Spelling mistake

[squirrelmail.git] / config / conf.pl

diff --git a/config/conf.pl b/config/conf.pl
index 444d9c683bfdda306fdf7dcc9e9fc8dce90cdcb0..55449a17511e771ff43d94f4f18cfa9294beb91e 100755 (executable)
--- a/config/conf.pl
+++ b/config/conf.pl
@@ -1,7 +1,7 @@
 #!/usr/bin/env perl
 # conf.pl
 #
 #!/usr/bin/env perl
 # conf.pl
 #

-# Copyright (c) 1999-2007 The SquirrelMail Project Team
+# Copyright (c) 1999-2012 The SquirrelMail Project Team

 # Licensed under the GNU GPL. For full terms see COPYING.
 #
 # A simple configure script to configure SquirrelMail
 # Licensed under the GNU GPL. For full terms see COPYING.
 #
 # A simple configure script to configure SquirrelMail


@@ -491,6 +491,8 @@ $icon_theme_def = ''                   if ( !$icon_theme_def );
 $disable_plugins = 'false'             if ( !$disable_plugins );
 $disable_plugins_user = ''             if ( !$disable_plugins_user );
 $only_secure_cookies = 'true'          if ( !$only_secure_cookies );
 $disable_plugins = 'false'             if ( !$disable_plugins );
 $disable_plugins_user = ''             if ( !$disable_plugins_user );
 $only_secure_cookies = 'true'          if ( !$only_secure_cookies );

+$disable_security_tokens = 'false'     if ( !$disable_security_tokens );
+$check_referrer = ''                   if ( !$check_referrer );

 $ask_user_info = 'true'                if ( !$ask_user_info );
 
 if ( $ARGV[0] eq '--install-plugin' ) {
 $ask_user_info = 'true'                if ( !$ask_user_info );
 
 if ( $ARGV[0] eq '--install-plugin' ) {


@@ -543,11 +545,12 @@ $list_supported_imap_servers =
     "    hmailserver = hMailServer\n" .
     "    macosx      = Mac OS X Mailserver\n" .
     "    mercury32   = Mercury/32\n" .
     "    hmailserver = hMailServer\n" .
     "    macosx      = Mac OS X Mailserver\n" .
     "    mercury32   = Mercury/32\n" .

-    "    uw          = University of Washington's IMAP server\n";
+    "    uw          = University of Washington's IMAP server\n" .
+    "    gmail       = IMAP access to Google mail (Gmail) accounts\n";

 
 #####################################################################################
 if ( $config_use_color == 1 ) {
 
 #####################################################################################
 if ( $config_use_color == 1 ) {

-    $WHT = "\x1B[37;1m";
+    $WHT = "\x1B[1m";

     $NRM = "\x1B[0m";
 } else {
     $WHT              = "";
     $NRM = "\x1B[0m";
 } else {
     $WHT              = "";


@@ -720,6 +723,8 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) {
         print "15. Time zone configuration      : $WHT$time_zone_type$NRM\n";
         print "16. Location base                : $WHT$config_location_base$NRM\n";
         print "17. Only secure cookies if poss. : $WHT$only_secure_cookies$NRM\n";
         print "15. Time zone configuration      : $WHT$time_zone_type$NRM\n";
         print "16. Location base                : $WHT$config_location_base$NRM\n";
         print "17. Only secure cookies if poss. : $WHT$only_secure_cookies$NRM\n";

+        print "18. Disable secure forms         : $WHT$disable_security_tokens$NRM\n";
+        print "19. Page referal requirement     : $WHT$check_referrer$NRM\n";

         print "\n";
         print "R   Return to Main Menu\n";
     } elsif ( $menu == 5 ) {
         print "\n";
         print "R   Return to Main Menu\n";
     } elsif ( $menu == 5 ) {


@@ -906,7 +911,7 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) {
             $NRM              = "";
         } else {
             $config_use_color = 1;
             $NRM              = "";
         } else {
             $config_use_color = 1;

-            $WHT              = "\x1B[37;1m";
+            $WHT              = "\x1B[1m";

             $NRM              = "\x1B[0m";
         }
     } elsif ( $command =~ /^w([0-9]+)/ ) {
             $NRM              = "\x1B[0m";
         }
     } elsif ( $command =~ /^w([0-9]+)/ ) {


