From d8f038fd5adb33e4e4b6543378dbd546ed1347f4 Mon Sep 17 00:00:00 2001
From: pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Wed, 24 Jul 2019 01:07:50 +0000
Subject: [PATCH] Document new config_local item for CVE-2019-12970

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14830 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 config/config_local.example.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/config/config_local.example.php b/config/config_local.example.php
index 16bc47ce..b141a5d6 100644
--- a/config/config_local.example.php
+++ b/config/config_local.example.php
@@ -174,4 +174,13 @@
  * $imap_id_command_args = array('remote-host' => '###REMOTE ADDRESS###');
  * $do_not_parse_imap_id_command_response = FALSE;
  *
+ * $remove_rcdata_rawtext_tags_and_content
+ * When displaying HTML-format email message content, a small
+ * number of HTML tags are parsed differently (RCDATA, RAWTEXT
+ * content), but can also be removed entirely (with their contents)
+ * if desired (in most cases, should be a safe thing with minimal
+ * impact).  This would be done as a fallback security measure and
+ * can be enabled by adding this here:
+ * $remove_rcdata_rawtext_tags_and_content = TRUE; 
+ *
  */
-- 
2.25.1