Commit Graph

2 Commits

Author SHA1 Message Date
myron bb21fca399 Security: block direct upload access, fix view-doc path traversal guard
- uploads/.htaccess: deny all direct web access to uploaded customer docs
- admin/view-doc.php: add realpath() path-traversal check (mirrors view-doc.php)
- admin/view-doc.php: remove dead double-query (result was always overwritten)
- .gitignore: uploads/* wildcard so .htaccess can be tracked
2026-06-13 14:20:41 +00:00
myron 072272104e Migrate to parkerslingshotrentals.com domain
- db.php: SITE_URL -> https://www.parkerslingshotrentals.com
- db.php: add ADMIN_PHONE (817) 266-2022
- index.html, contact.php, admin/index.php: fix placeholder phone 555-0199 -> 266-2022
- admin/view-doc.php: new secure doc viewer (URL-token auth, bookings table)
- upload-docs.php, view-doc.php: added from subdomain (already used db.php/bookings)
2026-06-08 17:23:40 +00:00