From 233b07ccae7144ee259b294c310f43ccc05d5c0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=90=9D=E5=8D=9C?= <dev@saasshop.local>
Date: Sat, 14 Mar 2026 16:44:49 +0000
Subject: [PATCH] =?UTF-8?q?=E5=B9=B3=E5=8F=B0=E8=AE=A2=E5=8D=95=E5=88=97?=
 =?UTF-8?q?=E8=A1=A8=EF=BC=9A=E5=A4=8D=E7=94=A8safeBackForLinks=E6=B8=B2?=
 =?UTF-8?q?=E6=9F=93=E8=BF=94=E5=9B=9E=E9=93=BE=E6=8E=A5=EF=BC=88=E5=8E=BB?=
 =?UTF-8?q?=E9=87=8D=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../views/admin/platform_orders/index.blade.php   | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/resources/views/admin/platform_orders/index.blade.php b/resources/views/admin/platform_orders/index.blade.php
index 6e8f8d9..caf5f77 100644
--- a/resources/views/admin/platform_orders/index.blade.php
+++ b/resources/views/admin/platform_orders/index.blade.php
@@ -84,20 +84,9 @@
     <p class="muted muted-tight">这里是总台视角的平台收费主链骨架页，当前阶段先承接套餐订购 / 续费 / 生效跟踪。</p>
     <p class="muted">本页先提供可访问列表、基础筛选与摘要卡，后续再补详情、导出、支付记录与退款轨迹。</p>
 
-    @php
-        $back = (string) request()->query('back', '');
-        // 为避免 & 被 Blade escape 成 &amp; 导致回退上下文丢失，这里需要原样输出 href。
-        // 安全护栏：必须为站内相对路径，并拒绝引号/尖括号，降低 XSS 风险。
-        $safeBack = (str_starts_with($back, '/')
-            && !preg_match('/["\'<>]/', $back)
-            // back 本身不应再包含 back（避免无限嵌套导致 URL 膨胀）
-            && !preg_match('/(?:^|[?&])back=/', $back))
-            ? $back
-            : '';
-    @endphp
-    @if($safeBack)
+    @if($safeBackForLinks !== '')
         <div class="mt-10">
-            <a href="{!! $safeBack !!}" class="muted">← 返回上一页（保留上下文）</a>
+            <a href="{!! $safeBackForLinks !!}" class="muted">← 返回上一页（保留上下文）</a>
         </div>
     @endif