eurofurence/conbook-artist-credits
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

perf: 🔒 allow only numeric ids

Browse Source
This commit is contained in:
draconigen 2025-03-06 00:32:55 +01:00
parent 026aea638f
commit 8e7299751e
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
index.php
View File

@ -4,13 +4,19 @@ include_once('src/storage.php');
include_once('src/telegram.php'); include_once('src/telegram.php');
if (empty($_GET['id'])) { if (empty($_GET['id'])) {
$newId = bin2hex(random_bytes(16)); $newId = time() . rand(1000, 9999);
header("Location: ?id=$newId"); header("Location: ?id=$newId");
exit; exit;
} }
$id = htmlspecialchars($_GET['id']); $id = htmlspecialchars($_GET['id']);
if (!is_numeric($id)) {
$newId = time() . rand(1000, 9999);
header("Location: ?id=$newId");
exit;
}
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http'; $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$bookmark = $protocol . '://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $bookmark = $protocol . '://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];