[Bug]: Custom shared link can be reused without cross check

[sharcslife]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

With Nextcloud 31, the features formerly provided via the share renamer app was included in the main application.
The feature works as expected, but it turned out that one could take the token of an existing/active link and use it for a different file. There is no cross check implemented to check whether or not a token is already in use.

The link leads to the file that was shared with the link first. When that token is changed or the link deactivated, it switches to the newly created one.

Steps to reproduce

1. Create link
2. Copy the token of it
3. Create second link
4. Use option "customize link" on it and paste the token from step 2

Expected behavior

A mechanism should check for already existing tokens and display a warning/error message if a token is already in use.

Nextcloud Server version

33

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.5

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

List of activated Apps

Nextcloud Signing status

Nextcloud Logs

Additional info

No response