linxianzhuang/saasshop
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BackUrl::sanitizeForLinks 增强:拒绝协议相对 URL(//evil.com)并补单测

Browse Source
This commit is contained in:
萝卜
2026-03-15 04:18:54 +00:00
parent cbc05e59b7
commit 0126a5aed7
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Support/BackUrl.php
View File

@@ -22,6 +22,11 @@ class BackUrl
return ''; return '';
} }
// 拒绝协议相对 URL例如 //evil.com避免 open redirect
if (str_starts_with($incomingBack, '//')) {
return '';
}
if (preg_match('/["\'<>]/', $incomingBack)) { if (preg_match('/["\'<>]/', $incomingBack)) {
return ''; return '';
} }

3
tests/Unit/BackUrlSanitizeForLinksTest.php
View File

@@ -16,6 +16,9 @@ class BackUrlSanitizeForLinksTest extends TestCase
{ {
$this->assertSame('', BackUrl::sanitizeForLinks('https://evil.com/a')); $this->assertSame('', BackUrl::sanitizeForLinks('https://evil.com/a'));
$this->assertSame('', BackUrl::sanitizeForLinks('http://evil.com/a')); $this->assertSame('', BackUrl::sanitizeForLinks('http://evil.com/a'));
// 协议相对 URL
$this->assertSame('', BackUrl::sanitizeForLinks('//evil.com/a'));
} }
public function test_sanitize_for_links_should_reject_quotes_and_angle_brackets(): void public function test_sanitize_for_links_should_reject_quotes_and_angle_brackets(): void