avoid duplication of ID check

lib/Model/AbstractModel.php

@@ -155,7 +155,7 @@ abstract class AbstractModel
      */
     public static function isValidId($id)
     {
-        return (bool) preg_match('#\A[a-f\d]{16}\z#', (string) $id);
+        return (bool) preg_match('#\A[a-f0-9]{16}\z#', (string) $id);
     }
 
     /**

lib/Request.php

@@ -12,6 +12,7 @@
 namespace PrivateBin;
 
 use Exception;
+use PrivateBin\Model\Paste;
 
 /**
  * Request
@@ -84,7 +85,7 @@ class Request
         foreach ($_GET as $key => $value) {
             // only return if value is empty and key is 16 hex chars
             $key = (string) $key;
-            if (($value === '') && strlen($key) === 16 && ctype_xdigit($key)) {
+            if (empty($value) && Paste::isValidId($key)) {
                 return $key;
             }
         }

tst/ModelTest.php

@@ -317,7 +317,11 @@ class ModelTest extends TestCase
     public function testPasteIdValidation()
     {
         $this->assertTrue(Paste::isValidId('a242ab7bdfb2581a'), 'valid paste id');
-        $this->assertFalse(Paste::isValidId('foo'), 'invalid hex values');
+        $this->assertFalse(Paste::isValidId('foo'), 'invalid hex values & length');
+        $this->assertFalse(Paste::isValidId('f00'), 'invalid length');
+        $this->assertFalse(Paste::isValidId('foo bar baz quux'), 'invalid hex values');
+        $this->assertFalse(Paste::isValidId("\n01234567feedcafe"), 'invalid line breaks');
+        $this->assertFalse(Paste::isValidId("deadbeef01234567\n"), 'invalid line breaks');
         $this->assertFalse(Paste::isValidId('../bar/baz'), 'path attack');
     }