X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=config%2Fconfig_default.php;h=c21f96d0f669033a4463cd376214d741c86d27d1;hb=babad50305f1b991f32209a7f2e3b72a5eefe5c7;hp=1586533a69bbefd4d153174c088e778fa62691a4;hpb=d81572f79656908a290adc913d4e89d5b2cb0a5f;p=squirrelmail.git diff --git a/config/config_default.php b/config/config_default.php index 1586533a..c21f96d0 100644 --- a/config/config_default.php +++ b/config/config_default.php @@ -15,7 +15,7 @@ * passwords being leaked to e.g. other system users. Take extra care when * the webserver is shared with untrusted users. * - * @copyright © 2000-2007 The SquirrelMail Project Team + * @copyright 2000-2019 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -298,6 +298,15 @@ $smtp_sitewide_pass = ''; */ $imap_auth_mech = 'login'; +/** + * Show login error from the IMAP server (true) or show + * the traditional/generic "Unknown user or password + * incorrect" (false)? + * + * @global boolean $display_imap_login_error + */ +$display_imap_login_error = false; + /** * IMAP folder delimiter * @@ -592,15 +601,18 @@ $default_use_mdn = true; * Identity Controls * * If you don't want to allow users to change their email address - * then you can set $edit_identity to false, if you want them to + * then you can set $edit_identity to false; if you want them to * not be able to change their full name too then set $edit_name - * to false as well. $edit_name has no effect unless $edit_identity - * is false; + * to false as well. $edit_reply_to likewise controls users' ability + * to change their reply-to address. $edit_name and $edit_reply_to + * have no effect unless $edit_identity is false; * @global bool $edit_identity * @global bool $edit_name + * @global bool $edit_reply_to */ $edit_identity = true; $edit_name = true; +$edit_reply_to = true; /** * SquirrelMail adds username information to every sent email. @@ -673,6 +685,65 @@ $allow_advanced_search = 0; */ $session_name = 'SQMSESSID'; +/** + * Secure Cookies + * + * Only transmit cookies via a secure connection + * if the session was started using HTTPS/SSL? + * + * Highly recommended + * + * @global bool $only_secure_cookies + * @since 1.5.2 and 1.4.16 + */ +$only_secure_cookies = true; + +/** + * Secure Forms + * + * Disable security tokens used to authenticate the + * source of user data received by SquirrelMail? + * + * It is highly discouraged to enable this setting. + * + * @global bool $disable_security_tokens + * @since 1.5.2 and 1.4.20RC1 + */ +$disable_security_tokens = false; + +/** + * Check Page Referrer + * + * Enforces a safety check on page requests by checking + * that the referrer is the domain specified by this + * setting. If this setting is "###DOMAIN###", the + * current value of the $domain variable will be used + * for the check. + * + * If a browser doesn't send referrer data, this check + * will be silently bypassed. + * + * Examples: + * $check_referrer = 'example.com'; + * $check_referrer = '###DOMAIN###'; + * + * @global string $check_referrer + * @since 1.5.2 and 1.4.20RC1 + */ +$check_referrer = ''; + +/** + * Security Image Type + * + * Switches between using a transparent image + * and one that states "this image has been + * removed for security reasons" + * + * @global bool $use_transparent_security_image + * @since 1.5.2 and 1.4.23 + */ +$use_transparent_security_image = true; + /** * User Themes @@ -1149,12 +1220,69 @@ $use_php_recode = false; $use_php_iconv = false; /** + * Output Buffering + * + * In some cases, buffering all output allows more complex functionality, + * especially for plugins that want to add headers on hooks that are beyond + * the point of output having been sent to the browser otherwise (although + * most plugins that need this feature will turn it on automatically by + * themselves). + * + * It is also possible to define a custom output handler as needed by special + * environments. If $buffered_output_handler is non-empty, a function named + * the same as the value of $buffered_output_handler should be defined in + * config_local.php. + * + */ +$buffer_output = false; +$buffered_output_handler = ''; + +/** + * Allow Remote configtest Access + * * Controls remote configuration checks * @global boolean $allow_remote_configtest * @since 1.5.1 */ $allow_remote_configtest = false; +/** + * SquirrelMail Debug Mode + * + * Various debugging levels can be enabled using this setting. + * More than one mode can be used at once by combining them + * with pipes ("|"). See the SM_DEBUG_MODE_* constants in + * include/constants.php + */ +$sm_debug_mode = SM_DEBUG_MODE_OFF; + +/** + * "Secured Configuration" Mode + * + * Enable/disable "Secured Configuration" mode, wherein certain + * security-sensitive configuration settings are made immutable + * by other code. + */ +$secured_config = true; + +/** + * HTTPS Port + * + * This is the HTTPS (SSL-secured HTTP) port. It can be left empty, + * in which case SquirrelMail will assume the standard port 443. + * Make sure to set this correctly when serving HTTPS on a non- + * standard port. + */ +$sq_https_port = 443; + +/** + * Ignore HTTP_X_FORWARDED_* headers? + * + * Whether or not HTTP_X_FORWARDED_* headers are respected by + * SquirrelMail (or plugins). + */ +$sq_ignore_http_x_forwarded_headers = true; + /** * Subscribe Listing Control *