套餐表单:统一safeBackForLinks护栏变量(去重)
This commit is contained in:
萝卜
@@ -13,17 +13,19 @@
|
|||||||
@csrf
|
@csrf
|
||||||
|
|
||||||
@php
|
@php
|
||||||
$back = (string) ($back ?? '');
|
$incomingBack = (string) ($back ?? '');
|
||||||
// back 作为隐藏字段用于 store 后跳转回来源页:同样需要安全护栏
|
// back 安全护栏(全页通用):
|
||||||
$safeBack = (str_starts_with($back, '/')
|
// - 仅允许站内相对路径(/ 开头)
|
||||||
&& !preg_match('/["\'<>]/', $back)
|
// - 拒绝引号/尖括号
|
||||||
// back 本身不应再包含 back(避免无限嵌套导致 URL 膨胀)
|
// - 拒绝 nested back=(避免 URL 膨胀/绕过)
|
||||||
&& !preg_match('/(?:^|[?&])back=/', $back))
|
$safeBackForLinks = (str_starts_with($incomingBack, '/')
|
||||||
? $back
|
&& !preg_match('/["\'<>]/', $incomingBack)
|
||||||
|
&& !preg_match('/(?:^|[?&])back=/', $incomingBack))
|
||||||
|
? $incomingBack
|
||||||
: '';
|
: '';
|
||||||
@endphp
|
@endphp
|
||||||
@if($safeBack !== '')
|
@if($safeBackForLinks !== '')
|
||||||
<input type="hidden" name="back" value="{{ $safeBack }}">
|
<input type="hidden" name="back" value="{{ $safeBackForLinks }}">
|
||||||
@endif
|
@endif
|
||||||
|
|
||||||
<label>
|
<label>
|
||||||
@@ -81,8 +83,7 @@
|
|||||||
</label>
|
</label>
|
||||||
|
|
||||||
@php
|
@php
|
||||||
$back = (string) ($back ?? '');
|
$backUrl = $safeBackForLinks !== '' ? $safeBackForLinks : '/admin/plans';
|
||||||
$backUrl = $back !== '' ? $back : '/admin/plans';
|
|
||||||
@endphp
|
@endphp
|
||||||
<div class="form-actions actions gap-10">
|
<div class="form-actions actions gap-10">
|
||||||
{{-- back 可能包含 query(含 &),此处需原样输出,避免 Blade escape 成 & 导致回退上下文丢失。--}}
|
{{-- back 可能包含 query(含 &),此处需原样输出,避免 Blade escape 成 & 导致回退上下文丢失。--}}
|
||||||
|
|||||||
Reference in New Issue
Block a user