administration.lua: Fixed security flaw.

I have no idea why I wrote it that way or how it slipped past me.
This commit is contained in:
Drew 2016-03-31 17:48:20 -04:00
parent 381a363346
commit 25f95d5854

View File

@ -1117,10 +1117,11 @@ local action = function(msg)
for i,v in ipairs(commands) do for i,v in ipairs(commands) do
for key,val in pairs(v.triggers) do for key,val in pairs(v.triggers) do
if msg.text_lower:match(val) then if msg.text_lower:match(val) then
if msg.chat.type == 'private' then break end
if v.interior and not database.administration.groups[msg.chat.id_str] then if v.interior and not database.administration.groups[msg.chat.id_str] then
break break
end end
if msg.chat.type ~= 'private' and get_rank(msg.from.id, msg.chat.id) < v.privilege then if get_rank(msg.from.id, msg.chat.id) < v.privilege then
break break
end end
local res = v.action(msg, database.administration.groups[msg.chat.id_str]) local res = v.action(msg, database.administration.groups[msg.chat.id_str])