feat(backurl): preserve existing fragment when appending back
This commit is contained in:
萝卜
@@ -99,10 +99,21 @@ class BackUrl
|
||||
return $path;
|
||||
}
|
||||
|
||||
// 兼容:若调用方传入的 path 自带 fragment(#xxx),这里拆出并在最后追加。
|
||||
// fragment 仍做白名单校验(与 withBackAndFragment 同口径),避免意外注入/属性污染。
|
||||
$fragmentSuffix = '';
|
||||
if (str_contains($path, '#')) {
|
||||
[$path, $fragment] = explode('#', $path, 2);
|
||||
$fragment = ltrim((string) $fragment, '#');
|
||||
if ($fragment !== '' && preg_match('/^[A-Za-z0-9_-]+$/', $fragment)) {
|
||||
$fragmentSuffix = '#' . $fragment;
|
||||
}
|
||||
}
|
||||
|
||||
$backQuery = \Illuminate\Support\Arr::query(['back' => $safeBackForLinks]);
|
||||
|
||||
if (!str_contains($path, '?')) {
|
||||
return $path . '?' . $backQuery;
|
||||
return $path . '?' . $backQuery . $fragmentSuffix;
|
||||
}
|
||||
|
||||
[$base, $qs] = explode('?', $path, 2);
|
||||
@@ -111,19 +122,19 @@ class BackUrl
|
||||
|
||||
// 处理类似 "/xx?" 或 "/xx?&" 的情况:视为无 query
|
||||
if ($qs === '') {
|
||||
return $base . '?' . $backQuery;
|
||||
return $base . '?' . $backQuery . $fragmentSuffix;
|
||||
}
|
||||
|
||||
// 若 path 自身已包含 back=(调用方误用),则不再追加,避免重复 back 造成 URL 膨胀/绕过。
|
||||
if (preg_match('/(?:^|&)back=/', $qs)) {
|
||||
return $base . '?' . $qs;
|
||||
return $base . '?' . $qs . $fragmentSuffix;
|
||||
}
|
||||
|
||||
if ($preferFirst) {
|
||||
return $base . '?' . $backQuery . '&' . $qs;
|
||||
return $base . '?' . $backQuery . '&' . $qs . $fragmentSuffix;
|
||||
}
|
||||
|
||||
return $base . '?' . $qs . '&' . $backQuery;
|
||||
return $base . '?' . $qs . '&' . $backQuery . $fragmentSuffix;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
40
tests/Unit/BackUrlWithBackFragmentTest.php
Normal file
40
tests/Unit/BackUrlWithBackFragmentTest.php
Normal file
@@ -0,0 +1,40 @@
|
||||
<?php
|
||||
|
||||
namespace Tests\Unit;
|
||||
|
||||
use App\Support\BackUrl;
|
||||
use Illuminate\Support\Arr;
|
||||
use Tests\TestCase;
|
||||
|
||||
class BackUrlWithBackFragmentTest extends TestCase
|
||||
{
|
||||
public function test_with_back_should_preserve_existing_fragment_when_safe(): void
|
||||
{
|
||||
$back = '/admin/platform-orders/2';
|
||||
$backQuery = Arr::query(['back' => $back]);
|
||||
|
||||
$url = BackUrl::withBack('/admin/site-subscriptions/2#syncable-batch', $back);
|
||||
|
||||
$this->assertSame('/admin/site-subscriptions/2?' . $backQuery . '#syncable-batch', $url);
|
||||
}
|
||||
|
||||
public function test_with_back_should_drop_existing_fragment_when_not_whitelisted(): void
|
||||
{
|
||||
$back = '/admin/platform-orders/2';
|
||||
$backQuery = Arr::query(['back' => $back]);
|
||||
|
||||
$url = BackUrl::withBack('/admin/site-subscriptions/2#bad#frag', $back);
|
||||
|
||||
$this->assertSame('/admin/site-subscriptions/2?' . $backQuery, $url);
|
||||
}
|
||||
|
||||
public function test_with_back_first_should_preserve_existing_fragment_when_safe(): void
|
||||
{
|
||||
$back = '/admin/platform-orders/2';
|
||||
$backQuery = Arr::query(['back' => $back]);
|
||||
|
||||
$url = BackUrl::withBackFirst('/admin/site-subscriptions/2?order_sync_status=syncable#syncable-batch', $back);
|
||||
|
||||
$this->assertSame('/admin/site-subscriptions/2?' . $backQuery . '&order_sync_status=syncable#syncable-batch', $url);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user