# Digest 2: admin/handlers (remaining 15 files)

### admin/handlers/document_image_handler.go (245 lines)
- N+1: toResponse queries DB per image in List
- Same SortBy SQL injection

### admin/handlers/feature_benefit_handler.go (231 lines)
- `binding` tags instead of `validate` - required fields never enforced

### admin/handlers/limitations_handler.go (451 lines)
- Line 37: Unchecked Create error for default settings
- Line 191-197: UpdateTierLimits overwrites ALL fields even for partial updates

### admin/handlers/lookup_handler.go (877 lines)
- **CRITICAL**: Lines 30-32, 50-52, etc.: refreshXxxCache checks `if cache == nil {}` with EMPTY body, then calls cache.CacheXxx() — nil pointer panic when cache is nil
- Line 792: Hardcoded join table name "task_contractor_specialties"

### admin/handlers/notification_handler.go (419 lines)
- Line 351-363: HTML template built by string concatenation with user-provided subject/body — XSS in admin emails

### admin/handlers/notification_prefs_handler.go (347 lines)
- Line 154: Unchecked user lookup — deleted user produces zero-value username/email

### admin/handlers/onboarding_handler.go (343 lines)
- Line 304: Internal error details leaked to client

### admin/handlers/password_reset_code_handler.go (161 lines)
- **BUG**: Line 85: `code.ResetToken[:8] + "..." + code.ResetToken[len-4:]` panics if token < 8 chars

### admin/handlers/promotion_handler.go (304 lines)
- `binding` tags: required fields never enforced

### admin/handlers/residence_handler.go (371 lines)
- Lines 121-122: Unchecked Count errors for task/document counts

### admin/handlers/settings_handler.go (794 lines)
- Line 378: Raw SQL execution from seed files (no parameterization)
- Line 529-793: ClearAllData is destructive with no double-auth check
- Line 536-539: Panic in ClearAllData silently swallowed

### admin/handlers/share_code_handler.go (225 lines)
- Line 155-162: `IsActive` as non-pointer bool — absent field defaults to false, deactivating codes

### admin/handlers/subscription_handler.go (237 lines)
- **BUG**: Line 40-41: JOIN uses "users" but actual table is "auth_user" — query fails on PostgreSQL

### admin/handlers/task_handler.go (401 lines)
- Line 247-296: Admin Create bypasses service layer — no business logic applied

### admin/handlers/task_template_handler.go (347 lines)
- Lines 29-31: Same nil cache panic as lookup_handler.go