Index: modules/contact/contact.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.module,v
retrieving revision 1.112
diff -u -p -r1.112 contact.module
--- modules/contact/contact.module	8 Mar 2009 05:08:22 -0000	1.112
+++ modules/contact/contact.module	20 Apr 2009 23:24:18 -0000
@@ -116,15 +116,11 @@ function contact_menu() {
  */
 function _contact_user_tab_access($account) {
   global $user;
-  if (!isset($account->contact)) {
-    $account->contact = FALSE;
-  }
-  return
-    $account && $user->uid &&
-    (
-      ($user->uid != $account->uid && $account->contact) ||
-      user_access('administer users')
-    );
+
+  // The user's contact form can be accessed if the current user is logged in,
+  // and the contacting user has enabled their contact form or the current user
+  // has the 'administer users' permission.
+  return $user->uid && (!empty($account->contact) || user_access('administer users'));
 }
 
 /**
@@ -141,15 +137,17 @@ function contact_load($cid) {
  */
 function contact_user_form(&$edit, &$user, $category = NULL) {
   if ($category == 'account') {
-    $form['contact'] = array('#type' => 'fieldset',
+    $form['contact'] = array(
+      '#type' => 'fieldset',
       '#title' => t('Contact settings'),
       '#weight' => 5,
       '#collapsible' => TRUE,
     );
-    $form['contact']['contact'] = array('#type' => 'checkbox',
+    $form['contact']['contact'] = array(
+      '#type' => 'checkbox',
       '#title' => t('Personal contact form'),
-      '#default_value' => !empty($edit['contact']) ? $edit['contact'] : FALSE,
-      '#description' => t('Allow other users to contact you by e-mail via <a href="@url">your personal contact form</a>. Note that while your e-mail address is not made public to other members of the community, privileged users such as site administrators are able to contact you even if you choose not to enable this feature.', array('@url' => url("user/$user->uid/contact"))),
+      '#default_value' => !empty($edit['contact']),
+      '#description' => t('Allow other users to contact you by e-mail via your personal contact form. Note that while your e-mail address is not made public to other members of the community, privileged users such as site administrators are able to contact you even if you choose not to enable this feature.'),
     );
     return $form;
   }
Index: modules/contact/contact.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.pages.inc,v
retrieving revision 1.16
diff -u -p -r1.16 contact.pages.inc
--- modules/contact/contact.pages.inc	8 Mar 2009 05:08:22 -0000	1.16
+++ modules/contact/contact.pages.inc	20 Apr 2009 23:24:18 -0000
@@ -179,31 +179,53 @@ function contact_user_page($account) {
 function contact_mail_user(&$form_state, $recipient) {
   global $user;
   $form['#token'] = $user->name . $user->mail;
-  $form['recipient'] = array('#type' => 'value', '#value' => $recipient);
-  $form['from'] = array('#type' => 'item',
+  $form['recipient'] = array(
+    '#type' => 'value',
+    '#value' => $recipient,
+  );
+  $form['from'] = array(
+    '#type' => 'item',
     '#title' => t('From'),
     '#markup' => check_plain($user->name) . ' &lt;' . check_plain($user->mail) . '&gt;',
   );
-  $form['to'] = array('#type' => 'item',
+  $form['to'] = array(
+    '#type' => 'item',
     '#title' => t('To'),
     '#markup' => check_plain($recipient->name),
   );
-  $form['subject'] = array('#type' => 'textfield',
+  $form['subject'] = array(
+    '#type' => 'textfield',
     '#title' => t('Subject'),
     '#maxlength' => 50,
     '#required' => TRUE,
   );
-  $form['message'] = array('#type' => 'textarea',
+  $form['message'] = array(
+    '#type' => 'textarea',
     '#title' => t('Message'),
     '#rows' => 15,
     '#required' => TRUE,
   );
-  $form['copy'] = array('#type' => 'checkbox',
+  $form['copy'] = array(
+    '#type' => 'checkbox',
     '#title' => t('Send yourself a copy.'),
   );
-  $form['submit'] = array('#type' => 'submit',
+  $form['submit'] = array(
+    '#type' => 'submit',
     '#value' => t('Send e-mail'),
   );
+  
+  // If the current and contacted users are the same, disable the form and
+  // display a warning.
+  if ($user->uid == $recipient->uid) {
+    $form['warning'] = array(
+      '#prefix' => '<div class="warning">',
+      '#markup' => t('For security reasons, you cannot use your own contact form.'),
+      '#suffix' => '</div>',
+      '#weight' => -10,
+    );
+    $form['submit']['#access'] = FALSE;
+  }
+
   return $form;
 }
 
Index: modules/contact/contact.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.test,v
retrieving revision 1.17
diff -u -p -r1.17 contact.test
--- modules/contact/contact.test	5 Apr 2009 12:10:56 -0000	1.17
+++ modules/contact/contact.test	20 Apr 2009 23:24:18 -0000
@@ -289,11 +289,18 @@ class ContactPersonalTestCase extends Dr
     // Create web users and attempt to use personal contact forms with default set to true.
     $web_user1 = $this->drupalCreateUser(array());
     $web_user2 = $this->drupalCreateUser(array());
-
     $this->drupalLogin($web_user1);
 
+    // Test that the user cannot submit their own contact form.
+    $this->drupalGet('user/' . $web_user1->uid . '/contact');
+    $this->assertResponse(200);
+    $this->assertText('For security reasons, you cannot use your own contact form.');
+    $this->assertNoFieldByName('op', t('Send e-mail'));
+
+    // Test that the user can access another user's contact form.
     $this->drupalGet('user/' . $web_user2->uid . '/contact');
-    $this->assertResponse(200, t('Access to personal contact form granted.'));
+    $this->assertResponse(200);
+    $this->assertFieldByName('op', t('Send e-mail'));
 
     $edit = array();
     $edit['subject'] = $this->randomName(16);