Platform leads index: use BackUrl::sanitizeForLinks

2026-03-14 23:16:57 +00:00
parent 0b5b990f5d
commit 328cc46b8a
1 changed files with 1 additions and 5 deletions
--- a/resources/views/admin/platform_leads/index.blade.php
+++ b/resources/views/admin/platform_leads/index.blade.php
@@ -10,11 +10,7 @@
    // - 拒绝引号/尖括号（由于本页大量 href 采用 `{!! !!}` 原样输出，必须严控注入风险）
    // - 拒绝 nested back=（避免 URL 膨胀/绕过）
    $incomingBack = (string) request()->query('back', '');
-    $safeBackForLinks = (str_starts_with($incomingBack, '/')
-        && !preg_match('/["\'<>]/', $incomingBack)
-        && !preg_match('/(?:^|[?&])back=/', $incomingBack))
-        ? $incomingBack
-        : '';
+    $safeBackForLinks = \App\Support\BackUrl::sanitizeForLinks($incomingBack);

    // back 参数用于“返回上一页（保留上下文）”，但 back 本身不应再包含 back（避免无限嵌套导致 URL 膨胀）
    $selfWithoutBack = \App\Support\BackUrl::selfWithoutBack();