From 0d4a78b3ab6832ec8c551a08aa7bcf668f645b03 Mon Sep 17 00:00:00 2001
From: Michael Andreen <harv@ruin.nu>
Date: Mon, 13 Jul 2009 00:42:43 +0200
Subject: [PATCH] Only allow member usernames as argument to sendsms

---
 Commands/SMS.pm | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Commands/SMS.pm b/Commands/SMS.pm
index 1b28dc7..265384d 100644
--- a/Commands/SMS.pm
+++ b/Commands/SMS.pm
@@ -43,8 +43,10 @@ sub sendsms
 	if ($number =~ /^\+([1-9]\d+)$/){
 		$number = $1;
 	}else{
-		my ($sms) = $dbh->selectrow_array(q{SELECT sms FROM users WHERE username ilike $1}
-			,undef,$number);
+		my ($sms) = $dbh->selectrow_array(q{
+SELECT sms FROM users WHERE username ilike $1
+	AND uid IN (SELECT uid FROM groupmembers WHERE gid = 2)
+			},undef,$number);
 		$sms //= 'No number, or invalid user';
 		if ($sms =~ /^\+([1-9]\d+)$/){
 			$number = $1;
-- 
2.39.2