From 85f2e737a401063be13d15645afd9520f6b421cc Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Fri, 10 Aug 2012 22:18:08 +0200
Subject: [PATCH] Disable listening, instead checking the ACL to prevent DoS

---
 apps/calendar/appinfo/remote.php | 11 +++++------
 apps/contacts/appinfo/remote.php | 11 ++++-------
 2 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/apps/calendar/appinfo/remote.php b/apps/calendar/appinfo/remote.php
index 71f1f378ae4..39f8f83b168 100644
--- a/apps/calendar/appinfo/remote.php
+++ b/apps/calendar/appinfo/remote.php
@@ -21,22 +21,21 @@ $principalBackend = new OC_Connector_Sabre_Principal();
 $caldavBackend    = new OC_Connector_Sabre_CalDAV();
 
 // Root nodes
-$nodes = array(
-	new Sabre_CalDAV_Principal_Collection($principalBackend),
+$collection = new Sabre_CalDAV_Principal_Collection($principalBackend); $collection->disableListing = true; // Disable listening
+$nodes = array( 
+	$collection, 
 	new Sabre_CalDAV_CalendarRootNode($principalBackend, $caldavBackend),
-);
+	);
 
 // Fire up server
 $server = new Sabre_DAV_Server($nodes);
 $server->setBaseUri($baseuri);
 // Add plugins
-$aclPlugin = new Sabre_DAVACL_Plugin();
-$aclPlugin->hideNodesFromListings = true;
-$server->addPlugin($aclPlugin);
 $server->addPlugin(new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud'));
 $server->addPlugin(new Sabre_CalDAV_Plugin());
 $server->addPlugin(new Sabre_DAVACL_Plugin());
 $server->addPlugin(new Sabre_DAV_Browser_Plugin(false)); // Show something in the Browser, but no upload
 $server->addPlugin(new Sabre_CalDAV_ICSExportPlugin());
+
 // And off we go!
 $server->exec();
diff --git a/apps/contacts/appinfo/remote.php b/apps/contacts/appinfo/remote.php
index a095f0f37fb..011938e2cf3 100644
--- a/apps/contacts/appinfo/remote.php
+++ b/apps/contacts/appinfo/remote.php
@@ -36,19 +36,16 @@ $principalBackend = new OC_Connector_Sabre_Principal();
 $carddavBackend   = new OC_Connector_Sabre_CardDAV();
 
 // Root nodes
-$nodes = array(
-	new Sabre_CalDAV_Principal_Collection($principalBackend),
+$collection = new Sabre_CalDAV_Principal_Collection($principalBackend); $collection->disableListing = true; // Disable listening
+$nodes = array( 
+	$collection, 
 	new Sabre_CardDAV_AddressBookRoot($principalBackend, $carddavBackend),
-);
+	);
 
 // Fire up server
-
 $server = new Sabre_DAV_Server($nodes);
 $server->setBaseUri($baseuri);
 // Add plugins
-$aclPlugin = new Sabre_DAVACL_Plugin();
-$aclPlugin->hideNodesFromListings = true;
-$server->addPlugin($aclPlugin);
 $server->addPlugin(new Sabre_DAV_Auth_Plugin($authBackend, 'ownCloud'));
 $server->addPlugin(new Sabre_CardDAV_Plugin());
 $server->addPlugin(new Sabre_DAVACL_Plugin());
-- 
GitLab