administration.lua: Fixed security flaw.

I have no idea why I wrote it that way or how it slipped past me.
2016-03-31 17:48:20 -04:00 · 2016-03-31 17:48:20 -04:00 · 25f95d5854
commit 25f95d5854
parent 381a363346
1 changed files with 2 additions and 1 deletions
--- a/plugins/administration.lua
+++ b/plugins/administration.lua
@ -1117,10 +1117,11 @@ local action = function(msg)
 	for i,v in ipairs(commands) do
 		for key,val in pairs(v.triggers) do
 			if msg.text_lower:match(val) then
+				if msg.chat.type == 'private' then break end
 				if v.interior and not database.administration.groups[msg.chat.id_str] then
 					break
 				end
-				if msg.chat.type ~= 'private' and get_rank(msg.from.id, msg.chat.id) < v.privilege then
+				if get_rank(msg.from.id, msg.chat.id) < v.privilege then
 					break
 				end
 				local res = v.action(msg, database.administration.groups[msg.chat.id_str])