z-push 2.7.6 DOS against SoGo caldav / carddav despite having sync-collection disabled #184
Description
When using SoGo as the carddav / caldav backend, even with define('CARDDAV_SUPPORTS_SYNC', false); set, devices continuously poll every second for carddav / caldav data and also causes the following error in the sogod log :
[SOGoAppointmentFolder]:personal> DAV property '{DAV:}getlastmodified' has no matching SQL field, response could be incomplete
I beleive this is due to this function <D:getlastmodified/> in the CalDAV and CardDAV request bodies. SOGo does not support this property on calendar or contact folders, so it returns empty values.
I think this causes three cascading problems:
the CalDAV change detection logic treats every empty getlastmodified as a new change and loops continuously
the CardDAV change detection falls back to comparing full XML response strings which never match due to the missing field, which triggers a full download of every user's entire contacts collection on every poll cycle
Both problems are multiplied across every connected device simultaneously. On a server with 8 users and 16 devices this drove load average from a normal 0.3 up to 3.0.
With help from claude.ai I came up with a solution that works for me, by removing <D:getlastmodified/> from all four affected request bodies in z_caldav.php and z_carddav.php, adding empty-value guards to the CalDAV sinkmax comparisons in caldav.php, and replacing the full-XML strcmp() change detection in carddav.php with a etag-only comparison.
Obviously the getlastmodified is a better solution, and this is only to work around the broken implementation of caldav / carddav in Sogo - I'm posting this for anyone else in the same situation as myself, as the SoGo developers seem unmotivated to fix their code, since this support has been missing a very long time.
Caution: the patch is AI generated, may be slop, may cause unintended consequences, but it works for me by significantly reducing load on the server, conserving device battery and stopping the sogod log from filling the entire disk.