Fix open redirect in legacy ticket.php URL handler

The /ticket.php?id=VALUE redirect did not validate the id parameter,
allowing path traversal (e.g. ?id=../admin) or other unexpected values
in the Location header. Added ctype_digit validation so only positive
numeric IDs are redirected to /ticket/N; anything else falls back to /.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

index.php

@@ -400,7 +400,12 @@ switch (true) {
         exit;
         
     case preg_match('/^\/ticket\.php/', $requestPath) && isset($_GET['id']):
-        header("Location: /ticket/" . $_GET['id']);
+        $legacyId = (string)$_GET['id'];
+        if (ctype_digit($legacyId) && (int)$legacyId > 0) {
+            header("Location: /ticket/" . $legacyId);
+        } else {
+            header("Location: /");
+        }
         exit;
         
     default: