fix: batch return_url use relative self url (avoid fullUrl domain)
This commit is contained in:
萝卜
@@ -175,7 +175,18 @@
|
||||
<h3>商品列表</h3>
|
||||
<form id="platform-batch-form" method="post" action="/admin/products/batch" onsubmit="return confirm('确认执行本次批量操作?');">
|
||||
@csrf
|
||||
<input type="hidden" name="return_url" value="{{ request()->fullUrl() }}">
|
||||
@php
|
||||
// return_url:用于批量操作后回到当前列表(保留筛选上下文)。
|
||||
// 说明:不使用 request()->fullUrl()(可能包含域名),避免被后端“仅允许站内相对路径”规则拦截。
|
||||
// 同时:剔除 return_url 本身,避免出现嵌套导致 URL 膨胀。
|
||||
$currentQuery = request()->query();
|
||||
unset($currentQuery['return_url']);
|
||||
$selfWithoutReturn = '/' . ltrim(request()->path(), '/');
|
||||
if (count($currentQuery) > 0) {
|
||||
$selfWithoutReturn .= '?' . \Illuminate\Support\Arr::query($currentQuery);
|
||||
}
|
||||
@endphp
|
||||
<input type="hidden" name="return_url" value="{{ $selfWithoutReturn }}">
|
||||
<div class="actions gap-10 mb-12">
|
||||
<select name="action"><option value="change_status">批量改状态</option><option value="change_category">批量改分类</option></select>
|
||||
<select name="status"><option value="">选择状态(用于批量改状态)</option>@foreach($filterOptions['statuses'] as $status)<option value="{{ $statusLabels[$status] ?? $status }}">{{ $statusLabels[$status] ?? $status }}</option>@endforeach</select>
|
||||
|
||||
@@ -161,7 +161,27 @@
|
||||
|
||||
<div class="card">
|
||||
<h3>商品列表</h3>
|
||||
<form id="merchant-batch-form" method="post" action="/merchant-admin/products/batch" onsubmit="return confirm('确认执行本次批量操作?');">@csrf <input type="hidden" name="return_url" value="{{ request()->fullUrl() }}"><div class="actions mb-12"><select name="action"><option value="change_status">批量改状态</option><option value="change_category">批量改分类</option></select><select name="status"><option value="">选择状态(用于批量改状态)</option>@foreach($filterOptions['statuses'] as $status)<option value="{{ $statusLabels[$status] ?? $status }}">{{ $statusLabels[$status] ?? $status }}</option>@endforeach</select><select name="category_id"><option value="">清空分类 / 不指定(用于批量改分类)</option>@foreach($categories as $category)<option value="{{ $category->id }}">{{ $category->name }}</option>@endforeach</select><button type="submit">执行批量操作</button></div></form>
|
||||
<form id="merchant-batch-form" method="post" action="/merchant-admin/products/batch" onsubmit="return confirm('确认执行本次批量操作?');">
|
||||
@csrf
|
||||
@php
|
||||
// return_url:用于批量操作后回到当前列表(保留筛选上下文)。
|
||||
// 说明:不使用 request()->fullUrl()(可能包含域名),避免被后端“仅允许站内相对路径”规则拦截。
|
||||
// 同时:剔除 return_url 本身,避免出现嵌套导致 URL 膨胀。
|
||||
$currentQuery = request()->query();
|
||||
unset($currentQuery['return_url']);
|
||||
$selfWithoutReturn = '/' . ltrim(request()->path(), '/');
|
||||
if (count($currentQuery) > 0) {
|
||||
$selfWithoutReturn .= '?' . \Illuminate\Support\Arr::query($currentQuery);
|
||||
}
|
||||
@endphp
|
||||
<input type="hidden" name="return_url" value="{{ $selfWithoutReturn }}">
|
||||
<div class="actions mb-12">
|
||||
<select name="action"><option value="change_status">批量改状态</option><option value="change_category">批量改分类</option></select>
|
||||
<select name="status"><option value="">选择状态(用于批量改状态)</option>@foreach($filterOptions['statuses'] as $status)<option value="{{ $statusLabels[$status] ?? $status }}">{{ $statusLabels[$status] ?? $status }}</option>@endforeach</select>
|
||||
<select name="category_id"><option value="">清空分类 / 不指定(用于批量改分类)</option>@foreach($categories as $category)<option value="{{ $category->id }}">{{ $category->name }}</option>@endforeach</select>
|
||||
<button type="submit">执行批量操作</button>
|
||||
</div>
|
||||
</form>
|
||||
<p class="muted muted-tight">批量操作只会作用于当前登录商家可见商品,越权或已删除数据会被拦截。</p>
|
||||
<table>
|
||||
<thead><tr><th><input type="checkbox" data-check-all="merchant-products"></th><th>ID</th><th>标题</th><th>分类</th><th>SKU</th><th>售价/原价</th><th>库存</th><th>创建时间</th><th>更新时间</th><th>状态</th><th>操作</th></tr></thead>
|
||||
|
||||
Reference in New Issue
Block a user