Bug 19061: Avoid SQL Injection vulnerability
[koha.git] / sms / sms.pl
blob5d599fb9395d3a64750c48ad2a7373dfdbbb15b6
1 #!/usr/bin/perl
3 use strict;
4 #use warnings; FIXME - Bug 2505
5 use CGI qw ( -utf8 );
6 use C4::SMS;
7 use C4::Output;
8 use C4::Auth;
10 my $query = new CGI;
11 my $message = $query->param( 'message' );
12 my $phone = $query->param( 'phone' );
13 my $operation = $query->param('operation');
14 my $result;
15 my $errorcode;
16 my ($template, $loggedinuser, $cookie)
17 = get_template_and_user({template_name => "sms/sms-home.tt",
18 query => $query,
19 type => "intranet",
20 authnotrequired => 0,
21 flagsrequired => {circulate => "circulate_remaining_permissions" },
22 debug => 1,
23 });
24 if ($operation eq "sendsms"){
25 $phone=parse_phone($phone);
26 if ($phone){
27 ##write to a queue and exit
28 my $me=C4::Context->userenv;
29 $result=write_sms($me->{cardnumber},$message,$phone);
30 } else {
31 $errorcode=-1104;
34 my $error=error_codes($errorcode);
35 $template->param(error=>$error);
36 output_html_with_http_headers $query, $cookie, $template->output;