From 5e06df93608c1ab0e6410a522c678fd3764d7d68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=90=9D=E5=8D=9C?= <dev@saasshop.local>
Date: Sat, 14 Mar 2026 01:32:42 +0000
Subject: [PATCH] =?UTF-8?q?test(back):=20=E5=B9=B3=E5=8F=B0=E8=AE=A2?=
 =?UTF-8?q?=E5=8D=95=E5=88=9B=E5=BB=BA=E8=A1=A8=E5=8D=95=20back=20?=
 =?UTF-8?q?=E9=93=BE=E6=8E=A5=E4=B8=8D=E5=BA=94=20escape=20&=EF=BC=88?=
 =?UTF-8?q?=E6=8A=A4=E6=A0=8F=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...latformOrderFormBackLinkNotEscapedTest.php | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 tests/Feature/AdminPlatformOrderFormBackLinkNotEscapedTest.php

diff --git a/tests/Feature/AdminPlatformOrderFormBackLinkNotEscapedTest.php b/tests/Feature/AdminPlatformOrderFormBackLinkNotEscapedTest.php
new file mode 100644
index 0000000..a55a01c
--- /dev/null
+++ b/tests/Feature/AdminPlatformOrderFormBackLinkNotEscapedTest.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace Tests\Feature;
+
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class AdminPlatformOrderFormBackLinkNotEscapedTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_create_form_back_link_should_not_escape_ampersand(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $back = '/admin/site-subscriptions?status=activated&keyword=test';
+
+        $res = $this->get('/admin/platform-orders/create?back=' . urlencode($back));
+        $res->assertOk();
+
+        $res->assertSee('返回（保留上下文）');
+        $res->assertSee('href="' . $back . '"', false);
+        $res->assertDontSee('href="' . str_replace('&', '&amp;', $back) . '"', false);
+    }
+}