object($user_object, 'display');
 	$email = $user_object->user_email;
 	$url = $user_object->user_url;
 	$short_url = str_replace( 'http://', '', $url );