Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When a user initially enters their phone number to confirm it with the system, the phone number is not properly escaped when the confirmation message is sent. A phone number of "(123) 456-7890" should be translated into "1234567890" before sending the confirmation message. However, this does not happen. The problem is here:
function sms_user_send_confirmation($account, $number, $options) {
$code = rand(1000, 9999);
$data[0] = array(
'number' => sms_formatter($number),
'status' => 1,
'code' => $code,
'gateway' => $options,
);
user_save($account, array('sms_user' => $data), 'mobile');
sms_send($number, _sms_user_confirm_message($code), $options);
}
The sms_formatter
function, which removes invalid characters, is run on the number stored for the user, but not on the number used to send the confirmation. Because of this, the message is not sent correctly.
Comment | File | Size | Author |
---|---|---|---|
#1 | sms_framework-439506-1.patch | 476 bytes | pathfinderelite |
Comments
Comment #1
pathfinderelite CreditAttribution: pathfinderelite commentedHere is a patch
Comment #2
Will White CreditAttribution: Will White commentedCommitted to all active branches. Thanks for your help, pathfinderelite!
Comment #4
BenK CreditAttribution: BenK commentedNeed to keep track of this thread...