seed(); $this->post('/admin/login', [ 'email' => 'platform.admin@demo.local', 'password' => 'Platform@123456', ])->assertRedirect('/admin'); } public function test_dashboard_billing_workbench_entry_links_should_carry_safe_back_and_not_escape_ampersand(): void { $this->loginAsPlatformAdmin(); $res = $this->get('/admin?back=' . urlencode('/admin/plans?status=active')); $res->assertOk(); $res->assertSee('收费工作台'); // 口径：仪表盘内部入口应始终返回“仪表盘本身”（selfWithoutBack=/admin），不沿用进入仪表盘时的 incoming back。 $res->assertSee('href="/admin/platform-orders?back=%2Fadmin"', false); $res->assertSee('href="/admin/site-subscriptions?back=%2Fadmin"', false); $res->assertSee('href="/admin/plans?back=%2Fadmin"', false); // 避免 Blade 自动转义导致 back 参数中的 & 被转成 & $res->assertDontSee('&back=', false); // 同时应不携带 incoming back。 $res->assertDontSee('back=%2Fadmin%2Fplans%3Fstatus%3Dactive', false); } }