43 lines
1.4 KiB
PHP
43 lines
1.4 KiB
PHP
<?php
|
||
|
||
namespace Tests\Feature;
|
||
|
||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||
use Tests\TestCase;
|
||
|
||
class AdminDashboardBillingWorkbenchLinksCarrySafeBackTest extends TestCase
|
||
{
|
||
use RefreshDatabase;
|
||
|
||
protected function loginAsPlatformAdmin(): void
|
||
{
|
||
$this->seed();
|
||
|
||
$this->post('/admin/login', [
|
||
'email' => 'platform.admin@demo.local',
|
||
'password' => 'Platform@123456',
|
||
])->assertRedirect('/admin');
|
||
}
|
||
|
||
public function test_dashboard_billing_workbench_entry_links_should_carry_safe_back_and_not_escape_ampersand(): void
|
||
{
|
||
$this->loginAsPlatformAdmin();
|
||
|
||
$res = $this->get('/admin?back=' . urlencode('/admin/plans?status=active'));
|
||
$res->assertOk();
|
||
|
||
$res->assertSee('收费工作台');
|
||
|
||
// 口径:仪表盘内部入口应始终返回“仪表盘本身”(selfWithoutBack=/admin),不沿用进入仪表盘时的 incoming back。
|
||
$res->assertSee('href="/admin/platform-orders?back=%2Fadmin"', false);
|
||
$res->assertSee('href="/admin/site-subscriptions?back=%2Fadmin"', false);
|
||
$res->assertSee('href="/admin/plans?back=%2Fadmin"', false);
|
||
|
||
// 避免 Blade 自动转义导致 back 参数中的 & 被转成 &
|
||
$res->assertDontSee('&back=', false);
|
||
|
||
// 同时应不携带 incoming back。
|
||
$res->assertDontSee('back=%2Fadmin%2Fplans%3Fstatus%3Dactive', false);
|
||
}
|
||
}
|