From d34578452c9712b3c9109d07b0955c2251440645 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=90=9D=E5=8D=9C?= Date: Sun, 15 Mar 2026 04:45:04 +0000 Subject: [PATCH] =?UTF-8?q?BackUrl::sanitizeForLinks=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E9=95=BF=E5=BA=A6=E5=AE=89=E5=85=A8=E9=98=80=EF=BC=88>2000=20?= =?UTF-8?q?=E6=8B=92=E7=BB=9D=EF=BC=89=E5=B9=B6=E8=A1=A5=E5=8D=95=E6=B5=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Support/BackUrl.php | 6 ++++++ tests/Unit/BackUrlSanitizeForLinksTest.php | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/app/Support/BackUrl.php b/app/Support/BackUrl.php index 21b6547..a96ab75 100644 --- a/app/Support/BackUrl.php +++ b/app/Support/BackUrl.php @@ -18,6 +18,12 @@ class BackUrl return ''; } + // 长度安全阀:避免超长 back 造成 header/url 过大、日志污染或潜在 DoS + // 与表单侧 max:2000 的校验口径对齐。 + if (strlen($incomingBack) > 2000) { + return ''; + } + if (!str_starts_with($incomingBack, '/')) { return ''; } diff --git a/tests/Unit/BackUrlSanitizeForLinksTest.php b/tests/Unit/BackUrlSanitizeForLinksTest.php index a8a70b4..7ae55e7 100644 --- a/tests/Unit/BackUrlSanitizeForLinksTest.php +++ b/tests/Unit/BackUrlSanitizeForLinksTest.php @@ -12,6 +12,12 @@ class BackUrlSanitizeForLinksTest extends TestCase $this->assertSame('/admin/platform-orders', BackUrl::sanitizeForLinks('/admin/platform-orders')); } + public function test_sanitize_for_links_should_reject_too_long_back(): void + { + $long = '/admin/x?' . str_repeat('a', 5000); + $this->assertSame('', BackUrl::sanitizeForLinks($long)); + } + public function test_sanitize_for_links_should_reject_absolute_urls(): void { $this->assertSame('', BackUrl::sanitizeForLinks('https://evil.com/a'));