From 8f5db9cc24f94d490f2b7d822ec442f55ad7b98f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=90=9D=E5=8D=9C?= <dev@saasshop.local>
Date: Sat, 14 Mar 2026 01:25:42 +0000
Subject: [PATCH] =?UTF-8?q?fix(back):=20PlanController=20back=20=E6=A0=A1?=
 =?UTF-8?q?=E9=AA=8C=E5=A2=9E=E5=BC=BA=EF=BC=88=E6=8B=92=E7=BB=9D=E5=BC=95?=
 =?UTF-8?q?=E5=8F=B7/=E5=B0=96=E6=8B=AC=E5=8F=B7=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Controllers/Admin/PlanController.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/Http/Controllers/Admin/PlanController.php b/app/Http/Controllers/Admin/PlanController.php
index e753170..4915ee0 100644
--- a/app/Http/Controllers/Admin/PlanController.php
+++ b/app/Http/Controllers/Admin/PlanController.php
@@ -148,7 +148,8 @@ class PlanController extends Controller
         $this->ensurePlatformAdmin($request);
 
         $back = (string) $request->query('back', '');
-        $safeBack = str_starts_with($back, '/') ? $back : '';
+        // back 需为站内相对路径，并拒绝引号/尖括号，避免后续页面以 `{!! !!}` 原样输出时引入 XSS 风险。
+        $safeBack = (str_starts_with($back, '/') && !preg_match('/["\'<>]/', $back)) ? $back : '';
 
         return view('admin.plans.form', [
             'plan' => new Plan(),
@@ -167,7 +168,8 @@ class PlanController extends Controller
         $data = $this->validatePlan($request);
 
         $back = (string) $request->input('back', '');
-        $safeBack = str_starts_with($back, '/') ? $back : '';
+        // back 需为站内相对路径，并拒绝引号/尖括号，避免后续页面以 `{!! !!}` 原样输出时引入 XSS 风险。
+        $safeBack = (str_starts_with($back, '/') && !preg_match('/["\'<>]/', $back)) ? $back : '';
 
         $plan = Plan::query()->create($data);
 
@@ -183,7 +185,8 @@ class PlanController extends Controller
         $this->ensurePlatformAdmin($request);
 
         $back = (string) $request->query('back', '');
-        $safeBack = str_starts_with($back, '/') ? $back : '';
+        // back 需为站内相对路径，并拒绝引号/尖括号，避免后续页面以 `{!! !!}` 原样输出时引入 XSS 风险。
+        $safeBack = (str_starts_with($back, '/') && !preg_match('/["\'<>]/', $back)) ? $back : '';
 
         return view('admin.plans.form', [
             'plan' => $plan,
@@ -222,7 +225,8 @@ class PlanController extends Controller
         $data = $this->validatePlan($request, $plan->id);
 
         $back = (string) $request->input('back', '');
-        $safeBack = str_starts_with($back, '/') ? $back : '';
+        // back 需为站内相对路径，并拒绝引号/尖括号，避免后续页面以 `{!! !!}` 原样输出时引入 XSS 风险。
+        $safeBack = (str_starts_with($back, '/') && !preg_match('/["\'<>]/', $back)) ? $back : '';
 
         $plan->update($data);