3f15b0c8b6
Security: - orders/submit.cfm: parameterize IN clause (was string-interpolated) - auth/completeProfile.cfm: fix UserID → ID on Users table PK Environment-aware URLs: - Add application.baseUrl to config/environment.cfm - Replace all hardcoded https://biz.payfrit.com with application.baseUrl in: orders/getDetail, tasks/getDetails, auth/completeProfile, auth/avatar, stripe/onboard, users/search, workers/onboardingLink, workers/earlyUnlock Also fix submit.cfm qMeta.ItemID → qMeta.ID (column not in SELECT) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| abandonOrder.cfm | ||
| checkStatusUpdate.cfm | ||
| debugLineItems.cfm | ||
| getActiveCart.cfm | ||
| getCart.cfm | ||
| getDetail.cfm | ||
| getOrCreateCart.cfm | ||
| getPendingForUser.cfm | ||
| history.cfm | ||
| listForKDS.cfm | ||
| setLineItem.cfm | ||
| setOrderType.cfm | ||
| submit.cfm | ||
| updateStatus.cfm | ||