diff --git a/resources/views/admin/platform_orders/show.blade.php b/resources/views/admin/platform_orders/show.blade.php
index 7fb0b5d..74250c6 100644
--- a/resources/views/admin/platform_orders/show.blade.php
+++ b/resources/views/admin/platform_orders/show.blade.php
@@ -669,12 +669,29 @@
 <div class="mb-20" style="margin-top:16px;">
     @php
         $back = (string) request()->query('back', '');
-        // back 安全校验：只接受相对路径，且拒绝引号/尖括号，避免潜在 XSS（由于下方 href 采用原样输出以避免 &amp; 影响断言）
-        $safeBack = (str_starts_with($back, '/') && !preg_match('/["\'<>]/', $back)) ? $back : '';
+        // back 安全校验：只接受相对路径，且拒绝引号/尖括号，并拒绝 nested back，避免潜在 XSS/URL 膨胀。
+        // 说明：下方 href 采用原样输出以避免 &amp; 影响断言。
+        $safeBack = (str_starts_with($back, '/')
+            && !preg_match('/["\'<>]/', $back)
+            && !preg_match('/(?:^|[?&])back=/', $back))
+            ? $back
+            : '';
+
+        // 若 back 指向的平台订单列表带 lead_id，则在详情页也提示当前来源线索（更不迷路）。
+        $leadIdFromBack = 0;
+        if ($safeBack !== '') {
+            $parts = parse_url($safeBack);
+            parse_str((string) ($parts['query'] ?? ''), $q);
+            $leadIdFromBack = (int) ($q['lead_id'] ?? 0);
+        }
     @endphp
 
     @if($safeBack)
         <a href="{!! $safeBack !!}" class="muted">← 返回上一页（保留上下文）</a>
+        @if($leadIdFromBack > 0)
+            <span class="muted">｜</span>
+            <span class="badge">来源线索：#{{ $leadIdFromBack }}</span>
+        @endif
         <span class="muted">｜</span>
     @endif
 
diff --git a/tests/Feature/AdminPlatformOrderShowBackSafetyValveRejectsNestedBackTest.php b/tests/Feature/AdminPlatformOrderShowBackSafetyValveRejectsNestedBackTest.php
new file mode 100644
index 0000000..fecf3bd
--- /dev/null
+++ b/tests/Feature/AdminPlatformOrderShowBackSafetyValveRejectsNestedBackTest.php
@@ -0,0 +1,76 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Merchant;
+use App\Models\Plan;
+use App\Models\PlatformOrder;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Arr;
+use Tests\TestCase;
+
+class AdminPlatformOrderShowBackSafetyValveRejectsNestedBackTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_show_should_not_render_back_link_when_back_contains_nested_back(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $merchant = Merchant::query()->firstOrFail();
+
+        $plan = Plan::query()->create([
+            'code' => 'show_back_nested_plan',
+            'name' => '订单详情back嵌套测试套餐',
+            'billing_cycle' => 'monthly',
+            'price' => 10,
+            'list_price' => 10,
+            'status' => 'active',
+            'sort' => 10,
+            'published_at' => now(),
+        ]);
+
+        $order = PlatformOrder::query()->create([
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'site_subscription_id' => null,
+            'created_by_admin_id' => 1,
+            'order_no' => 'PO_SHOW_BACK_NESTED_0001',
+            'order_type' => 'new_purchase',
+            'status' => 'pending',
+            'payment_status' => 'unpaid',
+            'payment_channel' => null,
+            'plan_name' => $plan->name,
+            'billing_cycle' => $plan->billing_cycle,
+            'period_months' => 1,
+            'quantity' => 1,
+            'list_amount' => 10,
+            'discount_amount' => 0,
+            'payable_amount' => 10,
+            'paid_amount' => 0,
+            'placed_at' => now(),
+            'plan_snapshot' => ['plan_id' => $plan->id],
+            'meta' => [],
+            'remark' => 'test',
+        ]);
+
+        $nestedBack = '/admin/platform-orders?back=' . urlencode('/admin');
+
+        $res = $this->get('/admin/platform-orders/' . $order->id . '?' . Arr::query([
+            'back' => $nestedBack,
+        ]));
+
+        $res->assertOk();
+        $res->assertDontSee('返回上一页（保留上下文）', false);
+    }
+}
diff --git a/tests/Feature/AdminPlatformOrderShowLeadIdFromBackHintTest.php b/tests/Feature/AdminPlatformOrderShowLeadIdFromBackHintTest.php
new file mode 100644
index 0000000..a582e7f
--- /dev/null
+++ b/tests/Feature/AdminPlatformOrderShowLeadIdFromBackHintTest.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Merchant;
+use App\Models\Plan;
+use App\Models\PlatformOrder;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Arr;
+use Tests\TestCase;
+
+class AdminPlatformOrderShowLeadIdFromBackHintTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_show_should_render_lead_hint_when_back_contains_lead_id(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $merchant = Merchant::query()->firstOrFail();
+
+        $plan = Plan::query()->create([
+            'code' => 'show_back_lead_plan',
+            'name' => '订单详情back线索提示测试套餐',
+            'billing_cycle' => 'monthly',
+            'price' => 10,
+            'list_price' => 10,
+            'status' => 'active',
+            'sort' => 10,
+            'published_at' => now(),
+        ]);
+
+        $order = PlatformOrder::query()->create([
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'site_subscription_id' => null,
+            'created_by_admin_id' => 1,
+            'order_no' => 'PO_SHOW_BACK_LEAD_0001',
+            'order_type' => 'new_purchase',
+            'status' => 'pending',
+            'payment_status' => 'unpaid',
+            'payment_channel' => null,
+            'plan_name' => $plan->name,
+            'billing_cycle' => $plan->billing_cycle,
+            'period_months' => 1,
+            'quantity' => 1,
+            'list_amount' => 10,
+            'discount_amount' => 0,
+            'payable_amount' => 10,
+            'paid_amount' => 0,
+            'placed_at' => now(),
+            'plan_snapshot' => ['plan_id' => $plan->id],
+            'meta' => [],
+            'remark' => 'test',
+        ]);
+
+        $back = '/admin/platform-orders?' . Arr::query([
+            'lead_id' => 12,
+            'payment_status' => 'paid',
+        ]);
+
+        $res = $this->get('/admin/platform-orders/' . $order->id . '?' . Arr::query([
+            'back' => $back,
+        ]));
+
+        $res->assertOk();
+        $res->assertSee('来源线索：#12', false);
+    }
+}