feat(backurl): preserve existing fragment when appending back
This commit is contained in:
萝卜
@@ -99,10 +99,21 @@ class BackUrl
|
|||||||
return $path;
|
return $path;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 兼容:若调用方传入的 path 自带 fragment(#xxx),这里拆出并在最后追加。
|
||||||
|
// fragment 仍做白名单校验(与 withBackAndFragment 同口径),避免意外注入/属性污染。
|
||||||
|
$fragmentSuffix = '';
|
||||||
|
if (str_contains($path, '#')) {
|
||||||
|
[$path, $fragment] = explode('#', $path, 2);
|
||||||
|
$fragment = ltrim((string) $fragment, '#');
|
||||||
|
if ($fragment !== '' && preg_match('/^[A-Za-z0-9_-]+$/', $fragment)) {
|
||||||
|
$fragmentSuffix = '#' . $fragment;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$backQuery = \Illuminate\Support\Arr::query(['back' => $safeBackForLinks]);
|
$backQuery = \Illuminate\Support\Arr::query(['back' => $safeBackForLinks]);
|
||||||
|
|
||||||
if (!str_contains($path, '?')) {
|
if (!str_contains($path, '?')) {
|
||||||
return $path . '?' . $backQuery;
|
return $path . '?' . $backQuery . $fragmentSuffix;
|
||||||
}
|
}
|
||||||
|
|
||||||
[$base, $qs] = explode('?', $path, 2);
|
[$base, $qs] = explode('?', $path, 2);
|
||||||
@@ -111,19 +122,19 @@ class BackUrl
|
|||||||
|
|
||||||
// 处理类似 "/xx?" 或 "/xx?&" 的情况:视为无 query
|
// 处理类似 "/xx?" 或 "/xx?&" 的情况:视为无 query
|
||||||
if ($qs === '') {
|
if ($qs === '') {
|
||||||
return $base . '?' . $backQuery;
|
return $base . '?' . $backQuery . $fragmentSuffix;
|
||||||
}
|
}
|
||||||
|
|
||||||
// 若 path 自身已包含 back=(调用方误用),则不再追加,避免重复 back 造成 URL 膨胀/绕过。
|
// 若 path 自身已包含 back=(调用方误用),则不再追加,避免重复 back 造成 URL 膨胀/绕过。
|
||||||
if (preg_match('/(?:^|&)back=/', $qs)) {
|
if (preg_match('/(?:^|&)back=/', $qs)) {
|
||||||
return $base . '?' . $qs;
|
return $base . '?' . $qs . $fragmentSuffix;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($preferFirst) {
|
if ($preferFirst) {
|
||||||
return $base . '?' . $backQuery . '&' . $qs;
|
return $base . '?' . $backQuery . '&' . $qs . $fragmentSuffix;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $base . '?' . $qs . '&' . $backQuery;
|
return $base . '?' . $qs . '&' . $backQuery . $fragmentSuffix;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
40
tests/Unit/BackUrlWithBackFragmentTest.php
Normal file
40
tests/Unit/BackUrlWithBackFragmentTest.php
Normal file
@@ -0,0 +1,40 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Tests\Unit;
|
||||||
|
|
||||||
|
use App\Support\BackUrl;
|
||||||
|
use Illuminate\Support\Arr;
|
||||||
|
use Tests\TestCase;
|
||||||
|
|
||||||
|
class BackUrlWithBackFragmentTest extends TestCase
|
||||||
|
{
|
||||||
|
public function test_with_back_should_preserve_existing_fragment_when_safe(): void
|
||||||
|
{
|
||||||
|
$back = '/admin/platform-orders/2';
|
||||||
|
$backQuery = Arr::query(['back' => $back]);
|
||||||
|
|
||||||
|
$url = BackUrl::withBack('/admin/site-subscriptions/2#syncable-batch', $back);
|
||||||
|
|
||||||
|
$this->assertSame('/admin/site-subscriptions/2?' . $backQuery . '#syncable-batch', $url);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function test_with_back_should_drop_existing_fragment_when_not_whitelisted(): void
|
||||||
|
{
|
||||||
|
$back = '/admin/platform-orders/2';
|
||||||
|
$backQuery = Arr::query(['back' => $back]);
|
||||||
|
|
||||||
|
$url = BackUrl::withBack('/admin/site-subscriptions/2#bad#frag', $back);
|
||||||
|
|
||||||
|
$this->assertSame('/admin/site-subscriptions/2?' . $backQuery, $url);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function test_with_back_first_should_preserve_existing_fragment_when_safe(): void
|
||||||
|
{
|
||||||
|
$back = '/admin/platform-orders/2';
|
||||||
|
$backQuery = Arr::query(['back' => $back]);
|
||||||
|
|
||||||
|
$url = BackUrl::withBackFirst('/admin/site-subscriptions/2?order_sync_status=syncable#syncable-batch', $back);
|
||||||
|
|
||||||
|
$this->assertSame('/admin/site-subscriptions/2?' . $backQuery . '&order_sync_status=syncable#syncable-batch', $url);
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user