sms_sendtophone allows you to send SMS without confirming your number
jpmckinney - August 21, 2009 - 18:50
| Project: | SMS Framework |
| Version: | 6.x-2.x-dev |
| Component: | Send to Phone |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Jump to:
Description
sms_sendtophone_page() checks if the user has set a number but does not check if the number has been confirmed. Thus, users effectively have the 'send to any number' permission. This should be fixed. I've prepared a patch. This patch also includes my trivial fixes from #555922: Unreachable code: "You need need to setup your mobile phone to send messages" and #556002: Typo: repetition of "need" in sms_sendtophone_page().
| Attachment | Size |
|---|---|
| sms_sendtophone_page_fixes.patch | 1.38 KB |
#1
fine