平台订单详情 back 安全：补充协议相对 URL（//evil.com）应被拒绝的测试护栏

tests/Feature/AdminPlatformOrderShowBackLinkTest.php

@@ -98,5 +98,10 @@ class AdminPlatformOrderShowBackLinkTest extends TestCase
         $this->get('/admin/platform-orders/' . $order->id . '?back=https://evil.example.com')
             ->assertOk()
             ->assertDontSee('返回上一页（保留上下文）');
+
+        // 协议相对 URL 也应被拒绝
+        $this->get('/admin/platform-orders/' . $order->id . '?back=' . urlencode('//evil.example.com/a'))
+            ->assertOk()
+            ->assertDontSee('返回上一页（保留上下文）');
     }
 }