@@ -994,6 +999,8 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) {
             elsif ( $command == 15 ) { $time_zone_type           = command318(); }
             elsif ( $command == 16 ) { $config_location_base     = command_config_location_base(); }
             elsif ( $command == 17 ) { $only_secure_cookies = command319(); }
             elsif ( $command == 15 ) { $time_zone_type           = command318(); }
             elsif ( $command == 16 ) { $config_location_base     = command_config_location_base(); }
             elsif ( $command == 17 ) { $only_secure_cookies = command319(); }

+            elsif ( $command == 18 ) { $disable_security_tokens  = command320(); }
+            elsif ( $command == 19 ) { $check_referrer           = command321(); }

         } elsif ( $menu == 5 ) {
             if ( $command == 1 )     { $use_icons      = commandB3(); }
 #            elsif ( $command == 3 )  { $icon_theme_def = command53(); }
         } elsif ( $menu == 5 ) {
             if ( $command == 1 )     { $use_icons      = commandB3(); }
 #            elsif ( $command == 3 )  { $icon_theme_def = command53(); }


@@ -1518,7 +1525,7 @@ sub command112a {
 
 
 # SMTP authentication type
 
 
 # SMTP authentication type

-# Possible choices: none, plain, cram-md5, digest-md5
+# Possible choices: none, login, plain, cram-md5, digest-md5

 sub command112b {
     if ($use_smtp_tls ne "0") {
         print "Auto-detection of login methods is unavailable when using TLS or STARTTLS.\n";
 sub command112b {
     if ($use_smtp_tls ne "0") {
         print "Auto-detection of login methods is unavailable when using TLS or STARTTLS.\n";


@@ -1559,6 +1566,7 @@ sub command112b {
                 print $sock "QUIT\r\n";
                 close $sock;
             }
                 print $sock "QUIT\r\n";
                 close $sock;
             }

+

             # Try login (SquirrelMail default)
             print "Testing login:\t\t";
             $tmp=detect_auth_support('SMTP',$host,'LOGIN');
             # Try login (SquirrelMail default)
             print "Testing login:\t\t";
             $tmp=detect_auth_support('SMTP',$host,'LOGIN');


@@ -1572,6 +1580,19 @@ sub command112b {
                   print $WHT . "ERROR DETECTING$NRM\n";
               }
 
                   print $WHT . "ERROR DETECTING$NRM\n";
               }
 

+            # Try plain
+            print "Testing plain:\t\t";
+            $tmp=detect_auth_support('SMTP',$host,'PLAIN');
+            if (defined($tmp)) {
+                if ($tmp eq 'YES') {
+                    print $WHT . "SUPPORTED$NRM\n";
+                } else {
+                    print $WHT . "NOT SUPPORTED$NRM\n";
+                }
+              } else {
+                  print $WHT . "ERROR DETECTING$NRM\n";
+              }
+

             # Try CRAM-MD5
             print "Testing CRAM-MD5:\t";
             $tmp=detect_auth_support('SMTP',$host,'CRAM-MD5');
             # Try CRAM-MD5
             print "Testing CRAM-MD5:\t";
             $tmp=detect_auth_support('SMTP',$host,'CRAM-MD5');


@@ -1602,12 +1623,12 @@ sub command112b {
     print "\nWhat authentication mechanism do you want to use for SMTP connections?\n";
     print $WHT . "none" . $NRM . " - Your SMTP server does not require authorization.\n";
     print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n";
     print "\nWhat authentication mechanism do you want to use for SMTP connections?\n";
     print $WHT . "none" . $NRM . " - Your SMTP server does not require authorization.\n";
     print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n";

-    print $WHT . "plain" . $NRM . " - SASL PLAIN.  You already know it if you need this.\n";
+    print $WHT . "plain" . $NRM . " - SASL PLAIN. Plaintext. If you can do better, you probably should.\n";

     print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n";
     print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n";
     print $WHT . "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n" . $NRM;
     print "If you don't understand or are unsure, you probably want \"none\"\n\n";
     print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n";
     print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n";
     print $WHT . "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n" . $NRM;
     print "If you don't understand or are unsure, you probably want \"none\"\n\n";

-    print "none, login, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT";
+    print "none, login, plain, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT";

     $inval=<STDIN>;
     chomp($inval);
     if ($inval =~ /^none\b/i) {
     $inval=<STDIN>;
     chomp($inval);
     if ($inval =~ /^none\b/i) {


