X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=config%2Fconf.pl;h=7d0baa23964c539b33b4cafbe178f32d39fd4da5;hb=93a29a5d713e2e06b0152b51c7dc0d27b3c8c1a8;hp=84bd2ab4c64e17ce6d5a43e930662a73e5effb30;hpb=d81572f79656908a290adc913d4e89d5b2cb0a5f;p=squirrelmail.git diff --git a/config/conf.pl b/config/conf.pl index 84bd2ab4..7d0baa23 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -1,7 +1,7 @@ #!/usr/bin/env perl # conf.pl # -# Copyright (c) 1999-2007 The SquirrelMail Project Team +# Copyright (c) 1999-2009 The SquirrelMail Project Team # Licensed under the GNU GPL. For full terms see COPYING. # # A simple configure script to configure SquirrelMail @@ -427,6 +427,7 @@ $aggressive_decoding = 'false' if ( !$aggressive_decoding ); # $advanced_tree = 'false' if ( !$advanced_tree ); $use_php_recode = 'false' if ( !$use_php_recode ); $use_php_iconv = 'false' if ( !$use_php_iconv ); +$buffer_output = 'false' if ( !$buffer_output ); # since 1.5.1 $use_icons = 'false' if ( !$use_icons ); @@ -434,6 +435,8 @@ $use_iframe = 'false' if ( !$use_iframe ); $lossy_encoding = 'false' if ( !$lossy_encoding ); $allow_remote_configtest = 'false' if ( !$allow_remote_configtest ); $secured_config = 'true' if ( !$secured_config ); +$sq_https_port = 443 if ( !$sq_https_port ); +$sq_ignore_http_x_forwarded_headers = 'true' if ( !$sq_ignore_http_x_forwarded_headers ); $sm_debug_mode = 'SM_DEBUG_MODE_MODERATE' if ( !$sm_debug_mode ); #FIXME: When this is STABLE software, remove the line above and uncomment the one below: @@ -544,7 +547,7 @@ $list_supported_imap_servers = ##################################################################################### if ( $config_use_color == 1 ) { - $WHT = "\x1B[37;1m"; + $WHT = "\x1B[1m"; $NRM = "\x1B[0m"; } else { $WHT = ""; @@ -855,11 +858,14 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { print $WHT. "PHP tweaks\n" . $NRM; print "4. Use php recode functions : $WHT$use_php_recode$NRM\n"; print "5. Use php iconv functions : $WHT$use_php_iconv$NRM\n"; + print "6. Buffer all output : $WHT$buffer_output$NRM\n"; print "\n"; print $WHT. "Configuration tweaks\n" . $NRM; - print "6. Allow remote configtest : $WHT$allow_remote_configtest$NRM\n"; - print "7. Debug mode : $WHT$sm_debug_mode$NRM\n"; - print "8. Secured configuration mode : $WHT$secured_config$NRM\n"; + print "7. Allow remote configtest : $WHT$allow_remote_configtest$NRM\n"; + print "8. Debug mode : $WHT$sm_debug_mode$NRM\n"; + print "9. Secured configuration mode : $WHT$secured_config$NRM\n"; + print "10. HTTPS port : $WHT$sq_https_port$NRM\n"; + print "11. Ignore HTTP_X_FORWARDED headers: $WHT$sq_ignore_http_x_forwarded_headers$NRM\n"; print "\n"; print "R Return to Main Menu\n"; } @@ -900,7 +906,7 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { $NRM = ""; } else { $config_use_color = 1; - $WHT = "\x1B[37;1m"; + $WHT = "\x1B[1m"; $NRM = "\x1B[0m"; } } elsif ( $command =~ /^w([0-9]+)/ ) { @@ -990,7 +996,7 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { elsif ( $command == 17 ) { $only_secure_cookies = command319(); } } elsif ( $menu == 5 ) { if ( $command == 1 ) { $use_icons = commandB3(); } -# elsif ( $command == 3 ) { $icon_theme_def = commandB7(); } +# elsif ( $command == 3 ) { $icon_theme_def = command53(); } elsif ( $command == 2 ) { $default_fontsize = command_default_fontsize(); } elsif ( $command == 3 ) { $templateset_default = command_templates(); } elsif ( $command == 4 ) { command_userThemes(); } @@ -1034,9 +1040,12 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { elsif ( $command == 2 ) { $ask_user_info = command_ask_user_info(); } elsif ( $command == 4 ) { $use_php_recode = commandB4(); } elsif ( $command == 5 ) { $use_php_iconv = commandB5(); } - elsif ( $command == 6 ) { $allow_remote_configtest = commandB6(); } - elsif ( $command == 7 ) { $sm_debug_mode = commandB8(); } - elsif ( $command == 8 ) { $secured_config = commandB9(); } + elsif ( $command == 6 ) { $buffer_output = commandB6(); } + elsif ( $command == 7 ) { $allow_remote_configtest = commandB7(); } + elsif ( $command == 8 ) { $sm_debug_mode = commandB8(); } + elsif ( $command == 9 ) { $secured_config = commandB9(); } + elsif ( $command == 10 ) { $sq_https_port = commandB10(); } + elsif ( $command == 11 ) { $sq_ignore_http_x_forwarded_headers = commandB11(); } } } } @@ -1738,17 +1747,22 @@ sub display_use_tls($) { # $encode_header_key sub command114 { - print "Encryption key allows to hide SquirrelMail Received: headers\n"; - print "in outbound messages. Interface uses encryption key to encode\n"; - print "username, remote address and proxied address, then stores encoded\n"; - print "information in X-Squirrel-* headers.