* @return string $header
*/
function prepareRFC822_Header($rfc822_header, $reply_rfc822_header, &$raw_length) {
- global $domain, $version, $username, $encode_header_key, $edit_identity, $hide_auth_header;
+ global $domain, $version, $username, $encode_header_key,
+ $edit_identity, $hide_auth_header, $hide_squirrelmail_header;
/* if server var SERVER_NAME not available, use $domain */
if(!sqGetGlobalVar('SERVER_NAME', $SERVER_NAME, SQ_SERVER)) {
* unless you understand all possible forging issues or your
* webmail installation does not prevent changes in user's email address.
* See SquirrelMail bug tracker #847107 for more details about it.
+ *
+ * Add $hide_squirrelmail_header as a candidate for config_local.php
+ * to allow completely hiding SquirrelMail participation in message
+ * processing.
*/
- if (isset($encode_header_key) &&
+ $show_sm_header = ( isset($hide_squirrelmail_header) ? ! $hide_squirrelmail_header : 1 );
+
+ if ( $show_sm_header ) {
+ if (isset($encode_header_key) &&
trim($encode_header_key)!='') {
// use encoded headers, if encryption key is set and not empty
$header[] = 'X-Squirrel-UserHash: '.OneTimePadEncrypt($username,base64_encode($encode_header_key)).$rn;
$header[] = 'X-Squirrel-FromHash: '.OneTimePadEncrypt($this->ip2hex($REMOTE_ADDR),base64_encode($encode_header_key)).$rn;
if (isset($HTTP_X_FORWARDED_FOR))
$header[] = 'X-Squirrel-ProxyHash:'.OneTimePadEncrypt($this->ip2hex($HTTP_X_FORWARDED_FOR),base64_encode($encode_header_key)).$rn;
- } else {
+ } else {
// use default received headers
$header[] = "Received: from $received_from" . $rn;
if ($edit_identity || ! isset($hide_auth_header) || ! $hide_auth_header)
$header[] = " (SquirrelMail authenticated user $username)" . $rn;
$header[] = " by $SERVER_NAME with HTTP;" . $rn;
$header[] = " $date" . $rn;
+ }
}
/* Insert the rest of the header fields */
}
}
-?>
\ No newline at end of file
+?>
sub command310 {
- print "This allows you to prevent the editing of the user's name and ";
- print "email address. This is mainly useful when used with the ";
- print "retrieveuserdata plugin\n";
- print "\n";
+ print " In loosely managed environments, you may want to allow users
+ to edit their full name and email address. In strictly managed
+ environments, you may want to force users to use the name
+ and email address assigned to them.
+
+ 'y' - allow a user to edit their full name and email address,
+ 'n' - users must use the assigned values.
+
+ ";
if ( lc($edit_identity) eq 'true' ) {
$default_value = "y";
if ( ( $new_edit =~ /^y\n/i ) || ( ( $new_edit =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
$edit_identity = 'true';
$edit_name = 'true';
- $hide_auth_header = 'false';
+ $hide_auth_header = command311b();
} else {
$edit_identity = 'false';
$edit_name = command311();
}
sub command311 {
- print "As a follow-up, this option allows you to choose if the user ";
- print "can edit their full name even when you don't want them to ";
- print "change their username\n";
- print "\n";
+ print " Given that users are not allowed to modify their
+ email address, can they edit their full name?
+
+ ";
if ( lc($edit_name) eq 'true' ) {
$default_value = "y";
} else {
$default_value = "n";
}
- print "Allow editing of the users full name? (y/n) [$WHT$default_value$NRM]: $WHT";
+ print "Allow the user to edit their full name? (y/n) [$WHT$default_value$NRM]: $WHT";
$new_edit = <STDIN>;
if ( ( $new_edit =~ /^y\n/i ) || ( ( $new_edit =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
$edit_name = 'true';
}
sub command311b {
- print "SquirrelMail adds username information to every sent email.";
- print "It is done in order to prevent possible sender forging when ";
- print "end users are allowed to change their email and name ";
- print "information.\n";
- print "\n";
- print "You can disable this header, if you think that it violates ";
- print "user's privacy or security. Please note, that setting will ";
- print "work only when users are not allowed to change their identity.\n";
- print "\n";
-
+ print " SquirrelMail adds username information to every sent email
+ in order to prevent possible sender forging when users are allowed
+ to change their email and/or full name.
+
+ You can remove user information from this header (y), if you think that
+ it violates privacy or security.
+
+ Note: If users are allowed to change their email addresses,
+ this setting will make it difficult to determine who sent what where.
+ Use at your own risk.
+
+ ";
+
if ( lc($hide_auth_header) eq "true" ) {
$default_value = "y";
} else {
} else {
$hide_auth_header = "false";
}
- return $edit_name;
+ return $hide_auth_header;
}
sub command312 {
projects / squirrelmail.git / commitdiff