From b18f1a09f59424a36f6de5aa7c30e6f27405c15d Mon Sep 17 00:00:00 2001
From: Hivert Quentin <quentin.hivert.fr@gmail.com>
Date: Tue, 26 May 2026 10:30:02 +0200
Subject: [PATCH] fix(event): clean import of event

---
 SoObjects/Appointments/SOGoAppointmentFolder.m | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/SoObjects/Appointments/SOGoAppointmentFolder.m b/SoObjects/Appointments/SOGoAppointmentFolder.m
index f18c7ad77..f958eab51 100644
--- a/SoObjects/Appointments/SOGoAppointmentFolder.m
+++ b/SoObjects/Appointments/SOGoAppointmentFolder.m
@@ -3521,6 +3521,15 @@ firstInstanceCalendarDateRange: (NGCalendarDateRange *) fir
           timezone = nil;
           element = [components objectAtIndex: i];
 
+          //remove all attenddees, change organisator and change uid
+          //If we do not clean up, any user could impersonate someone by importing a malicious .ics
+          //and send notificaitons to attenddes or remove their event (as SOGo think the user has the rights to do so)
+          [element removeAllAttendees];
+          [element setOrganizer: nil];
+          [element setUid: [self globallyUniqueObjectId]];
+
+
+
           if ([element isKindOfClass: iCalEventK])
             {
               event = (iCalEvent *)element;