Resolve "Kurz-URLs können auf externe URLs verweisen"

Closes #6148 Merge request studip/studip!4663
author: Thomas Hackl <hackl@data-quest.de> 2026-01-09 12:43:27 +0100
committer: David Siegfried <david.siegfried@uni-vechta.de> 2026-01-09 11:43:27 +0000
commit: a5ae15c1b831d5636732c68dbcbd321f04b8ef60 (patch)
tree: 81077f91b44b44445fe8d0ab35b6ca3f85b39d9a
parent: 575aff10765144d06f22f132333b3ebe83bfca60 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/classes/JsonApi/Routes/ShortUrls/ShortUrlCreate.php b/lib/classes/JsonApi/Routes/ShortUrls/ShortUrlCreate.php
index ea51cc8..0f9f151 100644
--- a/lib/classes/JsonApi/Routes/ShortUrls/ShortUrlCreate.php
+++ b/lib/classes/JsonApi/Routes/ShortUrls/ShortUrlCreate.php
@@ -55,6 +55,10 @@ final class ShortUrlCreate extends JsonApiController
             return 'No url for the short-url defined';
         }
 
+        if (!is_internal_url($json['data']['attributes']['path'])) {
+            return 'The target must not be an external URL';
+        }
+
         if (!trim(self::arrayGet($json, 'data.attributes.alias'))) {
             return 'No alias for the short-url defined';
         }
author	Thomas Hackl <hackl@data-quest.de>	2026-01-09 12:43:27 +0100
committer	David Siegfried <david.siegfried@uni-vechta.de>	2026-01-09 11:43:27 +0000
commit	a5ae15c1b831d5636732c68dbcbd321f04b8ef60 (patch)
tree	81077f91b44b44445fe8d0ab35b6ca3f85b39d9a
parent	575aff10765144d06f22f132333b3ebe83bfca60 (diff)