From 4a9d94c186275163be1f70c23db572577d733a45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=90=9D=E5=8D=9C?= <dev@saasshop.local>
Date: Fri, 13 Mar 2026 20:09:53 +0000
Subject: [PATCH] =?UTF-8?q?=E8=AE=A2=E9=98=85=E8=AF=A6=E6=83=85=EF=BC=9A?=
 =?UTF-8?q?=E5=B9=B3=E5=8F=B0=E8=AE=A2=E5=8D=95=E8=B7=B3=E8=BD=AC=E9=93=BE?=
 =?UTF-8?q?=E6=8E=A5=E7=BB=9F=E4=B8=80=20Arr::query=20=E4=B8=94=E9=81=BF?=
 =?UTF-8?q?=E5=85=8D=20&amp;?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../admin/site_subscriptions/show.blade.php   |  9 +-
 ...OrdersLinkUsesMakePlatformOrderUrlTest.php | 92 +++++++++++++++++++
 ...wRelatedOrdersTableLinksNotEscapedTest.php | 89 ++++++++++++++++++
 3 files changed, 187 insertions(+), 3 deletions(-)
 create mode 100644 tests/Feature/AdminSiteSubscriptionShowOpenInPlatformOrdersLinkUsesMakePlatformOrderUrlTest.php
 create mode 100644 tests/Feature/AdminSiteSubscriptionShowRelatedOrdersTableLinksNotEscapedTest.php

diff --git a/resources/views/admin/site_subscriptions/show.blade.php b/resources/views/admin/site_subscriptions/show.blade.php
index 15b293c..88d691e 100644
--- a/resources/views/admin/site_subscriptions/show.blade.php
+++ b/resources/views/admin/site_subscriptions/show.blade.php
@@ -331,7 +331,7 @@
         <span class="muted">｜</span>
         <a href="?order_sync_status=syncable" class="muted">可同步</a>
         <span class="muted">｜</span>
-        <a href="/admin/platform-orders?site_subscription_id={{ $subscription->id }}&back={{ urlencode($selfWithoutBack) }}" class="muted">在平台订单页打开</a>
+        <a href="{!! $makePlatformOrderUrl(['site_subscription_id' => $subscription->id]) !!}" class="muted">在平台订单页打开</a>
         @if($cur)
             <span class="muted">（当前：{{ $cur }}）</span>
         @endif
@@ -368,7 +368,10 @@
             @endphp
             <tr>
                 <td>{{ $order->id }}</td>
-                <td><a href="/admin/platform-orders/{{ $order->id }}?back={{ urlencode($selfWithoutBack) }}">{{ $order->order_no }}</a></td>
+                @php
+                    $orderShowUrl = '/admin/platform-orders/' . $order->id . '?' . \Illuminate\Support\Arr::query(['back' => $selfWithoutBack]);
+                @endphp
+                <td><a href="{!! $orderShowUrl !!}">{{ $order->order_no }}</a></td>
                 <td>{{ $order->status }}</td>
                 <td>{{ $order->payment_status }}</td>
                 <td>¥{{ number_format((float) $order->payable_amount, 2) }} / ¥{{ number_format((float) $order->paid_amount, 2) }}</td>
@@ -386,7 +389,7 @@
                     @endif
                 </td>
                 <td>
-                    <a href="/admin/platform-orders/{{ $order->id }}?back={{ urlencode($selfWithoutBack) }}">详情</a>
+                    <a href="{!! $orderShowUrl !!}">详情</a>
                 </td>
             </tr>
         @empty
diff --git a/tests/Feature/AdminSiteSubscriptionShowOpenInPlatformOrdersLinkUsesMakePlatformOrderUrlTest.php b/tests/Feature/AdminSiteSubscriptionShowOpenInPlatformOrdersLinkUsesMakePlatformOrderUrlTest.php
new file mode 100644
index 0000000..b2aec5e
--- /dev/null
+++ b/tests/Feature/AdminSiteSubscriptionShowOpenInPlatformOrdersLinkUsesMakePlatformOrderUrlTest.php
@@ -0,0 +1,92 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Merchant;
+use App\Models\Plan;
+use App\Models\PlatformOrder;
+use App\Models\SiteSubscription;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Arr;
+use Tests\TestCase;
+
+class AdminSiteSubscriptionShowOpenInPlatformOrdersLinkUsesMakePlatformOrderUrlTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_open_in_platform_orders_link_should_carry_back_to_subscription_show_self_without_back(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $merchant = Merchant::query()->firstOrFail();
+        $plan = Plan::query()->create([
+            'code' => 'sub_show_open_po_back_plan',
+            'name' => '订阅详情在平台订单页打开 back 口径测试套餐',
+            'billing_cycle' => 'monthly',
+            'price' => 10,
+            'list_price' => 10,
+            'status' => 'active',
+            'sort' => 10,
+            'published_at' => now(),
+        ]);
+
+        $sub = SiteSubscription::query()->create([
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'status' => 'activated',
+            'source' => 'manual',
+            'subscription_no' => 'SUB_SHOW_OPEN_PO_0001',
+            'plan_name' => $plan->name,
+            'billing_cycle' => $plan->billing_cycle,
