From 70eb0ace5e1b5b585dd87359a66d501887b86a3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=A6=99=E7=A0=81=E7=94=9F=E8=8A=B1?= <18523774412@qq.com>
Date: Wed, 16 Aug 2023 00:42:15 +0800
Subject: [PATCH] =?UTF-8?q?fix(CRUD):=E4=BF=AE=E5=A4=8D=E7=94=9F=E6=88=90?=
 =?UTF-8?q?=E5=8D=95=E9=80=89=E6=A1=86=E7=BB=84=E4=BB=B6=E6=97=B6=E6=8A=A5?=
 =?UTF-8?q?=E9=94=99=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/admin/controller/crud/Crud.php |  2 +-
 app/common.php                     | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/app/admin/controller/crud/Crud.php b/app/admin/controller/crud/Crud.php
index 43744e3a..397f87c3 100644
--- a/app/admin/controller/crud/Crud.php
+++ b/app/admin/controller/crud/Crud.php
@@ -74,7 +74,7 @@ class Crud extends Backend
     {
         $type   = $this->request->post('type', '');
         $table  = $this->request->post('table', []);
-        $fields = $this->request->post('fields', [], 'clean_xss,htmlspecialchars_decode');
+        $fields = $this->request->post('fields', [], 'clean_xss,htmlspecialchars_decode_improve');
 
         if (!$table || !$fields || !isset($table['name']) || !$table['name']) {
             $this->error(__('Parameter error'));
diff --git a/app/common.php b/app/common.php
index 0b40c9b9..42089894 100644
--- a/app/common.php
+++ b/app/common.php
@@ -68,6 +68,20 @@ if (!function_exists('clean_xss')) {
     }
 }
 
+if (!function_exists('htmlspecialchars_decode_improve')) {
+    /**
+     * html解码增强
+     * 被 clean_xss函数 和 filter函数 内的 htmlspecialchars 编码的字符串，需要用此函数才能完全解码
+     * @param string $string
+     * @param int    $flags
+     * @return string
+     */
+    function htmlspecialchars_decode_improve(string $string, int $flags = ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401): string
+    {
+        return htmlspecialchars_decode($string, $flags);
+    }
+}
+
 if (!function_exists('get_sys_config')) {
 
     /**