diff --git a/d2warehouse/app/main.py b/d2warehouse/app/main.py
index 93a1d97..bf17885 100644
--- a/d2warehouse/app/main.py
+++ b/d2warehouse/app/main.py
@@ -1,3 +1,4 @@
+import hashlib
 from flask import Flask, redirect, abort, render_template, request
 from pathlib import Path
 from d2warehouse.parser import parse_stash
@@ -19,7 +20,7 @@ def save_path() -> Path:
         path = Path.home() / "Saved Games/Diablo II Resurrected"
 
     if not path.exists():
-        raise RuntimeError("Save path `{path}` does not exist")
+        raise RuntimeError(f"Save path `{path}` does not exist")
     return path
 
 
@@ -42,8 +43,12 @@ def list_stash(stash_name: str):
         abort(404)
     path = save_path() / STASH_FILES[stash_name]
     stash_data = path.read_bytes()
+    stash_hash = hashlib.sha256(stash_data).hexdigest()
     stash = parse_stash(stash_data)
-    return render_template("list_stash.html", stash_name=stash_name, stash=stash)
+
+    return render_template(
+        "list_stash.html", stash_name=stash_name, stash=stash, stash_hash=stash_hash
+    )
 
 
 @app.route("/stash/<stash_name>/store", methods=["POST"])
@@ -58,15 +63,16 @@ def stash_store_items(stash_name: str):
         return 500
 
     stash_data = stash_path.read_bytes()
+    stash_hash = hashlib.sha256(stash_data).hexdigest()
+    if request.form.get("stash_hash") != stash_hash:
+        return "wrong stash hash", 400
+
     stash = parse_stash(stash_data)
 
     items = []
-    for item_location in request.form.keys():
-        match = re.match(r"(\d+)_(\d+)", item_location)
-        if not match:
-            # TODO: Handle this condition
-            return "invalid position"
-        tab_idx, item_idx = int(match.group(1)), int(match.group(2))
+    locs = [y for x in request.form.keys() if (y := re.match(r"item_(\d+)_(\d+)", x))]
+    for item_location in locs:
+        tab_idx, item_idx = int(item_location.group(1)), int(item_location.group(2))
         if tab_idx > len(stash.tabs) or item_idx > len(stash.tabs[tab_idx].items):
             # TODO: Handle this condition
             return "invalid position (2)"
diff --git a/d2warehouse/app/templates/item.html b/d2warehouse/app/templates/item.html
index 20b45c9..f43eaf1 100644
--- a/d2warehouse/app/templates/item.html
+++ b/d2warehouse/app/templates/item.html
@@ -1,5 +1,5 @@
 <div class="item">
-  <input type="checkbox" name="{{tabloop.index0}}_{{itemloop.index0}}" value="remove" /> ({{tabloop.index0}}, {{itemloop.index0}})
+  <input type="checkbox" name="item_{{tabloop.index0}}_{{itemloop.index0}}" value="remove" /> ({{tabloop.index0}}, {{itemloop.index0}})
   <ul>
     <li class="name color-{{item.color}}">{{item.name}}</li>
     {% if item.quality and item.quality >= 5 %}
diff --git a/d2warehouse/app/templates/list_stash.html b/d2warehouse/app/templates/list_stash.html
index 5eec266..182165f 100644
--- a/d2warehouse/app/templates/list_stash.html
+++ b/d2warehouse/app/templates/list_stash.html
@@ -17,7 +17,8 @@
       {% endfor %}
     </div>
     {% endfor %}
-    <input type="submit" value="Remove items">
+    <input type="submit" value="Store items">
+    <input type="hidden" name="stash_hash" value="{{stash_hash}}" />
     </form>
   </body>
 </html>