From 328cc46b8a35a81e9d9749e2ee1111addf4c2e03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=90=9D=E5=8D=9C?= <dev@saasshop.local>
Date: Sat, 14 Mar 2026 23:16:57 +0000
Subject: [PATCH] Platform leads index: use BackUrl::sanitizeForLinks

---
 resources/views/admin/platform_leads/index.blade.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/resources/views/admin/platform_leads/index.blade.php b/resources/views/admin/platform_leads/index.blade.php
index dbb927e..aa7d4c2 100644
--- a/resources/views/admin/platform_leads/index.blade.php
+++ b/resources/views/admin/platform_leads/index.blade.php
@@ -10,11 +10,7 @@
     // - 拒绝引号/尖括号（由于本页大量 href 采用 `{!! !!}` 原样输出，必须严控注入风险）
     // - 拒绝 nested back=（避免 URL 膨胀/绕过）
     $incomingBack = (string) request()->query('back', '');
-    $safeBackForLinks = (str_starts_with($incomingBack, '/')
-        && !preg_match('/["\'<>]/', $incomingBack)
-        && !preg_match('/(?:^|[?&])back=/', $incomingBack))
-        ? $incomingBack
-        : '';
+    $safeBackForLinks = \App\Support\BackUrl::sanitizeForLinks($incomingBack);
 
     // back 参数用于“返回上一页（保留上下文）”，但 back 本身不应再包含 back（避免无限嵌套导致 URL 膨胀）
     $selfWithoutBack = \App\Support\BackUrl::selfWithoutBack();