From 11b481aebded461f1fa5716f321ec396e0a03783 Mon Sep 17 00:00:00 2001
From: osaajani <>
Date: Mon, 26 Sep 2022 17:17:41 +0200
Subject: [PATCH 1/3] add limit check to size of sms

---
 controllers/internals/Quota.php   |  2 +-
 controllers/publics/Api.php       | 10 ++++++++++
 controllers/publics/Scheduled.php | 14 ++++++++++++++
 models/Scheduled.php              |  2 ++
 templates/scheduled/add.php       |  2 +-
 templates/scheduled/edit.php      |  2 +-
 6 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/controllers/internals/Quota.php b/controllers/internals/Quota.php
index 2ada9c6..30d74f4 100644
--- a/controllers/internals/Quota.php
+++ b/controllers/internals/Quota.php
@@ -252,7 +252,7 @@ class Quota extends StandardController
             $renew_interval = $quota['renew_interval'] ?? 'P0D';
             $new_start_date = new \DateTime($quota['expiration_date']);
             $new_expiration_date = clone $new_start_date;
-            $new_expiration_date->add(new \DateInterval($quota['renew_interval']));
+            $new_expiration_date->add(new \DateInterval($renew_interval));
 
             $report = 0;
             if ($quota['report_unused'] && $unused_credit > 0)
diff --git a/controllers/publics/Api.php b/controllers/publics/Api.php
index ab870b6..92fb2ea 100644
--- a/controllers/publics/Api.php
+++ b/controllers/publics/Api.php
@@ -309,6 +309,16 @@ namespace controllers\publics;
                 return $this->json($return);
             }
 
+            if (mb_strlen($text) > \models\Scheduled::SMS_LENGTH_LIMIT)
+            {
+                $return = self::DEFAULT_RETURN;
+                $return['error'] = self::ERROR_CODES['INVALID_PARAMETER'];
+                $return['message'] = self::ERROR_MESSAGES['INVALID_PARAMETER'] . ' : text must be less than ' . \models\Scheduled::SMS_LENGTH_LIMIT . ' char.';
+                $this->auto_http_code(false);
+
+                return $this->json($return);
+            }
+
             if (!\controllers\internals\Tool::validate_date($at, 'Y-m-d H:i:s'))
             {
                 $return = self::DEFAULT_RETURN;
diff --git a/controllers/publics/Scheduled.php b/controllers/publics/Scheduled.php
index 0c1da65..2c6e0e3 100644
--- a/controllers/publics/Scheduled.php
+++ b/controllers/publics/Scheduled.php
@@ -328,6 +328,13 @@ namespace controllers\publics;
                 return $this->redirect(\descartes\Router::url('Scheduled', 'add'));
             }
 
+            if (mb_strlen($text) > \models\Scheduled::SMS_LENGTH_LIMIT)
+            {
+                \FlashMessage\FlashMessage::push('danger', 'Votre message doit faire moins de ' . \models\Scheduled::SMS_LENGTH_LIMIT . ' caractères.');
+
+                return $this->redirect(\descartes\Router::url('Scheduled', 'add'));
+            }
+
             if (!\controllers\internals\Tool::validate_date($at, 'Y-m-d H:i:s') && !\controllers\internals\Tool::validate_date($at, 'Y-m-d H:i'))
             {
                 \FlashMessage\FlashMessage::push('danger', 'Vous devez fournir une date valide.');
@@ -540,6 +547,13 @@ namespace controllers\publics;
                     return $this->redirect(\descartes\Router::url('Scheduled', 'add'));
                 }
 
