<?php

namespace Tests\Feature;

use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;

class AdminPlatformOrderIndexBackLinkNotEscapedTest extends TestCase
{
    use RefreshDatabase;

    protected function loginAsPlatformAdmin(): void
    {
        $this->seed();

        $this->post('/admin/login', [
            'email' => 'platform.admin@demo.local',
            'password' => 'Platform@123456',
        ])->assertRedirect('/admin');
    }

    public function test_index_back_link_should_not_escape_ampersand(): void
    {
        $this->loginAsPlatformAdmin();

        $back = '/admin/site-subscriptions?status=activated&keyword=test';

        $this->get('/admin/platform-orders?back=' . urlencode($back))
            ->assertOk()
            ->assertSee('返回上一页（保留上下文）')
            // 关键护栏：必须是原样 &，不能被 escape 成 &amp;
            ->assertSee('href="' . $back . '"', false);
    }

    public function test_index_should_not_show_back_link_when_back_is_external_url(): void
    {
        $this->loginAsPlatformAdmin();

        $this->get('/admin/platform-orders?back=' . urlencode('https://evil.example.com/?x=1&y=2'))
            ->assertOk()
            ->assertDontSee('返回上一页（保留上下文）');
    }
}