@@ -1747,17 +1768,22 @@ sub display_use_tls($) {
 
 # $encode_header_key
 sub command114 {
 
 # $encode_header_key
 sub command114 {

-    print "Encryption key allows to hide SquirrelMail Received: headers\n";
-    print "in outbound messages. Interface uses encryption key to encode\n";
-    print "username, remote address and proxied address, then stores encoded\n";
-    print "information in X-Squirrel-* headers.\n";
+    print "This encryption key allows the hiding of SquirrelMail Received:\n";
+    print "headers in outbound messages.  SquirrelMail uses the encryption\n";
+    print "key to encode the username, remote address, and proxied address\n";
+    print "and then stores that encoded information in X-Squirrel-* headers.\n";

     print "\n";
     print "\n";

-    print "Warning: used encryption function is not bulletproof. When used\n";
-    print "with static encryption keys, it provides only minimal security\n";
-    print "measures and information can be decoded quickly.\n";
+    print "Warning: the encryption function used to accomplish this is not\n";
+    print "bulletproof. When used with a static encryption key as it is here,\n";
+    print "it provides only minimal security and the encoded user information\n";
+    print "in the X-Squirrel-* headers can be decoded quickly by a skilled\n";
+    print "attacker.\n";

     print "\n";
     print "\n";

-    print "Encoded information can be decoded with decrypt_headers.php script\n";
-    print "from SquirrelMail contrib/ directory.\n";
+    print "When you need to inspect an email sent from your system with the\n";
+    print "X-Squirrel-* headers, you can decode the user information therein\n";
+    print "by using the decrypt_headers.php script found in the SquirrelMail\n";
+    print "contrib/ directory. You'll need the encryption key that you\n";
+    print "defined here when doing so.\n";

     print "\n";
     print "Enter encryption key: ";
     $new_encode_header_key = <STDIN>;
     print "\n";
     print "Enter encryption key: ";
     $new_encode_header_key = <STDIN>;


@@ -2562,17 +2588,22 @@ sub command311 {
 
 sub command311b {
     print "$NRM";
 
 sub command311b {
     print "$NRM";

-    print "\n  SquirrelMail adds username information to every sent email
-  in order to prevent possible sender forging when users are allowed
-  to change their email and/or full name.
+    print "\n  SquirrelMail adds username information to every outgoing
+  email in order to prevent possible sender forging when users are
+  allowed to change their email and/or full name.

 
 

-  You can remove user information from this header (y), if you think that
+  You can remove user information from this header (y) if you think that

   it violates privacy or security.
 
   Note: If users are allowed to change their email addresses,
   this setting will make it difficult to determine who sent what where.
   Use at your own risk.
 
   it violates privacy or security.
 
   Note: If users are allowed to change their email addresses,
   this setting will make it difficult to determine who sent what where.
   Use at your own risk.
 

+  Note: If you have defined a header encryption key in your SMTP or
+  Sendmail settings (see the \"Server Settings\" option page), this
+  setting is ignored because all user information in outgoing messages
+  is encoded.
+

   ";
 
     if ( lc($hide_auth_header) eq "true" ) {
   ";
 
     if ( lc($hide_auth_header) eq "true" ) {


@@ -2760,6 +2791,63 @@ sub command319 {
 }
 
 
 }
 
 

+# disable_security_tokens (since 1.5.2)
+sub command320 {
+    print "This option allows you to turn off the security checks in the forms\n";
+    print "that SquirrelMail generates.  It is NOT RECOMMENDED that you disable\n";
+    print "this feature - otherwise, your users may be exposed to phishing and\n";
+    print "other attacks.\n";
+    print "Unless you know what you are doing, you should leave this set to \"NO\".\n";
+    print "\n";
+
+    if ( lc($disable_security_tokens) eq 'true' ) {
+        $default_value = "y";
+    } else {
+        $default_value = "n";
+    }
+    print "Disable secure forms? (y/n) [$WHT$default_value$NRM]: $WHT";
+    $disable_security_tokens = <STDIN>;
+    if ( ( $disable_security_tokens =~ /^y\n/i ) || ( ( $disable_security_tokens =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+        $disable_security_tokens = 'true';
+    } else {
+        $disable_security_tokens = 'false';
+    }
+    return $disable_security_tokens;
+}
+
+
+
+# check_referrer (since 1.1.5.2)
+sub command321 {
+    print "This option allows you to enable referal checks for all page requests\n";
+    print "made to SquirrelMail.  This can help ensure that page requests came\n";
+    print "from the same server and not from an attacker's site (usually the\n";
+    print "result of a XSS or phishing attack).  To enable referal checking,\n";
+    print "this setting can be set to the domain where your SquirrelMail is\n";
+    print "being hosted (usually the same as the Domain setting under Server\n";
+    print "Settings).  For example, it could be \"example.com\", or if you\n";
+    print "use a plugin (such as Login Manager) to host SquirrelMail on more\n";
+    print "than one domain, you can set this to \"###DOMAIN###\" to tell it\n";
+    print "to use the current domain.\n";
+    print "\n";
+    print "However, in some cases (where proxy servers are in use, etc.), the\n";
+    print "domain might be different.\n";
+    print "\n";
+    print "NOTE that referal checks are not foolproof - they can be spoofed by\n";
+    print "browsers, and some browsers intentionally don't send referal\n";
+    print "information (in which case, the check is silently bypassed)\n";
+    print "\n";
+
+    print "Referal requirement? [$WHT$check_referrer$NRM]: $WHT";
+    $new_check_referrer = <STDIN>;
+    chomp($new_check_referrer);
+    $check_referrer = $new_check_referrer;
+
+    return $check_referrer;
+}
+
+
+

