only process admin commands if bot is in room

This isn't exploitable in any way, it just meant that the bot could receive and run commands from users who were already in the admin room despite the bot not being in the room, which also means the bot would be unable to send response messages. Now, the bot will simply ignore admin room messages if the bot isn't in the admin room.
2025-12-16 23:31:24 +01:00 · 2024-06-12 20:48:06 -07:00 · 2024-06-12 20:48:06 -07:00 · 76b060aa84
commit 76b060aa84
parent b0d85bb575
1 changed files with 5 additions and 0 deletions
--- a/src/service/rooms/timeline.rs
+++ b/src/service/rooms/timeline.rs
@ -536,6 +536,11 @@ impl Service {
                        if to_admin_bot
                            && !from_admin_bot
                            && admin_room == pdu.room_id
+                            && services()
+                                .rooms
+                                .state_cache
+                                .is_joined(admin_bot, &admin_room)
+                                .unwrap_or(false)
                        {
                            services().admin.process_message(body);
                        }