From 1319eb5c451b621bdf548fd6f1d9228969512dee Mon Sep 17 00:00:00 2001
From: tianya <yanghuxiao@vip.qq.com>
Date: Wed, 27 Sep 2023 23:12:33 +0800
Subject: [PATCH] =?UTF-8?q?=E7=BC=96=E8=BE=91=E5=99=A8=E9=97=AE=E9=A2=98?=
 =?UTF-8?q?=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/system/inc/inc_fun_funAdmin.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/system/inc/inc_fun_funAdmin.php b/src/system/inc/inc_fun_funAdmin.php
index 60783625..9589bfec 100755
--- a/src/system/inc/inc_fun_funAdmin.php
+++ b/src/system/inc/inc_fun_funAdmin.php
@@ -140,6 +140,7 @@ function SpGetEditor($fname, $fvalue, $nheight = "350", $etype = "Basic", $gtype
     }
     if ($GLOBALS['cfg_html_editor'] == 'ckeditor') {
         $addConfig = "";
+        $fvalue = htmlspecialchars($fvalue);
         if (defined("DEDEADMIN")) {
             $emoji = "";
             if ($GLOBALS['cfg_db_language'] == "utf8mb4") {
@@ -152,7 +153,7 @@ function SpGetEditor($fname, $fvalue, $nheight = "350", $etype = "Basic", $gtype
         }
         $code = <<<EOT
 <script src="{$GLOBALS['cfg_static_dir']}/ckeditor/ckeditor.js"></script>
-<div id="{$fname}" name="{$fname}">{$fvalue}</div>
+<textarea id="{$fname}" name="{$fname}">{$fvalue}</textarea>
 <script>var editor = CKEDITOR.replace('{$fname}'{$addConfig});</script>
 EOT;
         if ($gtype == "print") {
@@ -165,7 +166,7 @@ EOT;
 /**
  *  获取更新信息
  *
- * @return    void
+ * @return    string
  */
 function SpGetNewInfo()
 {