From: Michael Andreen <harv@ruin.nu>
Date: Sun, 12 Jul 2009 22:42:43 +0000 (+0200)
Subject: Only allow member usernames as argument to sendsms
X-Git-Url: https://ruin.nu/git/?a=commitdiff_plain;h=0d4a78b3ab6832ec8c551a08aa7bcf668f645b03;p=NDIRC.git

Only allow member usernames as argument to sendsms
---

diff --git a/Commands/SMS.pm b/Commands/SMS.pm
index 1b28dc7..265384d 100644
--- a/Commands/SMS.pm
+++ b/Commands/SMS.pm
@@ -43,8 +43,10 @@ sub sendsms
 	if ($number =~ /^\+([1-9]\d+)$/){
 		$number = $1;
 	}else{
-		my ($sms) = $dbh->selectrow_array(q{SELECT sms FROM users WHERE username ilike $1}
-			,undef,$number);
+		my ($sms) = $dbh->selectrow_array(q{
+SELECT sms FROM users WHERE username ilike $1
+	AND uid IN (SELECT uid FROM groupmembers WHERE gid = 2)
+			},undef,$number);
 		$sms //= 'No number, or invalid user';
 		if ($sms =~ /^\+([1-9]\d+)$/){
 			$number = $1;