The server message broadcast functionality advertises that, when provided with a full JID, it will broadcast the message only if there's a session for that address.
The implementation, however, seems to broadcast the message to all users when the node-part of the provided address (which could be a remote JID) does not match an existing local user.
I don't believe this functionality is actually used. I found the issue when chasing down (which also affected this code, by performing a potentially costly, undesirable lookup of a remote JID).
The server message broadcast functionality advertises that, when provided with a full JID, it will broadcast the message only if there's a session for that address.
The implementation, however, seems to broadcast the message to all users when the node-part of the provided address (which could be a remote JID) does not match an existing local user.
I don't believe this functionality is actually used. I found the issue when chasing down (which also affected this code, by performing a potentially costly, undesirable lookup of a remote JID).