htmlescape column comments. per suggestion from github user nboutelier

diff --git a/classes/Misc.php b/classes/Misc.php
index 96a49534517c1f01a455153e8ae5f4a48634232a..1b34b14ec11c0a7868b8881923bcead37a373a35 100644 (file)
--- a/classes/Misc.php
+++ b/classes/Misc.php
@@ -1989,7 +1989,7 @@
                                                                echo "<td class='comment_cell'>";
                                                                $val = value($column['field'], $tabledata->fields);
                                                                if (!is_null($val)) {
-                                                                       echo $val;
+                                                                       echo htmlentities($val);
                                                                }
                                                                echo "</td>";
                                                                break;