From ab8d5ed502fee088ffe17b11b25bb77d54bb3a76 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 2 Sep 2022 08:03:54 +0200
Subject: [PATCH] run output through htmlspecialchars()

---
 views/bootstrap/class.ImportUsers.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/views/bootstrap/class.ImportUsers.php b/views/bootstrap/class.ImportUsers.php
index 69ea90d73..6d5eef3a5 100644
--- a/views/bootstrap/class.ImportUsers.php
+++ b/views/bootstrap/class.ImportUsers.php
@@ -95,7 +95,7 @@ class SeedDMS_View_ImportUsers extends SeedDMS_Theme_Style {
 			foreach($newusers as $uhash=>$newuser) {
 				foreach($colmap as $i=>$coldata) {
 					echo "<td>";
-					echo call_user_func($colmap[$i][1], $colmap[$i][2], $newuser);
+					echo htmlspecialchars(call_user_func($colmap[$i][1], $colmap[$i][2], $newuser));
 					echo "</td>\n";
 				}
 				echo "<td>";