X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=config%2Fconfig_local.example.php;h=38c0f26d6d1c6f644d809cbdcc8d8d4d9d9610ec;hb=c552d9d2c0084b6a879e47a0b4671091143dc678;hp=22e2af733dfd492667a8c7d3f09383776f72ea5f;hpb=353d074afac6827c90f4bb03e846c5e453d3b5b1;p=squirrelmail.git
diff --git a/config/config_local.example.php b/config/config_local.example.php
index 22e2af73..38c0f26d 100644
--- a/config/config_local.example.php
+++ b/config/config_local.example.php
@@ -116,5 +116,34 @@
* the appropriate quote character for the database type
* being used (backtick for MySQL (and thus MariaDB),
* double quotes for all others).
+ *
+ * $use_expiring_security_tokens (boolean) allows you to
+ * make SquirrelMail use short-lived anti-CSRF security
+ * tokens that expire as desired (not recommended, can
+ * cause user-facing issues when tokens expire unexpectedly).
+ *
+ * $max_token_age_days (integer) allows you to indicate how
+ * long a token should be valid for (in days) (only relevant
+ * when $use_expiring_security_tokens is enabled).
+ *
+ * $do_not_use_single_token (boolean) allows you to force
+ * SquirrelMail to generate a new token every time one is
+ * requested (which may increase obscurity through token
+ * randomness at the cost of some performance). Otherwise,
+ * only one token will be generated per user which will
+ * change only after it expires or is used outside of the
+ * validity period specified when calling
+ * sm_validate_security_token() (only relevant when
+ * $use_expiring_security_tokens is enabled).
+ *
+ * $head_tag_extra can be used to add custom tags inside
+ * the section of *ALL* pages. The string
+ * "###SM BASEURI###" will be replaced with the base URI
+ * for this SquirrelMail installation. This may be used,
+ * for example, to add custom favicon tags. If this
+ * setting is empty here, SquirrelMail will add a favicon
+ * tag by default. If you want to retain the default favicon
+ * while using this setting, you must include the following
+ * as part of this setting:
+ * $head_tag_extra = '......';
*/
-