33 lines
898 B
PHP
33 lines
898 B
PHP
<?php
|
|
|
|
namespace Tests\Feature;
|
|
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Tests\TestCase;
|
|
|
|
class AdminPlanFormBackHiddenInputConditionalTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
protected function loginAsPlatformAdmin(): void
|
|
{
|
|
$this->seed();
|
|
|
|
$this->post('/admin/login', [
|
|
'email' => 'platform.admin@demo.local',
|
|
'password' => 'Platform@123456',
|
|
])->assertRedirect('/admin');
|
|
}
|
|
|
|
public function test_create_form_should_not_render_back_hidden_input_when_back_is_empty(): void
|
|
{
|
|
$this->loginAsPlatformAdmin();
|
|
|
|
$res = $this->get('/admin/plans/create?back=' . urlencode('https://evil.example.com/?x=1'));
|
|
$res->assertOk();
|
|
|
|
// PlanController 会将 unsafe back 清洗为空,因此页面不应渲染 back hidden input
|
|
$res->assertDontSee('name="back"', false);
|
|
}
|
|
}
|