37 lines
1.0 KiB
PHP
37 lines
1.0 KiB
PHP
<?php
|
|
|
|
namespace Tests\Unit;
|
|
|
|
use App\Support\BackUrl;
|
|
use Illuminate\Support\Arr;
|
|
use Tests\TestCase;
|
|
|
|
class BackUrlSanitizeInsideWithBackTest extends TestCase
|
|
{
|
|
public function test_with_back_should_drop_unsafe_back_even_if_caller_passes_it_in(): void
|
|
{
|
|
$unsafeBack = "'/admin/platform-orders";
|
|
|
|
$url = BackUrl::withBack('/admin/site-subscriptions/2', $unsafeBack);
|
|
|
|
$this->assertSame('/admin/site-subscriptions/2', $url);
|
|
}
|
|
|
|
public function test_with_back_should_drop_nested_back_even_if_caller_passes_it_in(): void
|
|
{
|
|
$nestedBack = '/admin/platform-orders?back=/admin/xx';
|
|
|
|
$url = BackUrl::withBack('/admin/site-subscriptions/2', $nestedBack);
|
|
|
|
$this->assertSame('/admin/site-subscriptions/2', $url);
|
|
}
|
|
|
|
public function test_with_back_should_keep_safe_back(): void
|
|
{
|
|
$back = '/admin/platform-orders/2';
|
|
$url = BackUrl::withBack('/admin/site-subscriptions/2', $back);
|
|
|
|
$this->assertSame('/admin/site-subscriptions/2?' . Arr::query(['back' => $back]), $url);
|
|
}
|
|
}
|