linxianzhuang/saasshop
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

套餐页 back 安全护栏:快捷筛选仅透传安全 back(补测试)

Browse Source
This commit is contained in:
萝卜
2026-03-14 15:42:32 +00:00
parent a6179718ad
commit 08488257ca
2 changed files with 68 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
resources/views/admin/plans/index.blade.php
View File

@@ -54,16 +54,28 @@
@php
// 快捷筛选仅保留“上下文”字段back/keyword避免把其它筛选条件叠加导致空结果
$buildQuickFilterUrl = function (array $overrides) {
// 统一的 back 安全护栏:本页大量 href 采用 `{!! !!}` 原样输出,必须严控 back 注入与 nested back。
$incomingBack = (string) request()->query('back', '');
$safeBackForLinks = (str_starts_with($incomingBack, '/')
&& !preg_match('/["\'<>]/', $incomingBack)
// back 本身不应再包含 back避免无限嵌套导致 URL 膨胀)
&& !preg_match('/(?:^|[?&])back=/', $incomingBack))
? $incomingBack
: '';
$buildQuickFilterUrl = function (array $overrides) use ($safeBackForLinks) {
$path = '/' . ltrim(request()->path(), '/');
$contextKeys = [
'back' => 1,
'keyword' => 1,
];
$q = array_intersect_key(request()->query(), $contextKeys);
if ($safeBackForLinks !== '') {
$q['back'] = $safeBackForLinks;
}
foreach ($overrides as $k => $v) {
if ($v === null) {
unset($q[$k]);
@@ -79,17 +91,14 @@
return $path . '?' . \Illuminate\Support\Arr::query($q);
};
// “全部”:清空筛选,但保留 back用于返回来源页
$incomingBack = (string) request()->query('back', '');
$safeBack2 = (str_starts_with($incomingBack, '/')
&& !preg_match('/["\'<>]/', $incomingBack)
// back 本身不应再包含 back避免无限嵌套导致 URL 膨胀)
&& !preg_match('/(?:^|[?&])back=/', $incomingBack))
? $incomingBack
: '';
// “全部”:清空筛选,但保留安全 back用于返回来源页
$allUrl = '/admin/plans';
if ($safeBack2 !== '') {
$allUrl .= '?' . \Illuminate\Support\Arr::query(['back' => $safeBack2]);
if ($safeBackForLinks !== '') {
$allUrl .= '?' . \Illuminate\Support\Arr::query(['back' => $safeBackForLinks]);
}
if ($safeBackForLinks !== '') {
$allUrl .= '?' . \Illuminate\Support\Arr::query(['back' => $safeBackForLinks]);
}
@endphp