3f15b0c8b6
Security: - orders/submit.cfm: parameterize IN clause (was string-interpolated) - auth/completeProfile.cfm: fix UserID → ID on Users table PK Environment-aware URLs: - Add application.baseUrl to config/environment.cfm - Replace all hardcoded https://biz.payfrit.com with application.baseUrl in: orders/getDetail, tasks/getDetails, auth/completeProfile, auth/avatar, stripe/onboard, users/search, workers/onboardingLink, workers/earlyUnlock Also fix submit.cfm qMeta.ItemID → qMeta.ID (column not in SELECT) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| accept.cfm | ||
| callServer.cfm | ||
| complete.cfm | ||
| completeChat.cfm | ||
| create.cfm | ||
| createChat.cfm | ||
| deleteCategory.cfm | ||
| deleteType.cfm | ||
| expireStaleChats.cfm | ||
| getDetails.cfm | ||
| listAllTypes.cfm | ||
| listCategories.cfm | ||
| listMine.cfm | ||
| listPending.cfm | ||
| listTypes.cfm | ||
| reorderTypes.cfm | ||
| saveCategory.cfm | ||
| saveType.cfm | ||
| seedCategories.cfm | ||
| setup.cfm | ||