 sub command_userThemes {
     print "\nDefine the user themes that you wish to use.  If you have added\n";
     print "a theme of your own, just follow the instructions (?) about\n";
 sub command_userThemes {
     print "\nDefine the user themes that you wish to use.  If you have added\n";
     print "a theme of your own, just follow the instructions (?) about\n";


@@ -4088,9 +4176,7 @@ sub command94 {
 
 sub command95 {
     print "This is the name of the field in which you want to store the\n";
 
 sub command95 {
     print "This is the name of the field in which you want to store the\n";

-    print "username of the person the prefs are for. It default to 'user'\n";
-    print "which clashes with a reserved keyword in PostgreSQL so this\n";
-    print "will need to be changed for that database at least\n";
+    print "username of the person the prefs are for. It defaults to 'user'\n";

     print "\n";
     print "[$WHT$prefs_user_field$NRM]: $WHT";
     $new_field = <STDIN>;
     print "\n";
     print "[$WHT$prefs_user_field$NRM]: $WHT";
     $new_field = <STDIN>;


@@ -5018,7 +5104,7 @@ sub save_data {
                 # integer
                 print CF "    'search_tree' => $ldap_search_tree[$count]";
             }
                 # integer
                 print CF "    'search_tree' => $ldap_search_tree[$count]";
             }

-            if ( $ldap_listing[$count] ) {
+            if ( $ldap_starttls[$count] ) {

                 print CF ",\n";
                 # boolean
                 print CF "    'starttls' => $ldap_starttls[$count]";
                 print CF ",\n";
                 # boolean
                 print CF "    'starttls' => $ldap_starttls[$count]";


@@ -5080,7 +5166,11 @@ sub save_data {
         # string
         print CF "\$session_name          = '$session_name';\n";
         # boolean
         # string
         print CF "\$session_name          = '$session_name';\n";
         # boolean

-        print CF "\$only_secure_cookies   = $only_secure_cookies;\n";
+        print CF "\$only_secure_cookies     = $only_secure_cookies;\n";
+        print CF "\$disable_security_tokens = $disable_security_tokens;\n";
+
+        # string
+        print CF "\$check_referrer          = '$check_referrer';\n";

 
         print CF "\n";
 
 
         print CF "\n";
 


@@ -5294,6 +5384,50 @@ sub set_defaults {
             $message = "\nIf you use IMAPdir depot, you must set default folder prefix to empty string.\n";
 
             $continue = 1;
             $message = "\nIf you use IMAPdir depot, you must set default folder prefix to empty string.\n";
 
             $continue = 1;

