fixing massive security bug

lib/Bot/BB3/PluginManager.pm

@@ -68,12 +68,17 @@ sub get_plugins {
 }
 
 sub get_plugin {
-	my( $self, $name ) = @_;
+	my( $self, $name, $said ) = @_;
 
 	# Loops are cool.
 	# O(n) but nobody cares because it's rarely used.
 	# HA HA THIS IS A LIE.
-	for( @{ $self->{plugins} } ) {
+
+	#this fixes a security flaw, but not completely because i'm lazy right now
+        my $filtered =  $self->{plugins}; 
+	$filtered = $self->_filter_plugin_list($said, $filtered) if ($said);
+
+	for( @{$filtered} ) {
 		if( $name eq $_->{name} ) { 
 			return $_;
 		}

plugins/compose.pm

@@ -89,7 +89,7 @@ sub runplugin {
 		return( 0, "Error, cannot parse call to find command name, probably empty call in compose" );
 	defined($body) or $body = "";
 	
-	my $plugin = $pm->get_plugin( $cmd )
+	my $plugin = $pm->get_plugin( $cmd, $said )
 		or return( 0, "Compose failed to find a plugin named: $cmd" );
 
 	local $said->{body} = $body;

plugins/factoids.pm

@@ -456,7 +456,7 @@ sub basic_get_fact {
 
 	if( $fact->{predicate} =~ /\S/ ) {
 		if( $fact->{compose_macro} ) {
-			my $plugin = $pm->get_plugin("compose");
+			my $plugin = $pm->get_plugin("compose", $said);
 			
 			local $said->{macro_arg} = $arg;
 			local $said->{body} = $fact->{predicate};

plugins/help.pm

@@ -6,7 +6,7 @@ sub {
 	my $plugin_name = $said->{recommended_args}->[0];
 
 	if( length $plugin_name ) {
-		my $plugin = $pm->get_plugin( $plugin_name );
+		my $plugin = $pm->get_plugin( $plugin_name, $said );
 
 		if( $plugin ) {
 			print $plugin->{help_text};