When a user initially enters their phone number to confirm it with the system, the phone number is not properly escaped when the confirmation message is sent. A phone number of "(123) 456-7890" should be translated into "1234567890" before sending the confirmation message. However, this does not happen. The problem is here:

function sms_user_send_confirmation($account, $number, $options) {
  $code = rand(1000, 9999);
  $data[0] = array(
    'number'  => sms_formatter($number),
    'status'  => 1,
    'code'    => $code,
    'gateway' => $options,
  user_save($account, array('sms_user' => $data), 'mobile');
  sms_send($number, _sms_user_confirm_message($code), $options);

The sms_formatter function, which removes invalid characters, is run on the number stored for the user, but not on the number used to send the confirmation. Because of this, the message is not sent correctly.

#1 sms_framework-439506-1.patch476 bytespathfinderelite
Members fund testing for the Drupal project. Drupal Association Learn more


pathfinderelite’s picture

Status: Active » Needs review
476 bytes

Here is a patch

Will White’s picture

Status: Needs review » Fixed

Committed to all active branches. Thanks for your help, pathfinderelite!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

BenK’s picture

Need to keep track of this thread...

  • Commit a1220b0 on 6.x-2.x, 8.x-1.x by Will White:
    Bug #439506 by pathfinderelite: Fixed bug that would cause confirmation...