From 8e7299751e9f5adb836bad8e6497554665d1e68a Mon Sep 17 00:00:00 2001
From: draconigen <draconigen@dogpixels.net>
Date: Thu, 6 Mar 2025 00:32:55 +0100
Subject: [PATCH] perf: :lock: allow only numeric ids

---
 index.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 3841d2c..c35ef61 100644
--- a/index.php
+++ b/index.php
@@ -4,13 +4,19 @@ include_once('src/storage.php');
 include_once('src/telegram.php');
 
 if (empty($_GET['id'])) {
-    $newId = bin2hex(random_bytes(16));
+    $newId = time() . rand(1000, 9999);
     header("Location: ?id=$newId");
     exit;
 }
 
 $id =  htmlspecialchars($_GET['id']);
 
+if (!is_numeric($id)) {
+    $newId = time() . rand(1000, 9999);
+    header("Location: ?id=$newId");
+    exit;
+}
+
 $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
 $bookmark = $protocol . '://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];