diff --git a/app/Http/Controllers/Admin/PlanController.php b/app/Http/Controllers/Admin/PlanController.php index e753170..4915ee0 100644 --- a/app/Http/Controllers/Admin/PlanController.php +++ b/app/Http/Controllers/Admin/PlanController.php @@ -148,7 +148,8 @@ class PlanController extends Controller $this->ensurePlatformAdmin($request); $back = (string) $request->query('back', ''); - $safeBack = str_starts_with($back, '/') ? $back : ''; + // back 需为站内相对路径,并拒绝引号/尖括号,避免后续页面以 `{!! !!}` 原样输出时引入 XSS 风险。 + $safeBack = (str_starts_with($back, '/') && !preg_match('/["\'<>]/', $back)) ? $back : ''; return view('admin.plans.form', [ 'plan' => new Plan(), @@ -167,7 +168,8 @@ class PlanController extends Controller $data = $this->validatePlan($request); $back = (string) $request->input('back', ''); - $safeBack = str_starts_with($back, '/') ? $back : ''; + // back 需为站内相对路径,并拒绝引号/尖括号,避免后续页面以 `{!! !!}` 原样输出时引入 XSS 风险。 + $safeBack = (str_starts_with($back, '/') && !preg_match('/["\'<>]/', $back)) ? $back : ''; $plan = Plan::query()->create($data); @@ -183,7 +185,8 @@ class PlanController extends Controller $this->ensurePlatformAdmin($request); $back = (string) $request->query('back', ''); - $safeBack = str_starts_with($back, '/') ? $back : ''; + // back 需为站内相对路径,并拒绝引号/尖括号,避免后续页面以 `{!! !!}` 原样输出时引入 XSS 风险。 + $safeBack = (str_starts_with($back, '/') && !preg_match('/["\'<>]/', $back)) ? $back : ''; return view('admin.plans.form', [ 'plan' => $plan, @@ -222,7 +225,8 @@ class PlanController extends Controller $data = $this->validatePlan($request, $plan->id); $back = (string) $request->input('back', ''); - $safeBack = str_starts_with($back, '/') ? $back : ''; + // back 需为站内相对路径,并拒绝引号/尖括号,避免后续页面以 `{!! !!}` 原样输出时引入 XSS 风险。 + $safeBack = (str_starts_with($back, '/') && !preg_match('/["\'<>]/', $back)) ? $back : ''; $plan->update($data);