From bb08da849fc22e00f27d7bbe165cfcfafd525b3a Mon Sep 17 00:00:00 2001 From: ebullient Date: Sun, 27 Nov 2005 19:36:35 +0000 Subject: [PATCH] reword some of the text around email/full name options, and introduce a variable that can be added to config_local to remove the SM header altogether if desired (e.g. in home installations). git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10416 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- class/deliver/Deliver.class.php | 17 ++++++++--- config/conf.pl | 50 +++++++++++++++++++-------------- 2 files changed, 42 insertions(+), 25 deletions(-) diff --git a/class/deliver/Deliver.class.php b/class/deliver/Deliver.class.php index 3dcf6114..a7747106 100644 --- a/class/deliver/Deliver.class.php +++ b/class/deliver/Deliver.class.php @@ -378,7 +378,8 @@ class Deliver { * @return string $header */ function prepareRFC822_Header($rfc822_header, $reply_rfc822_header, &$raw_length) { - global $domain, $version, $username, $encode_header_key, $edit_identity, $hide_auth_header; + global $domain, $version, $username, $encode_header_key, + $edit_identity, $hide_auth_header, $hide_squirrelmail_header; /* if server var SERVER_NAME not available, use $domain */ if(!sqGetGlobalVar('SERVER_NAME', $SERVER_NAME, SQ_SERVER)) { @@ -426,21 +427,29 @@ class Deliver { * unless you understand all possible forging issues or your * webmail installation does not prevent changes in user's email address. * See SquirrelMail bug tracker #847107 for more details about it. + * + * Add $hide_squirrelmail_header as a candidate for config_local.php + * to allow completely hiding SquirrelMail participation in message + * processing. */ - if (isset($encode_header_key) && + $show_sm_header = ( isset($hide_squirrelmail_header) ? ! $hide_squirrelmail_header : 1 ); + + if ( $show_sm_header ) { + if (isset($encode_header_key) && trim($encode_header_key)!='') { // use encoded headers, if encryption key is set and not empty $header[] = 'X-Squirrel-UserHash: '.OneTimePadEncrypt($username,base64_encode($encode_header_key)).$rn; $header[] = 'X-Squirrel-FromHash: '.OneTimePadEncrypt($this->ip2hex($REMOTE_ADDR),base64_encode($encode_header_key)).$rn; if (isset($HTTP_X_FORWARDED_FOR)) $header[] = 'X-Squirrel-ProxyHash:'.OneTimePadEncrypt($this->ip2hex($HTTP_X_FORWARDED_FOR),base64_encode($encode_header_key)).$rn; - } else { + } else { // use default received headers $header[] = "Received: from $received_from" . $rn; if ($edit_identity || ! isset($hide_auth_header) || ! $hide_auth_header) $header[] = " (SquirrelMail authenticated user $username)" . $rn; $header[] = " by $SERVER_NAME with HTTP;" . $rn; $header[] = " $date" . $rn; + } } /* Insert the rest of the header fields */ @@ -793,4 +802,4 @@ class Deliver { } } -?> \ No newline at end of file +?> diff --git a/config/conf.pl b/config/conf.pl index 5c7a1e9a..7d445447 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -2120,10 +2120,15 @@ sub command39 { sub command310 { - print "This allows you to prevent the editing of the user's name and "; - print "email address. This is mainly useful when used with the "; - print "retrieveuserdata plugin\n"; - print "\n"; + print " In loosely managed environments, you may want to allow users + to edit their full name and email address. In strictly managed + environments, you may want to force users to use the name + and email address assigned to them. + + 'y' - allow a user to edit their full name and email address, + 'n' - users must use the assigned values. + + "; if ( lc($edit_identity) eq 'true' ) { $default_value = "y"; @@ -2135,7 +2140,7 @@ sub command310 { if ( ( $new_edit =~ /^y\n/i ) || ( ( $new_edit =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { $edit_identity = 'true'; $edit_name = 'true'; - $hide_auth_header = 'false'; + $hide_auth_header = command311b(); } else { $edit_identity = 'false'; $edit_name = command311(); @@ -2145,17 +2150,17 @@ sub command310 { } sub command311 { - print "As a follow-up, this option allows you to choose if the user "; - print "can edit their full name even when you don't want them to "; - print "change their username\n"; - print "\n"; + print " Given that users are not allowed to modify their + email address, can they edit their full name? + + "; if ( lc($edit_name) eq 'true' ) { $default_value = "y"; } else { $default_value = "n"; } - print "Allow editing of the users full name? (y/n) [$WHT$default_value$NRM]: $WHT"; + print "Allow the user to edit their full name? (y/n) [$WHT$default_value$NRM]: $WHT"; $new_edit = ; if ( ( $new_edit =~ /^y\n/i ) || ( ( $new_edit =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { $edit_name = 'true'; @@ -2166,16 +2171,19 @@ sub command311 { } sub command311b { - print "SquirrelMail adds username information to every sent email."; - print "It is done in order to prevent possible sender forging when "; - print "end users are allowed to change their email and name "; - print "information.\n"; - print "\n"; - print "You can disable this header, if you think that it violates "; - print "user's privacy or security. Please note, that setting will "; - print "work only when users are not allowed to change their identity.\n"; - print "\n"; - + print " SquirrelMail adds username information to every sent email + in order to prevent possible sender forging when users are allowed + to change their email and/or full name. + + You can remove user information from this header (y), if you think that + it violates privacy or security. + + Note: If users are allowed to change their email addresses, + this setting will make it difficult to determine who sent what where. + Use at your own risk. + + "; + if ( lc($hide_auth_header) eq "true" ) { $default_value = "y"; } else { @@ -2188,7 +2196,7 @@ sub command311b { } else { $hide_auth_header = "false"; } - return $edit_name; + return $hide_auth_header; } sub command312 { -- 2.25.1