Only allow member usernames as argument to sendsms

diff --git a/Commands/SMS.pm b/Commands/SMS.pm
index 1b28dc71f094b157c1879ad78ab084317b8fa73a..265384ddd9dae941b2e6c1f5d266d028fb3a5838 100644 (file)
--- a/Commands/SMS.pm
+++ b/Commands/SMS.pm
@@ -43,8 +43,10 @@ sub sendsms
        if ($number =~ /^\+([1-9]\d+)$/){
                $number = $1;
        }else{
-               my ($sms) = $dbh->selectrow_array(q{SELECT sms FROM users WHERE username ilike $1}
-                       ,undef,$number);
+               my ($sms) = $dbh->selectrow_array(q{
+SELECT sms FROM users WHERE username ilike $1
+       AND uid IN (SELECT uid FROM groupmembers WHERE gid = 2)
+                       },undef,$number);
                $sms //= 'No number, or invalid user';
                if ($sms =~ /^\+([1-9]\d+)$/){
                        $number = $1;