Index: modules/user/user.tokens.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.tokens.inc,v
retrieving revision 1.8
diff -u -p -r1.8 user.tokens.inc
--- modules/user/user.tokens.inc	16 Oct 2010 20:09:17 -0000	1.8
+++ modules/user/user.tokens.inc	22 Nov 2010 01:02:24 -0000
@@ -87,7 +87,7 @@ function user_tokens($type, $tokens, arr
 
         case 'name':
           $name = format_username($account);
-          $replacements[$original] = $sanitize ? filter_xss($name) : $name;
+          $replacements[$original] = $sanitize ? check_plain($name) : $name;
           break;
 
         case 'mail':
@@ -122,9 +122,10 @@ function user_tokens($type, $tokens, arr
       $replacements += token_generate('date', $registered_tokens, array('date' => $account->created), $options);
     }
   }
+
   if ($type == 'current-user') {
-    global $user;
-    $replacements += token_generate('user', $tokens, array('user' => $user), $options);
+    $account = user_load($GLOBALS['user']->uid);
+    $replacements += token_generate('user', $tokens, array('user' => $account), $options);
   }
 
   return $replacements;
Index: modules/user/user.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.test,v
retrieving revision 1.106
diff -u -p -r1.106 user.test
--- modules/user/user.test	21 Nov 2010 08:02:30 -0000	1.106
+++ modules/user/user.test	22 Nov 2010 01:02:26 -0000
@@ -1765,12 +1765,12 @@ class UserTokenReplaceTestCase extends D
     $this->drupalLogin($user2);
 
     $account = user_load($user1->uid);
-    global $user;
+    $global_account = user_load($GLOBALS['user']->uid);
 
     // Generate and test sanitized tokens.
     $tests = array();
     $tests['[user:uid]'] = $account->uid;
-    $tests['[user:name]'] = filter_xss($account->name);
+    $tests['[user:name]'] = check_plain(format_username($account));
     $tests['[user:mail]'] = check_plain($account->mail);
     $tests['[user:url]'] = url("user/$account->uid", $url_options);
     $tests['[user:edit-url]'] = url("user/$account->uid/edit", $url_options);
@@ -1778,7 +1778,7 @@ class UserTokenReplaceTestCase extends D
     $tests['[user:last-login:short]'] = format_date($account->login, 'short', '', NULL, $language->language);
     $tests['[user:created]'] = format_date($account->created, 'medium', '', NULL, $language->language);
     $tests['[user:created:short]'] = format_date($account->created, 'short', '', NULL, $language->language);
-    $tests['[current-user:name]'] = check_plain($user->name);
+    $tests['[current-user:name]'] = check_plain(format_username($global_account));
 
     // Test to make sure that we generated something for each token.
     $this->assertFalse(in_array(0, array_map('strlen', $tests)), t('No empty tokens generated.'));
@@ -1789,9 +1789,9 @@ class UserTokenReplaceTestCase extends D
     }
 
     // Generate and test unsanitized tokens.
-    $tests['[user:name]'] = $account->name;
+    $tests['[user:name]'] = format_username($account);
     $tests['[user:mail]'] = $account->mail;
-    $tests['[current-user:name]'] = $user->name;
+    $tests['[current-user:name]'] = format_username($global_account);
 
     foreach ($tests as $input => $expected) {
       $output = token_replace($input, array('user' => $account), array('language' => $language, 'sanitize' => FALSE));
Index: modules/node/node.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.test,v
retrieving revision 1.101
diff -u -p -r1.101 node.test
--- modules/node/node.test	20 Nov 2010 04:33:56 -0000	1.101
+++ modules/node/node.test	22 Nov 2010 01:02:29 -0000
@@ -1980,7 +1980,7 @@ class NodeTokenReplaceTestCase extends D
     $tests['[node:url]'] = url('node/' . $node->nid, $url_options);
     $tests['[node:edit-url]'] = url('node/' . $node->nid . '/edit', $url_options);
     $tests['[node:author:uid]'] = $node->uid;
-    $tests['[node:author:name]'] = check_plain($account->name);
+    $tests['[node:author:name]'] = check_plain(format_username($account));
     $tests['[node:created:since]'] = format_interval(REQUEST_TIME - $node->created, 2, $language->language);
     $tests['[node:changed:since]'] = format_interval(REQUEST_TIME - $node->changed, 2, $language->language);
 
@@ -1997,7 +1997,7 @@ class NodeTokenReplaceTestCase extends D
     $tests['[node:body]'] = $node->body[$node->language][0]['value'];
     $tests['[node:summary]'] = $node->body[$node->language][0]['summary'];
     $tests['[node:language]'] = $node->language;
-    $tests['[node:author:name]'] = $account->name;
+    $tests['[node:author:name]'] = format_username($account);
 
     foreach ($tests as $input => $expected) {
       $output = token_replace($input, array('node' => $node), array('language' => $language, 'sanitize' => FALSE));