diff --git a/lib/blog/admin.lib.php b/lib/blog/admin.lib.php
index 31f20ce25b9585adb700ad566ffc45aaca3dde15..11fae92618bd24c2ec8a409faa77cb55ba59b78a 100644
--- a/lib/blog/admin.lib.php
+++ b/lib/blog/admin.lib.php
@@ -575,6 +575,9 @@ class admin {
 		echo "<table class=\"td\">\n";
 		$post = '';		
 		$count = 0;
+
+		echo "<tfoot>\n\t<tr>\n\t\t<td></td>\n\t\t<td></td>\n\t\t<td></td>\n\t\t<td colspan=\"2\"><input type=\"submit\" value=\"Commit\" name=\"submit\" /></td>\n\t</tr>\n</tfoot>\n";
+		echo "<tbody>\n";
 		//for each comment
 		while($r = array_shift($result)) {
 			//if the post has changed
@@ -602,7 +605,7 @@ class admin {
 				echo "\t<tr>\n";
 			}
 			echo "\t\t<td><a href=\"mailto:{$r['email']}\" title=\"IP: {$r['host']}\">{$r['name']}</a></td>\n";
-			echo "\t\t<td>{$r['body']}</td>\n";
+			echo "\t\t<td>".htmlspecialchars($r['body'])."</td>\n";
 			echo "\t\t<td><input type=\"radio\" name=\"group[$count]\" value=\"a:{$r['id']}\" /></td>\n";
 			if ($r['spam'] == 't') { 
 				echo "\t\t<td><input type=\"radio\" name=\"group[".$count++."]\" value=\"d:{$r['id']}\" checked=\"checked\"/></td>\n";
@@ -611,8 +614,8 @@ class admin {
 			}
 			echo "\t</tr>\n";
 		}
-		echo "\t<tr>\n\t\t<td></td>\n\t\t<td></td>\n\t\t<td></td>\n\t\t<td colspan=\"2\"><input type=\"submit\" value=\"Commit\" name=\"submit\" /></td>\n\t</tr>\n";
-		echo "</table>\n";
+
+		echo "</tbody>\n</table>\n";
 		echo "</form>\n";
 		echo "</div>\n";
 	}