payfrit/payfrit-biz
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2026-03-21. You can view files and clone it, but cannot push or open issues or pull requests.
payfrit-biz/api/workers
History
John Mizerek 3f15b0c8b6 Fix SQL injection, wrong PK, and hardcoded production URLs 
Security:
- orders/submit.cfm: parameterize IN clause (was string-interpolated)
- auth/completeProfile.cfm: fix UserID → ID on Users table PK

Environment-aware URLs:
- Add application.baseUrl to config/environment.cfm
- Replace all hardcoded https://biz.payfrit.com with application.baseUrl in:
  orders/getDetail, tasks/getDetails, auth/completeProfile, auth/avatar,
  stripe/onboard, users/search, workers/onboardingLink, workers/earlyUnlock

Also fix submit.cfm qMeta.ItemID → qMeta.ID (column not in SELECT)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 21:14:19 -08:00
..
createAccount.cfm Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00
earlyUnlock.cfm Fix SQL injection, wrong PK, and hardcoded production URLs 2026-01-31 21:14:19 -08:00
ledger.cfm Fix remaining old column names missed by initial batch rename 2026-01-30 22:58:46 -08:00
myBusinesses.cfm Complete DB column normalization: strip redundant table-name prefixes from all SQL queries 2026-01-31 20:03:40 -08:00
onboardingLink.cfm Fix SQL injection, wrong PK, and hardcoded production URLs 2026-01-31 21:14:19 -08:00
tierStatus.cfm Normalize database column and table names across entire codebase 2026-01-30 15:39:12 -08:00