\n"; + print "This encryption key allows the hiding of SquirrelMail Received:\n"; + print "headers in outbound messages. SquirrelMail uses the encryption\n"; + print "key to encode the username, remote address, and proxied address\n"; + print "and then stores that encoded information in X-Squirrel-* headers.\n"; print "\n"; - print "Warning: used encryption function is not bulletproof. When used\n"; - print "with static encryption keys, it provides only minimal security\n"; - print "measures and information can be decoded quickly.\n"; + print "Warning: the encryption function used to accomplish this is not\n"; + print "bulletproof. When used with a static encryption key as it is here,\n"; + print "it provides only minimal security and the encoded user information\n"; + print "in the X-Squirrel-* headers can be decoded quickly by a skilled\n"; + print "attacker.\n"; print "\n"; - print "Encoded information can be decoded with decrypt_headers.php script\n"; - print "from SquirrelMail contrib/ directory.\n"; + print "When you need to inspect an email sent from your system with the\n"; + print "X-Squirrel-* headers, you can decode the user information therein\n"; + print "by using the decrypt_headers.php script found in the SquirrelMail\n"; + print "contrib/ directory. You'll need the encryption key that you\n"; + print "defined here when doing so.\n"; print "\n"; print "Enter encryption key: "; $new_encode_header_key = ; @@ -2530,7 +2544,8 @@ sub command310 { } sub command311 { - print " Given that users are not allowed to modify their + print "$NRM"; + print "\n Given that users are not allowed to modify their email address, can they edit their full name? "; @@ -2551,17 +2566,23 @@ sub command311 { } sub command311b { - print " SquirrelMail adds username information to every sent email - in order to prevent possible sender forging when users are allowed - to change their email and/or full name. + print "$NRM"; + print "\n SquirrelMail adds username information to every outgoing + email in order to prevent possible sender forging when users are + allowed to change their email and/or full name. - You can remove user information from this header (y), if you think that + You can remove user information from this header (y) if you think that it violates privacy or security. Note: If users are allowed to change their email addresses, this setting will make it difficult to determine who sent what where. Use at your own risk. + Note: If you have defined a header encryption key in your SMTP or + Sendmail settings (see the \"Server Settings\" option page), this + setting is ignored because all user information in outgoing messages + is encoded. + "; if ( lc($hide_auth_header) eq "true" ) { @@ -4440,8 +4461,37 @@ sub commandB5 { return $use_php_iconv; } -# configtest block +# buffer output sub commandB6 { + print "In some cases, buffering all output (holding it on the server until\n"; + print "the full page is ready to send to the browser) allows more complex\n"; + print "functionality, especially for plugins that want to add headers on hooks\n"; + print "that are beyond the point of output having been sent to the browser\n"; + print "otherwise. Most plugins that need this functionality will enable it\n"; + print "automatically on their own, but you can turn it on manually here. You'd\n"; + print "usually want to do this if you want to specify a custom output handler\n"; + print "for parsing the output - you can do that by specifying a value for\n"; + print "\$buffered_output_handler in config_local.php. Don't forget to define\n"; + print "a function of the same name as what \$buffered_output_handler is set to.