From 1650ade338db93fb8b264c26ee3827494b261588 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Tue, 24 Feb 2026 23:20:09 +0100
Subject: [PATCH] Use a cryptographically random suffix for attachment file
 names to make them harder guess

---
 src/Services/Attachments/AttachmentSubmitHandler.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Services/Attachments/AttachmentSubmitHandler.php b/src/Services/Attachments/AttachmentSubmitHandler.php
index c7e69257..81a83f0c 100644
--- a/src/Services/Attachments/AttachmentSubmitHandler.php
+++ b/src/Services/Attachments/AttachmentSubmitHandler.php
@@ -137,7 +137,10 @@ class AttachmentSubmitHandler
             $attachment->getName()
         );
 
-        return $safeName.'-'.uniqid('', false).'.'.$extension;
+        // Generate a 12-character URL-safe random string, which should avoid collisions and prevent from guessing file paths.
+        $random = str_replace(['+', '/', '='], ['0', '1', '2'], base64_encode(random_bytes(9)));
+
+        return $safeName.'-'.$random.'.'.$extension;
     }
 
     /**