linxianzhuang/saasshop
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

补齐套餐详情页返回链接安全护栏测试

Browse Source
This commit is contained in:
萝卜
2026-03-20 08:49:36 +08:00
parent 26d284d3e4
commit f7250c485e
1 changed files with 61 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
tests/Feature/AdminPlanShowTest.php
View File

@@ -179,4 +179,65 @@ class AdminPlanShowTest extends TestCase
$res->assertSee($expectedShowUrl, false);
$res->assertSee('查看详情');
}
public function test_plan_show_should_drop_unsafe_back_and_not_render_return_to_previous_link(): void
{
$this->loginAsPlatformAdmin();
$plan = Plan::query()->create([
'code' => 'plan_show_unsafe_back_test',
'name' => '套餐详情 unsafe back 测试套餐',
'billing_cycle' => 'monthly',
'price' => 28,
'list_price' => 38,
'status' => 'active',
'sort' => 10,
]);
$unsafeBack = '/admin/plans?status=active&back=/admin/platform-orders';
$res = $this->get('/admin/plans/' . $plan->id . '?back=' . urlencode($unsafeBack));
$res->assertOk();
$res->assertDontSee('返回上一页(保留上下文)');
$res->assertSee('/admin/plans', false);
$res->assertDontSee('back=' . $unsafeBack, false);
}
public function test_plan_show_should_render_safe_back_but_governance_links_should_still_use_plan_show_self_back(): void
{
$this->loginAsPlatformAdmin();
$plan = Plan::query()->create([
'code' => 'plan_show_safe_back_test',
'name' => '套餐详情 safe back 测试套餐',
'billing_cycle' => 'monthly',
'price' => 58,
'list_price' => 68,
'status' => 'active',
'sort' => 10,
]);
$safeBack = '/admin/plans?' . Arr::query([
'status' => 'active',
'keyword' => '治理',
]);
$res = $this->get('/admin/plans/' . $plan->id . '?back=' . urlencode($safeBack));
$res->assertOk();
$res->assertSee('href="' . $safeBack . '"', false);
$res->assertSee('返回上一页(保留上下文)');
$planShowSelf = '/admin/plans/' . $plan->id;
$expectedPaidNoReceiptUrl = '/admin/platform-orders?' . Arr::query([
'plan_id' => $plan->id,
'payment_status' => 'paid',
'receipt_status' => 'none',
'back' => $planShowSelf,
]);
$res->assertSee($expectedPaidNoReceiptUrl, false);
$res->assertDontSee('back=' . $safeBack, false);
}
}