From 8aa262d48fcc46088aac2df2dad88573b5bf3ec7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=90=9D=E5=8D=9C?= <dev@saasshop.local>
Date: Sat, 14 Mar 2026 17:17:08 +0000
Subject: [PATCH] =?UTF-8?q?=E5=A5=97=E9=A4=90=E5=88=97=E8=A1=A8=EF=BC=9A?=
 =?UTF-8?q?=E7=A7=BB=E9=99=A4=E9=87=8D=E5=A4=8DsafeBackForLinks=E8=AE=A1?=
 =?UTF-8?q?=E7=AE=97=EF=BC=88=E5=8E=BB=E9=87=8D=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 resources/views/admin/plans/index.blade.php | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/resources/views/admin/plans/index.blade.php b/resources/views/admin/plans/index.blade.php
index 446e523..18c22ef 100644
--- a/resources/views/admin/plans/index.blade.php
+++ b/resources/views/admin/plans/index.blade.php
@@ -54,15 +54,6 @@
 
     @php
         // 快捷筛选：仅保留“上下文”字段（back/keyword），避免把其它筛选条件叠加导致空结果
-        // 统一的 back 安全护栏：本页大量 href 采用 `{!! !!}` 原样输出，必须严控 back 注入与 nested back。
-        $incomingBack = (string) request()->query('back', '');
-        $safeBackForLinks = (str_starts_with($incomingBack, '/')
-            && !preg_match('/["\'<>]/', $incomingBack)
-            // back 本身不应再包含 back（避免无限嵌套导致 URL 膨胀）
-            && !preg_match('/(?:^|[?&])back=/', $incomingBack))
-            ? $incomingBack
-            : '';
-
         $buildQuickFilterUrl = function (array $overrides) use ($safeBackForLinks) {
             $path = '/' . ltrim(request()->path(), '/');