fix(back): 订阅详情页 back 校验拒绝 nested back + 护栏测试

2026-03-14 02:09:07 +00:00
parent 56bf040252
commit 7479eb0e77
2 changed files with 69 additions and 1 deletions
--- a/resources/views/admin/site_subscriptions/show.blade.php
+++ b/resources/views/admin/site_subscriptions/show.blade.php
@@ -121,7 +121,12 @@
        @php
            $back = (string) request()->query('back', '');
            // back 安全校验：只接受相对路径，且拒绝引号/尖括号（由于下方 href 采用原样输出以避免 &amp; 影响回链/断言）
-            $safeBack = (str_starts_with($back, '/') && !preg_match('/["\'<>]/', $back)) ? $back : '';
+            $safeBack = (str_starts_with($back, '/')
+                && !preg_match('/["\'<>]/', $back)
+                // back 本身不应再包含 back（避免无限嵌套导致 URL 膨胀）
+                && !preg_match('/(?:^|[?&])back=/', $back))
+                ? $back
+                : '';
        @endphp

        @if($safeBack)