payfrit/payfrit-biz
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
This repository has been archived on 2026-03-21. You can view files and clone it, but cannot push or open issues or pull requests.
171 commits 1 branch 0 tags 39 MiB
ColdFusion 76.5%
HTML 15.8%
JavaScript 6.6%
CSS 0.7%
Java 0.4%
Find a file
John Mizerek 3f15b0c8b6 Fix SQL injection, wrong PK, and hardcoded production URLs 
Security:
- orders/submit.cfm: parameterize IN clause (was string-interpolated)
- auth/completeProfile.cfm: fix UserID → ID on Users table PK

Environment-aware URLs:
- Add application.baseUrl to config/environment.cfm
- Replace all hardcoded https://biz.payfrit.com with application.baseUrl in:
  orders/getDetail, tasks/getDetails, auth/completeProfile, auth/avatar,
  stripe/onboard, users/search, workers/onboardingLink, workers/earlyUnlock

Also fix submit.cfm qMeta.ItemID → qMeta.ID (column not in SELECT)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 21:14:19 -08:00
admin Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
api Fix SQL injection, wrong PK, and hardcoded production URLs 2026-01-31 21:14:19 -08:00
cfpayment Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
cron Fix TaskID → ID in WHERE clauses on Tasks table (4 files + cron copy) 2026-01-31 21:00:46 -08:00
css Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
fonts Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
hud Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
images Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
includes Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
js Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
kds Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
library/cfc Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
modules Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
portal Fix settings page element ID mismatches 2026-01-31 20:44:26 -08:00
receipt Fix remaining old column names missed by initial batch rename 2026-01-30 22:58:46 -08:00
styles Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
twilio Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
uploads Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
verticals Add Manage Menus toolbar button, photo upload, and various improvements 2026-01-28 14:43:41 -08:00
yelpforexes.com Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
.gitignore Move 70 one-off admin scripts to api/admin/_scripts/ (gitignored) 2026-01-31 20:38:49 -08:00
_process.cfm Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
aaa Payfrit app new.apf Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
android-chrome-192x192.png Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
android-chrome-512x512.png Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
apple-touch-icon.png Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
Application.cfm Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
CHANGELOG.md Update changelog with recent fixes 2026-01-31 18:18:03 -08:00
confirm.cfm Fix remaining old column names missed by initial batch rename 2026-01-30 22:58:46 -08:00
confirm_email.cfm Complete DB column normalization: strip redundant table-name prefixes from all SQL queries 2026-01-31 20:03:40 -08:00
confirm_mobile.cfm Fix remaining old column names missed by initial batch rename 2026-01-30 22:58:46 -08:00
favicon-16x16.png Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
favicon-32x32.png Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
favicon.ico Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
favicon.svg Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
index.cfm Fix remaining old column names missed by initial batch rename 2026-01-30 22:58:46 -08:00
index.cfml Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
index.htm Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
index.html Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
logout.cfm Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
NoBark.apf Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
onrequestend.cfm Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
privacy.html Add user account APIs and fix Lucee header handling 2026-01-08 20:01:07 -08:00
register.cfm Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
register.cfm.old Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
reset.cfm Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
show_order.cfm Fix remaining old column names missed by initial batch rename 2026-01-30 22:58:46 -08:00
test_date_search.cfm Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
test_expand_checkbox.cfm Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
test_expand_checkbox2.cfm Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
test_expand_checkbox3.cfm Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
test_expand_checkbox4.cfm Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00
test_infinite original.cfm Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
test_infinite.cfm Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
Untitled1.cfm Checkpoint: beacon-servicepoint CRUD + assignments API working 2025-12-27 20:14:55 -08:00