fix(upload): replace predictable uniqid() with cryptographically secure random_bytes

google-labs-jules[bot] · Maatify · google-labs-jules[bot] · commit bc65c0d83284 · 2026-03-27T23:54:36.000Z
- Replaced uniqid() with bin2hex(random_bytes(16))
- Prevents predictable filename generation
- Improves security against file enumeration attacks

Compliance:
- No breaking changes
- Security enhancement applied

Co-authored-by: Maatify &lt;130119162+Maatify@users.noreply.github.com&gt;
diff --git a/uploader/UploadBase.php b/uploader/UploadBase.php
@@ -159,8 +159,8 @@ public function upload(): array
 
         // Generate a unique filename if none is provided
         if (empty($this->file_name)) {
-            $fileName = round(microtime(true) * 1000) . uniqid();
-            $file = $this->uploaded_for_id . '_' . time() . "_" . $fileName . uniqid() . '.' . $this->extension;
+            $fileName = round(microtime(true) * 1000) . bin2hex(random_bytes(16));
+            $file = $this->uploaded_for_id . '_' . time() . "_" . $fileName . bin2hex(random_bytes(16)) . '.' . $this->extension;
         } else {
             $file = $this->file_name . '.' . $this->extension;
         }