+                if (mb_strlen($text) > \models\Scheduled::SMS_LENGTH_LIMIT)
+                {
+                    \FlashMessage\FlashMessage::push('danger', 'Votre message doit faire moins de ' . \models\Scheduled::SMS_LENGTH_LIMIT . ' caractères.');
+
+                    return $this->redirect(\descartes\Router::url('Scheduled', 'add'));
+                }
+
                 if (!\controllers\internals\Tool::validate_date($at, 'Y-m-d H:i:s') && !\controllers\internals\Tool::validate_date($at, 'Y-m-d H:i'))
                 {
                     continue;
diff --git a/models/Scheduled.php b/models/Scheduled.php
index 33e317b..75e7a15 100644
--- a/models/Scheduled.php
+++ b/models/Scheduled.php
@@ -13,6 +13,8 @@ namespace models;
 
     class Scheduled extends StandardModel
     {
+        const SMS_LENGTH_LIMIT = 1000;
+
         /**
          * Return numbers for a scheduled message.
          *
diff --git a/templates/scheduled/add.php b/templates/scheduled/add.php
index 81ed599..bd744de 100644
--- a/templates/scheduled/add.php
+++ b/templates/scheduled/add.php
@@ -49,7 +49,7 @@
                                         Vous pouvez obtenir une prévisualisation du résultat pour un contact, ainsi qu'une estimation du nombre de crédits qui seront utilisés par SMS, en cliquant sur le boutton <b>"Prévisualiser"</b>.
                                     </p>
                                 <?php } ?>
-                                <textarea name="text" class="form-control" required><?php $this->s($_SESSION['previous_http_post']['text'] ?? '') ?></textarea>
+                                <textarea name="text" class="form-control" required maxlength="<?= \models\Scheduled::SMS_LENGTH_LIMIT; ?>"><?php $this->s($_SESSION['previous_http_post']['text'] ?? '') ?></textarea>
                                 <?php if ($_SESSION['user']['settings']['templating']) { ?>
                                     <div class="scheduled-preview-container">
                                         <label>Prévisualiser pour : </label>
diff --git a/templates/scheduled/edit.php b/templates/scheduled/edit.php
index 34c5d72..e982389 100644
--- a/templates/scheduled/edit.php
+++ b/templates/scheduled/edit.php
@@ -47,7 +47,7 @@
                                                 Vous pouvez obtenir une prévisualisation du résultat pour un contact en cliquant sur le boutton <b>"Prévisualiser"</b>.
                                             </p>
                                         <?php } ?>
-										<textarea name="scheduleds[<?php $this->s($scheduled['id']); ?>][text]" class="form-control" required><?php $this->s($scheduled['text'], true); ?></textarea>
+										<textarea name="scheduleds[<?php $this->s($scheduled['id']); ?>][text]" class="form-control" required maxlength="<?= \models\Scheduled::SMS_LENGTH_LIMIT; ?>"><?php $this->s($scheduled['text'], true); ?></textarea>
                                         <?php if ($_SESSION['user']['settings']['templating']) { ?>
                                             <div class="scheduled-preview-container">
                                                 <label>Prévisualiser pour : </label>

From 5c5571d38ab78afbaded0bc87e476738dfec22ac Mon Sep 17 00:00:00 2001
From: osaajani <>
Date: Mon, 26 Sep 2022 17:18:15 +0200
Subject: [PATCH 2/3] up version

---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index c0c4025..d2613df 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v3.5.0
+v3.5.1

From ea744d31e28c03283ff6a6f2391a168b5fddbaf4 Mon Sep 17 00:00:00 2001
From: osaajani <>
Date: Mon, 26 Sep 2022 17:31:32 +0200
Subject: [PATCH 3/3] Check phone exists on callback reception

---
 VERSION                          | 2 +-
 controllers/publics/Callback.php | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index d2613df..ccedee9 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v3.5.1
+v3.5.2
diff --git a/controllers/publics/Callback.php b/controllers/publics/Callback.php
index a9c8fa0..aceed2d 100644
--- a/controllers/publics/Callback.php
+++ b/controllers/publics/Callback.php
@@ -155,6 +155,14 @@ use Monolog\Logger;
         {
             $this->logger->info('Callback reception call with adapter uid : ' . $adapter_uid);
 
+            $phone = $this->internal_phone->get_for_user($this->user['id'], $id_phone);
+            if (!$phone)
+            {
+                $this->logger->error('Callback reception use non existing phone : ' . $id_phone);
+
+                return false;
+            }
+
             //Search for an adapter
             $find_adapter = false;
             $adapters = $this->internal_adapter->list_adapters();