订阅详情:统一safeBackForLinks护栏变量(去重)
This commit is contained in:
萝卜
@@ -119,18 +119,21 @@
|
||||
|
||||
<div class="mt-10">
|
||||
@php
|
||||
$back = (string) request()->query('back', '');
|
||||
// back 安全校验:只接受相对路径,且拒绝引号/尖括号(由于下方 href 采用原样输出以避免 & 影响回链/断言)
|
||||
$safeBack = (str_starts_with($back, '/')
|
||||
&& !preg_match('/["\'<>]/', $back)
|
||||
// back 本身不应再包含 back(避免无限嵌套导致 URL 膨胀)
|
||||
&& !preg_match('/(?:^|[?&])back=/', $back))
|
||||
? $back
|
||||
$incomingBack = (string) request()->query('back', '');
|
||||
// back 安全护栏:
|
||||
// - 仅允许站内相对路径(/ 开头)
|
||||
// - 拒绝引号/尖括号
|
||||
// - 拒绝 nested back=(避免 URL 膨胀/绕过)
|
||||
// 说明:下方 href 采用原样输出以避免 & 影响回链/断言。
|
||||
$safeBackForLinks = (str_starts_with($incomingBack, '/')
|
||||
&& !preg_match('/["\'<>]/', $incomingBack)
|
||||
&& !preg_match('/(?:^|[?&])back=/', $incomingBack))
|
||||
? $incomingBack
|
||||
: '';
|
||||
@endphp
|
||||
|
||||
@if($safeBack)
|
||||
<a href="{!! $safeBack !!}" class="muted">← 返回上一页(保留上下文)</a>
|
||||
@if($safeBackForLinks !== '')
|
||||
<a href="{!! $safeBackForLinks !!}" class="muted">← 返回上一页(保留上下文)</a>
|
||||
<span class="muted">|</span>
|
||||
@endif
|
||||
|
||||
@@ -413,7 +416,7 @@
|
||||
// 重要:这里的筛选链接需要保留 back,否则点击后会丢失“返回上一页(保留上下文)”能力。
|
||||
// 同时:href 中会包含多个 query 参数,必须使用 `{!! !!}` 原样输出,避免 `&` 被转义为 `&`。
|
||||
$incomingBack = (string) request()->query('back', '');
|
||||
$safeBack = (str_starts_with($incomingBack, '/')
|
||||
$safeBackForLinks = (str_starts_with($incomingBack, '/')
|
||||
&& !preg_match('/["\'<>]/', $incomingBack)
|
||||
&& !preg_match('/(?:^|[?&])back=/', $incomingBack))
|
||||
? $incomingBack
|
||||
@@ -422,8 +425,8 @@
|
||||
$baseQuery = request()->query();
|
||||
unset($baseQuery['order_sync_status']);
|
||||
|
||||
if ($safeBack !== '') {
|
||||
$baseQuery['back'] = $safeBack;
|
||||
if ($safeBackForLinks !== '') {
|
||||
$baseQuery['back'] = $safeBackForLinks;
|
||||
} else {
|
||||
unset($baseQuery['back']);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user