There is a bug in /lib/weblib.php that causes the HTML editor script (/lib/editor/htmlarea/htmlarea.php) to be loaded using http: even when the page it is loaded into is using https:

An example is the "Add new user" form: /user/editadvanced.php

When SSL is turned on, this page gives a warning in IE6: "This page contains both secure and nonsecure items." If the user chooses not to load the non-secure items, as they might well be advised to, the HTML editor does not load.

The reason is that htmlarea.php is not getting the "httpsrequired" parameter it needs to know that SSL is being used. This in turn is caused by the use of "&t;" instead of "&" in the query string sent to htmlarea.php.

The bug therefore is on line 4836 of /lib/weblib.php.

$httpsrequired = empty($HTTPSPAGEREQUIRED) ? '' : '&t;httpsrequired=1';

should read

$httpsrequired = empty($HTTPSPAGEREQUIRED) ? '' : '&httpsrequired=1';