From a0e5ae59eae4a3dda0870e8cc6efce2beb78604a Mon Sep 17 00:00:00 2001
From: Adam Shimali <adam.shimali@gmail.com>
Date: Thu, 14 Jan 2016 10:26:18 +0000
Subject: [PATCH] Added abort 400 in case of recipients param being missing.

---
 app/main/views/sms.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/main/views/sms.py b/app/main/views/sms.py
index a3492c585..d5ca29981 100644
--- a/app/main/views/sms.py
+++ b/app/main/views/sms.py
@@ -11,7 +11,8 @@ from flask import (
     url_for,
     session,
     flash,
-    current_app
+    current_app,
+    abort
 )
 
 from flask_login import login_required
@@ -75,6 +76,8 @@ def sendsms(service_id):
 def checksms(service_id):
     if request.method == 'GET':
         filename = request.args.get('recipients')
+        if not filename:
+            abort(400)
         filepath = os.path.join(current_app.config['UPLOAD_FOLDER'],
                                 filename)
         upload_result = _build_upload_result(filepath)