From 8b4156beba9e081c4e2066ccedc232128dcb4fad Mon Sep 17 00:00:00 2001
From: Simon Eisenmann <simon@struktur.de>
Date: Wed, 28 May 2014 15:43:22 +0200
Subject: [PATCH] Do not allow to send contact requests to own userid sessions.

---
 src/app/spreed-webrtc-server/hub.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/app/spreed-webrtc-server/hub.go b/src/app/spreed-webrtc-server/hub.go
index b86cab30..15a1cb0f 100644
--- a/src/app/spreed-webrtc-server/hub.go
+++ b/src/app/spreed-webrtc-server/hub.go
@@ -492,6 +492,9 @@ func (h *Hub) contactrequestHandler(c *Connection, to string, cr *DataContactReq
 			if bSessionData.Userid == "" {
 				return errors.New("to has no userid")
 			}
+			if bSessionData.Userid == aSessionData.Userid {
+				return errors.New("to userid cannot be the same as own userid")
+			}
 			// Create object.
 			contact := &Contact{aSessionData.Userid, bSessionData.Userid, false}
 			// Serialize.