fix(back): index 快捷筛选 allUrl 的 safeBack 增强校验（拒绝引号/尖括号）

2026-03-14 01:37:16 +00:00
parent c4b3769458
commit 153c5af8cb
3 changed files with 9 additions and 3 deletions
--- a/resources/views/admin/site_subscriptions/index.blade.php
+++ b/resources/views/admin/site_subscriptions/index.blade.php
@@ -88,7 +88,9 @@

        // “全部”：清空筛选，但保留 back（用于返回来源页）
        $incomingBack = (string) request()->query('back', '');
-        $safeBack = str_starts_with($incomingBack, '/') ? $incomingBack : '';
+        $safeBack = (str_starts_with($incomingBack, '/') && !preg_match('/["\'<>]/', $incomingBack))
+            ? $incomingBack
+            : '';
        $allUrl = '/admin/site-subscriptions';
        if ($safeBack !== '') {
            $allUrl .= '?' . \Illuminate\Support\Arr::query(['back' => $safeBack]);