+            'period_months' => 1,
+            'amount' => 10,
+            'starts_at' => now()->subDay(),
+            'ends_at' => now()->addMonth(),
+            'activated_at' => now()->subDay(),
+        ]);
+
+        // 保证页面渲染“关联平台订单”区块
+        PlatformOrder::query()->create([
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'site_subscription_id' => $sub->id,
+            'order_no' => 'PO_SUB_SHOW_OPEN_PO_0001',
+            'order_type' => 'renewal',
+            'status' => 'pending',
+            'payment_status' => 'unpaid',
+            'plan_name' => $plan->name,
+            'billing_cycle' => $plan->billing_cycle,
+            'period_months' => 1,
+            'quantity' => 1,
+            'payable_amount' => 10,
+            'paid_amount' => 0,
+            'placed_at' => now(),
+            'meta' => [],
+        ]);
+
+        // 带 back 进入订阅详情页（模拟从列表进入）
+        $res = $this->get('/admin/site-subscriptions/' . $sub->id . '?back=' . urlencode('/admin/site-subscriptions?status=activated'));
+        $res->assertOk();
+
+        // 订阅详情页自身 URL 应剔除 back query
+        $expectedSubShowSelf = '/admin/site-subscriptions/' . $sub->id;
+
+        $expectedUrl = '/admin/platform-orders?' . Arr::query([
+            'site_subscription_id' => $sub->id,
+            'back' => $expectedSubShowSelf,
+        ]);
+
+        $res->assertSee($expectedUrl, false);
+        $res->assertDontSee('back%3D', false);
+    }
+}
diff --git a/tests/Feature/AdminSiteSubscriptionShowRelatedOrdersTableLinksNotEscapedTest.php b/tests/Feature/AdminSiteSubscriptionShowRelatedOrdersTableLinksNotEscapedTest.php
new file mode 100644
index 0000000..76bb2ac
--- /dev/null
+++ b/tests/Feature/AdminSiteSubscriptionShowRelatedOrdersTableLinksNotEscapedTest.php
@@ -0,0 +1,89 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Merchant;
+use App\Models\Plan;
+use App\Models\PlatformOrder;
+use App\Models\SiteSubscription;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Arr;
+use Tests\TestCase;
+
+class AdminSiteSubscriptionShowRelatedOrdersTableLinksNotEscapedTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_related_orders_table_links_should_not_render_amp_escaped_query_delimiter(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $merchant = Merchant::query()->firstOrFail();
+        $plan = Plan::query()->create([
+            'code' => 'sub_show_related_orders_link_no_escape_plan',
+            'name' => '订阅详情关联订单表格链接不转义测试套餐',
+            'billing_cycle' => 'monthly',
+            'price' => 10,
+            'list_price' => 10,
+            'status' => 'active',
+            'sort' => 10,
+            'published_at' => now(),
+        ]);
+
+        $sub = SiteSubscription::query()->create([
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'status' => 'activated',
+            'source' => 'manual',
+            'subscription_no' => 'SUB_SHOW_RELATED_ORDERS_NO_ESCAPE_0001',
+            'plan_name' => $plan->name,
+            'billing_cycle' => $plan->billing_cycle,
+            'period_months' => 1,
+            'amount' => 10,
+            'starts_at' => now()->subDay(),
+            'ends_at' => now()->addMonth(),
+            'activated_at' => now()->subDay(),
+        ]);
+
+        $order = PlatformOrder::query()->create([
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'site_subscription_id' => $sub->id,
+            'order_no' => 'PO_SUB_SHOW_RELATED_NO_ESCAPE_0001',
+            'order_type' => 'renewal',
+            'status' => 'pending',
+            'payment_status' => 'unpaid',
+            'plan_name' => $plan->name,
+            'billing_cycle' => $plan->billing_cycle,
+            'period_months' => 1,
+            'quantity' => 1,
+            'payable_amount' => 10,
+            'paid_amount' => 0,
+            'placed_at' => now(),
+            'meta' => [],
+        ]);
+
+        // 带 back 进入订阅详情页
+        $res = $this->get('/admin/site-subscriptions/' . $sub->id . '?back=' . urlencode('/admin/site-subscriptions?status=activated'));
+        $res->assertOk();
+
+        $expectedSubShowSelf = '/admin/site-subscriptions/' . $sub->id;
+
+        $expectedOrderShowUrl = '/admin/platform-orders/' . $order->id . '?' . Arr::query([
+            'back' => $expectedSubShowSelf,
+        ]);
+
+        $res->assertSee($expectedOrderShowUrl, false);
+        $res->assertDontSee('back=' . urlencode($expectedSubShowSelf) . '&amp;', false);
+    }
+}