\n"; + print "\n"; + + if ( lc($buffer_output) eq 'true' ) { + $default_value = "y"; + } else { + $default_value = "n"; + } + print "Buffer all output? (y/n) [$WHT$default_value$NRM]: $WHT"; + $buffer_output = ; + if ( ( $buffer_output =~ /^y\n/i ) || ( ( $buffer_output =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { + $buffer_output = 'true'; + } else { + $buffer_output = 'false'; + } + return $buffer_output; +} + +# configtest block +sub commandB7 { print "Enable this option if you want to check SquirrelMail configuration\n"; print "remotely with configtest.php script.\n"; print "\n"; @@ -4462,7 +4512,7 @@ sub commandB6 { } # Default Icon theme -sub commandB7 { +sub command53 { print "You may change the path to the default icon theme to be used, if icons\n"; print "have been enabled. This theme will be used when an icon cannot be\n"; print "found in the current theme, or when no icon theme is specified. If\n"; @@ -4594,6 +4644,65 @@ sub commandB9 { return $secured_config; } +# Set a (non-standard) HTTPS port +sub commandB10 { + print "If you run HTTPS (SSL-secured HTTP) on a non-standard port, you should\n"; + print "indicate that port here. Even if you do not, SquirrelMail may still\n"; + print "auto-detect secure connections, but it is safer and also very useful\n"; + print "for third party plugins if you specify the port number here.\n"; + print "\n"; + print "Most SquirrelMail administrators will not need to use this setting\n"; + print "because most all web servers use port 443 for HTTPS connections, and\n"; + print "SquirrelMail assumes 443 unless something else is given here.\n"; + print "\n"; + + print "Enter your HTTPS port [$sq_https_port]: "; + my $tmp = ; + $tmp = trim($tmp); + # value is not modified, if user hits Enter or enters space + if ($tmp ne '') { + # make sure that input is numeric + if ($tmp =~ /^\d+$/) { + $sq_https_port = $tmp; + } else { + print "\n"; + print "--- INPUT ERROR ---\n"; + print "\n"; + print "If you want to change this setting, you must enter a number.\n"; + print "If you want to keep the original value, just press Enter.\n\n"; + print "Press Enter to continue..."; + $tmp = ; + } + } + return $sq_https_port; +} + +# Ignore HTTP_X_FORWARDED_* headers? +sub commandB11 { + + if ( lc($sq_ignore_http_x_forwarded_headers) eq 'true' ) { + $default_value = "y"; + } else { + $default_value = "n"; + } + + print "Because HTTP_X_FORWARDED_* headers can be sent by the client and\n"; + print "therefore possibly exploited by an outsider, SquirrelMail ignores\n"; + print "them by default. If a proxy server or other machine sits between\n"; + print "clients and your SquirrelMail server, you can turn this off to\n"; + print "tell SquirrelMail to use such headers.\n"; + print "\n"; + + print "Ignore HTTP_X_FORWARDED headers? (y/n) [$WHT$default_value$NRM]: $WHT"; + $sq_ignore_http_x_forwarded_headers = ; + if ( ( $sq_ignore_http_x_forwarded_headers =~ /^y\n/i ) || ( ( $sq_ignore_http_x_forwarded_headers =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { + $sq_ignore_http_x_forwarded_headers = 'true'; + } else { + $sq_ignore_http_x_forwarded_headers = 'false'; + } + return $sq_ignore_http_x_forwarded_headers; +} + sub save_data { $tab = " "; if ( open( CF, ">config.php" ) ) { @@ -4998,8 +5107,15 @@ sub save_data { print CF "\$use_php_iconv = $use_php_iconv;\n"; print CF "\n"; # boolean + print CF "\$buffer_output = $buffer_output;\n"; + print CF "\n"; + # boolean print CF "\$allow_remote_configtest = $allow_remote_configtest;\n"; print CF "\$secured_config = $secured_config;\n"; + # integer + print CF "\$sq_https_port = $sq_https_port;\n"; + # boolean + print CF "\$sq_ignore_http_x_forwarded_headers = $sq_ignore_http_x_forwarded_headers;\n"; # (binary) integer or constant - convert integer # values to constants before output $sm_debug_mode = convert_debug_binary_integer_to_constants($sm_debug_mode);