订阅列表：关联订单数链接用 Arr::query 且避免 &

resources/views/admin/site_subscriptions/index.blade.php

@@ -205,7 +205,13 @@
                 <td>
                     @php $cnt = (int) ($subscription->platform_orders_count ?? 0); @endphp
                     @if($cnt > 0)
-                        <a href="/admin/platform-orders?site_subscription_id={{ $subscription->id }}&back={{ urlencode($back) }}">{{ $cnt }}</a>
+                        @php
+                            $platformOrdersUrl = '/admin/platform-orders?' . \Illuminate\Support\Arr::query([
+                                'site_subscription_id' => $subscription->id,
+                                'back' => $back,
+                            ]);
+                        @endphp
+                        <a href="{!! $platformOrdersUrl !!}">{{ $cnt }}</a>
                     @else
                         <span class="muted">0</span>
                     @endif

tests/Feature/AdminSiteSubscriptionIndexPlatformOrdersCountLinkNotEscapedTest.php

@@ -0,0 +1,90 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Merchant;
+use App\Models\Plan;
+use App\Models\PlatformOrder;
+use App\Models\SiteSubscription;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Arr;
+use Tests\TestCase;
+
+class AdminSiteSubscriptionIndexPlatformOrdersCountLinkNotEscapedTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_platform_orders_count_link_should_not_be_amp_escaped(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $merchant = Merchant::query()->firstOrFail();
+        $plan = Plan::query()->create([
+            'code' => 'sub_index_orders_count_no_escape_plan',
+            'name' => '订阅列表关联订单数链接不转义测试套餐',
+            'billing_cycle' => 'monthly',
+            'price' => 10,
+            'list_price' => 10,
+            'status' => 'active',
+            'sort' => 10,
+            'published_at' => now(),
+        ]);
+
+        $sub = SiteSubscription::query()->create([
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'status' => 'activated',
+            'source' => 'manual',
+            'subscription_no' => 'SUB_INDEX_ORDER_COUNT_0001',
+            'plan_name' => $plan->name,
+            'billing_cycle' => $plan->billing_cycle,
+            'period_months' => 1,
+            'amount' => 10,
+            'starts_at' => now()->subDay(),
+            'ends_at' => now()->addMonth(),
+            'activated_at' => now()->subDay(),
+        ]);
+
+        PlatformOrder::query()->create([
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'site_subscription_id' => $sub->id,
+            'order_no' => 'PO_SUB_INDEX_ORDER_COUNT_0001',
+            'order_type' => 'new_purchase',
+            'status' => 'pending',
+            'payment_status' => 'unpaid',
+            'plan_name' => $plan->name,
+            'billing_cycle' => $plan->billing_cycle,
+            'period_months' => 1,
+            'quantity' => 1,
+            'payable_amount' => 10,
+            'paid_amount' => 0,
+            'placed_at' => now(),
+            'meta' => [],
+        ]);
+
+        // 订阅列表页带 back，生成链接时含两个 query 参数，不能被渲染成 &amp;
+        $res = $this->get('/admin/site-subscriptions?back=' . urlencode('/admin/plans'));
+        $res->assertOk();
+
+        $expectedBack = '/admin/site-subscriptions';
+
+        $expectedUrl = '/admin/platform-orders?' . Arr::query([
+            'site_subscription_id' => $sub->id,
+            'back' => $expectedBack,
+        ]);
+
+        $res->assertSee($expectedUrl, false);
+        $res->assertDontSee('site_subscription_id=' . $sub->id . '&amp;', false);
+    }
+}