BackUrl::sanitizeForLinks 增强：拒绝控制字符与 CRLF 注入 并补单测

tests/Unit/BackUrlSanitizeForLinksTest.php

@@ -24,6 +24,10 @@ class BackUrlSanitizeForLinksTest extends TestCase
         $this->assertSame('', BackUrl::sanitizeForLinks("/admin/x?keyword='a'"));
         $this->assertSame('', BackUrl::sanitizeForLinks('/admin/x?a=<b>'));
         $this->assertSame('', BackUrl::sanitizeForLinks('/admin/x?a=>'));
+
+        // 控制字符/CRLF 注入
+        $this->assertSame('', BackUrl::sanitizeForLinks("/admin/x?x=1\nSet-Cookie:evil=1"));
+        $this->assertSame('', BackUrl::sanitizeForLinks('/admin/x?x=1%0aSet-Cookie:evil=1'));
     }
 
     public function test_sanitize_for_links_should_reject_nested_back_param(): void