From 10de7a92e4164bf61a78d4cb44bb5cc9770557de Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Thu, 14 May 2015 13:53:02 -0400
Subject: [PATCH] dont let joining other uid rooms

---
 public/src/app.js     | 10 +++++++---
 src/socket.io/meta.js |  5 +++++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/public/src/app.js b/public/src/app.js
index c2c1f179f0..c09f8c6cd4 100644
--- a/public/src/app.js
+++ b/public/src/app.js
@@ -169,7 +169,8 @@ app.cacheBuster = null;
 		});
 	};
 
-	app.enterRoom = function (room) {
+	app.enterRoom = function (room, callback) {
+		callback = callback || function() {};
 		if (socket) {
 			if (app.currentRoom === room) {
 				return;
@@ -180,9 +181,12 @@ app.cacheBuster = null;
 				username: app.user.username,
 				userslug: app.user.userslug,
 				picture: app.user.picture
+			}, function(err) {
+				if (err) {
+					app.alertError(err.message);
+				}
+				app.currentRoom = room;
 			});
-
-			app.currentRoom = room;
 		}
 	};
 
diff --git a/src/socket.io/meta.js b/src/socket.io/meta.js
index 12ac8279c8..d6fdea73cb 100644
--- a/src/socket.io/meta.js
+++ b/src/socket.io/meta.js
@@ -54,10 +54,15 @@ SocketMeta.rooms.enter = function(socket, data, callback) {
 	if (!socket.uid) {
 		return;
 	}
+
 	if (!data) {
 		return callback(new Error('[[error:invalid-data]]'));
 	}
 
+	if (data.enter && data.enter.startsWith('uid_') && data.enter !== 'uid_' + socket.uid) {
+		return callback(new Error('[[error:not-allowed]]'));
+	}
+
 	if (socket.currentRoom) {
 		rooms.leave(socket, socket.currentRoom);
 		if (socket.currentRoom.indexOf('topic') !== -1) {