diff --git a/lib/Bot/BB3/PluginManager.pm b/lib/Bot/BB3/PluginManager.pm
index 5097e1b..46042a7 100644
--- a/lib/Bot/BB3/PluginManager.pm
+++ b/lib/Bot/BB3/PluginManager.pm
@@ -68,12 +68,17 @@ sub get_plugins {
 }
 
 sub get_plugin {
-	my( $self, $name ) = @_;
+	my( $self, $name, $said ) = @_;
 
 	# Loops are cool.
 	# O(n) but nobody cares because it's rarely used.
 	# HA HA THIS IS A LIE.
-	for( @{ $self->{plugins} } ) {
+
+	#this fixes a security flaw, but not completely because i'm lazy right now
+        my $filtered =  $self->{plugins}; 
+	$filtered = $self->_filter_plugin_list($said, $filtered) if ($said);
+
+	for( @{$filtered} ) {
 		if( $name eq $_->{name} ) { 
 			return $_;
 		}
diff --git a/plugins/compose.pm b/plugins/compose.pm
index c4fd302..2cd5a79 100644
--- a/plugins/compose.pm
+++ b/plugins/compose.pm
@@ -89,7 +89,7 @@ sub runplugin {
 		return( 0, "Error, cannot parse call to find command name, probably empty call in compose" );
 	defined($body) or $body = "";
 	
-	my $plugin = $pm->get_plugin( $cmd )
+	my $plugin = $pm->get_plugin( $cmd, $said )
 		or return( 0, "Compose failed to find a plugin named: $cmd" );
 
 	local $said->{body} = $body;
diff --git a/plugins/factoids.pm b/plugins/factoids.pm
index 8521164..57072dc 100644
--- a/plugins/factoids.pm
+++ b/plugins/factoids.pm
@@ -456,7 +456,7 @@ sub basic_get_fact {
 
 	if( $fact->{predicate} =~ /\S/ ) {
 		if( $fact->{compose_macro} ) {
-			my $plugin = $pm->get_plugin("compose");
+			my $plugin = $pm->get_plugin("compose", $said);
 			
 			local $said->{macro_arg} = $arg;
 			local $said->{body} = $fact->{predicate};
diff --git a/plugins/help.pm b/plugins/help.pm
index db6551e..53cc1a1 100644
--- a/plugins/help.pm
+++ b/plugins/help.pm
@@ -6,7 +6,7 @@ sub {
 	my $plugin_name = $said->{recommended_args}->[0];
 
 	if( length $plugin_name ) {
-		my $plugin = $pm->get_plugin( $plugin_name );
+		my $plugin = $pm->get_plugin( $plugin_name, $said );
 
 		if( $plugin ) {
 			print $plugin->{help_text};