diff --git a/app/Http/Controllers/Admin/PlatformOrderController.php b/app/Http/Controllers/Admin/PlatformOrderController.php index 38cd771..8e3b7fd 100644 --- a/app/Http/Controllers/Admin/PlatformOrderController.php +++ b/app/Http/Controllers/Admin/PlatformOrderController.php @@ -1635,7 +1635,10 @@ class PlatformOrderController extends Controller (string) $runId, ); - return redirect()->back()->with('success', '批量同步订阅任务已提交到队列:命中 ' . $matchedTotal . ' 条,本次处理 ' . $processed . ' 条(limit=' . $limit . ',run_id=' . $runId . ')。'); + return redirect()->back() + ->with('success', '批量同步订阅任务已提交到队列:命中 ' . $matchedTotal . ' 条,本次处理 ' . $processed . ' 条(limit=' . $limit . ',run_id=' . $runId . ')。') + ->with('success_link_href', '/admin/platform-batches/show?type=bas&run_id=' . urlencode((string) $runId)) + ->with('success_link_label', '进入批次复盘'); } public function batchMarkPaidAndActivate(Request $request, SubscriptionActivationService $service): RedirectResponse diff --git a/resources/views/admin/layouts/app.blade.php b/resources/views/admin/layouts/app.blade.php index deb1182..57f3889 100644 --- a/resources/views/admin/layouts/app.blade.php +++ b/resources/views/admin/layouts/app.blade.php @@ -77,7 +77,18 @@ {{-- 页面标题已统一收敛到各页面的 PageHeader 组件,避免重复出现“大标题”。 --}} @if(session('success')) -
{{ session('success') }}
+
+ {{ session('success') }} + @if(session('success_link_href')) + @php + $flashLinkHref = \App\Support\BackUrl::sanitizeForLinks((string) session('success_link_href')); + $flashLinkLabel = (string) (session('success_link_label') ?: '查看'); + @endphp + @if($flashLinkHref !== '') + {{ $flashLinkLabel }} + @endif + @endif +
@endif @if(session('warning'))
{{ session('warning') }}
diff --git a/tests/Feature/AdminFlashSuccessShouldSupportOptionalLinkTest.php b/tests/Feature/AdminFlashSuccessShouldSupportOptionalLinkTest.php new file mode 100644 index 0000000..c25c2d9 --- /dev/null +++ b/tests/Feature/AdminFlashSuccessShouldSupportOptionalLinkTest.php @@ -0,0 +1,52 @@ +seed(); + + $this->post('/admin/login', [ + 'email' => 'platform.admin@demo.local', + 'password' => 'Platform@123456', + ])->assertRedirect('/admin'); + } + + public function test_flash_success_should_render_optional_link_when_session_keys_present(): void + { + $this->loginAsPlatformAdmin(); + + $res = $this->withSession([ + 'success' => '操作成功', + 'success_link_href' => '/admin/platform-batches/show?type=bas&run_id=BAS202603171234560001', + 'success_link_label' => '进入批次复盘', + ])->get('/admin'); + + $res->assertOk(); + $res->assertSee('操作成功'); + $res->assertSee('进入批次复盘'); + $res->assertSee('/admin/platform-batches/show?type=bas&run_id=BAS202603171234560001', false); + } + + public function test_flash_success_link_should_be_sanitized_to_relative_path(): void + { + $this->loginAsPlatformAdmin(); + + $res = $this->withSession([ + 'success' => 'ok', + 'success_link_href' => 'https://evil.example.com/x', + 'success_link_label' => '查看', + ])->get('/admin'); + + $res->assertOk(); + // 外链应被 sanitize 掉,不应渲染 href + $res->assertDontSee('https://evil.example.com/x'); + } +}