From 25f95d585483b045c613b5439e6c6d53929f2205 Mon Sep 17 00:00:00 2001 From: Drew Date: Thu, 31 Mar 2016 17:48:20 -0400 Subject: [PATCH] administration.lua: Fixed security flaw. I have no idea why I wrote it that way or how it slipped past me. --- plugins/administration.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/administration.lua b/plugins/administration.lua index fe5a401..0080e93 100644 --- a/plugins/administration.lua +++ b/plugins/administration.lua @@ -1117,10 +1117,11 @@ local action = function(msg) for i,v in ipairs(commands) do for key,val in pairs(v.triggers) do if msg.text_lower:match(val) then + if msg.chat.type == 'private' then break end if v.interior and not database.administration.groups[msg.chat.id_str] then break end - if msg.chat.type ~= 'private' and get_rank(msg.from.id, msg.chat.id) < v.privilege then + if get_rank(msg.from.id, msg.chat.id) < v.privilege then break end local res = v.action(msg, database.administration.groups[msg.chat.id_str])