+        } elsif ( $server eq "gmail" ) {
+            $imap_server_type               = "gmail";
+            $default_folder_prefix          = "";
+            $trash_folder                   = "[Gmail]/Trash";
+            $default_move_to_trash          = true;
+            $sent_folder                    = "[Gmail]/Sent Mail";
+            $draft_folder                   = "[Gmail]/Drafts";
+            $auto_create_special            = false;
+            $show_prefix_option             = false;
+            $default_sub_of_inbox           = false;
+            $show_contain_subfolders_option = false;
+            $delete_folder                  = true;
+            $force_username_lowercase       = false;
+            $optional_delimiter             = "/";
+            $disp_default_folder_prefix     = "<none>";
+            $domain                         = "gmail.com";
+            $imapServerAddress              = "imap.gmail.com";
+            $imapPort                       = 993;
+            $use_imap_tls                   = true;
+            $imap_auth_mech                 = "login";
+            $smtpServerAddress              = "smtp.gmail.com";
+            $smtpPort                       = 465;
+            $pop_before_smtp                = false;
+            $useSendmail                    = false;
+            $use_smtp_tls                   = true;
+            $smtp_auth_mech                 = "login";
+            $continue = 1;
+
+            # Gmail changes system folder names (Drafts, Sent, Trash) out
+            # from under you when the user changes language settings
+            $message = "\nNOTE!  When a user changes languages in Gmail's interface, the\n" 
+                     . "Drafts, Sent and Trash folder names are changed to localized\n"
+                     . "versions thereof.  To see those folders correctly in SquirrelMail,\n"
+                     . "the user should change the SquirrelMail language to match.\n"
+                     . "Moreover, SquirrelMail then needs to be told what folders to use\n"
+                     . "for Drafts, Sent and Trash in Options --> Folder Preferences.\n"
+                     . "These default settings will only correctly find the Sent, Trash\n"
+                     . "and Drafts folders if both Gmail and SquirrelMail languages are\n"
+                     . "set to English.\n\n"
+                     . "Also note that in some regions (Europe?), the default folder\n"
+                     . "names (see main menu selection 3. Folder Defaults) are different\n"
+                     . "(they may need to have the prefix \"[Google Mail]\" instead of\n"
+                     . "\"[Gmail]\") and \"Trash\" may be called \"Bin\" instead.\n";
+

         } elsif ( $server eq "quit" ) {
             $continue = 1;
         } else {
         } elsif ( $server eq "quit" ) {
             $continue = 1;
         } else {


@@ -5325,12 +5459,13 @@ sub set_defaults {
 # the SM directory tree, the SM_PATH variable will be
 # prepended to the path, if not, then the path will be
 # converted to an absolute path, e.g.
 # the SM directory tree, the SM_PATH variable will be
 # prepended to the path, if not, then the path will be
 # converted to an absolute path, e.g.

-#   '../images/logo.gif'      --> SM_PATH . 'images/logo.gif'
-#   '../../someplace/data'    --> '/absolute/path/someplace/data'
-#   'images/logo.gif'         --> SM_PATH . 'config/images/logo.gif'
-#   '/absolute/path/logo.gif' --> '/absolute/path/logo.gif'
-#   'http://whatever/'        --> 'http://whatever'
-#   $some_var/path            --> "$some_var/path"
+#   '../images/logo.gif'        --> SM_PATH . 'images/logo.gif'
+#   '../../someplace/data'      --> '/absolute/path/someplace/data'
+#   'images/logo.gif'           --> SM_PATH . 'config/images/logo.gif'
+#   '/absolute/path/logo.gif'   --> '/absolute/path/logo.gif'
+#   'C:\absolute\path\logo.gif' --> 'C:\absolute\path\logo.gif'
+#   'http://whatever/'          --> 'http://whatever'
+#   $some_var/path              --> "$some_var/path"

 sub change_to_SM_path() {
     my ($old_path) = @_;
     my $new_path = '';
 sub change_to_SM_path() {
     my ($old_path) = @_;
     my $new_path = '';


@@ -5341,7 +5476,7 @@ sub change_to_SM_path() {
     # If the path is absolute, don't bother.
     return "\'" . $old_path . "\'"  if ( $old_path eq '');
     return "\'" . $old_path . "\'"  if ( $old_path =~ /^(\/|http)/ );
     # If the path is absolute, don't bother.
     return "\'" . $old_path . "\'"  if ( $old_path eq '');
     return "\'" . $old_path . "\'"  if ( $old_path =~ /^(\/|http)/ );

-    return "\'" . $old_path . "\'"  if ( $old_path =~ /^\w:\// );
+    return "\'" . $old_path . "\'"  if ( $old_path =~ /^\w:(\\|\/)/ );

     return $old_path                if ( $old_path =~ /^\'(\/|http)/ );
     return $old_path                if ( $old_path =~ /^\'\w:\// );
     return $old_path                if ( $old_path =~ /^SM_PATH/);
     return $old_path                if ( $old_path =~ /^\'(\/|http)/ );
     return $old_path                if ( $old_path =~ /^\'\w:\// );
     return $old_path                if ( $old_path =~ /^SM_PATH/);