LOW: LIVE constant interpolated into SQL queries in payments.js #81
Labels
No Label
architecture
backend
bug
feature
frontend
priority:critical
priority:high
priority:low
priority:medium
priority:nice-to-have
ux
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: null/BillTracker#81
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Bug Description
routes/payments.js:9 defines const LIVE = deleted_at IS NULL and interpolates it into multiple SQL queries via template literals (e.g., ...p.${LIVE}...). While the value is hardcoded and not user-controlled, this pattern makes future modifications riskier. A parameterized approach would be safer by construction.
Affected Files
Recommended Fix
Replace with a parameterized approach or at minimum add a comment explaining the constant is intentionally hardcoded.