Updated SVG handling, closing several related vulnerabilities reported in #2831 and...
[squirrelmail.git] / config / config_local.example.php
CommitLineData
0c8f66b4 1<?php
4b4abf93 2
2d896bbf 3/**
4 * Local config overrides.
5 *
6 * You can override the config.php settings here.
7 * Don't do it unless you know what you're doing.
91e0dccc 8 * Use standard PHP syntax, see config.php for examples.
2d896bbf 9 *
8ed19238 10 * @copyright 2002-2019 The SquirrelMail Project Team
4b4abf93 11 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
12 * @version $Id$
2d896bbf 13 * @package squirrelmail
14 * @subpackage config
15 */
99f175bc 16
17
18/**
19 * What follows are notes about "hidden" settings that
20 * are not defined in config.php and are only meant to
21 * be optionally defined by administrators who need to
22 * suit specific (unusual) setups. This file, of course,
23 * is not limited to setting these values - you can still
24 * specify overrides for anything in config.php.
25 *
26 * $custom_session_handlers (array) allows the definition
27 * of custom PHP session handlers. This feature is well
28 * documented in the code in include/init.php
29 *
9aaa9ae2 30 * $hide_squirrelmail_header (must be defined as a constant:
99f175bc 31 * define('hide_squirrelmail_header', 1);
32 * This allows the administrator to force SquirrelMail never
33 * to add its own Received headers with user information in
34 * them. This is VERY DANGEROUS and is HIGHLY DISCOURAGED
35 *
36 * $show_timezone_name allows (boolean) the addition of the
37 * timezone name to the Date header in outgoing messages.
38 * Turning this on violates RFC 822 syntax and can result in
39 * more serious problems (unencoded 8 bit characters in headers)
40 * on some systems.
41 *
42 * $force_crlf_default (string) Can be used to force CRLF or LF
43 * line endings in decoded message parts. In some environments
44 * this allows attachments to be downloaded with operating-system
45 * friendly line endings. This setting may be overridden by
46 * certain plugins or on systems running PHP versions less than
47 * 4.3.0. Set to 'CRLF' or 'LF' or, to force line endings to be
48 * unmolested, set to some other string, such as 'NOCHANGE'
49 *
55e34626 50 * $subfolders_of_inbox_are_special (boolean) can be set to TRUE
51 * if any subfolders of the INBOX should be treated as "special"
52 * (those that are displayed in a different color than other
53 * "normal" mailboxes).
54 *
36c59d84 55 * $hash_dirs_use_md5 (boolean) If set to TRUE, forces the
56 * hashed preferences directory calculation to use MD5 instead
57 * of CRC32.
58 *
59 * $hash_dirs_strip_domain (boolean) If set to TRUE, and if
60 * usernames are in full email address format, the domain
61 * part (beginning with "@") will be stripped before
62 * calculating the CRC or MD5.
63 *
a9805897 64 * $smtp_stream_options allows more control over the SSL context
65 * used when connecting to the SMTP server over SSL/TLS. See:
0e6fd2f8 66 * http://www.php.net/manual/context.php and in particular
9aaa9ae2 67 * http://php.net/manual/context.ssl.php
68 * For example, you can specify a CA file that corresponds
69 * to your server's certificate and make sure that the
70 * server's certificate is validated when connecting:
a9805897 71 * $smtp_stream_options = array(
0e6fd2f8 72 * 'ssl' => array(
73 * 'cafile' => '/etc/pki/tls/certs/ca-bundle.crt',
74 * 'verify_peer' => true,
75 * 'verify_depth' => 3,
76 * ),
9aaa9ae2 77 * );
78 *
a9805897 79 * $imap_stream_options allows more control over the SSL
80 * context used when connecting to the IMAP server over
81 * SSL/TLS. See: http://www.php.net/manual/context.php
82 * and in particular http://php.net/manual/context.ssl.php
9aaa9ae2 83 * For example, you can specify a CA file that corresponds
84 * to your server's certificate and make sure that the
85 * server's certificate is validated when connecting:
a9805897 86 * $imap_stream_options = array(
0e6fd2f8 87 * 'ssl' => array(
88 * 'cafile' => '/etc/pki/tls/certs/ca-bundle.crt',
89 * 'verify_peer' => true,
90 * 'verify_depth' => 3,
91 * ),
9aaa9ae2 92 * );
e4f360ed 93 *
94 * $disable_pdo (boolean) tells SquirrelMail not to use
95 * PDO to access the user preferences and address book
96 * databases as it normally would. When this is set to
97 * TRUE, Pear DB will be used instead, but this is not
98 * recommended.
99 *
100 * $pdo_show_sql_errors (boolean) causes the actual
101 * database error to be displayed when one is encountered.
102 * When set to FALSE, generic errors are displayed,
103 * preventing internal database information from being
104 * exposed. This should be set to TRUE only for debugging
105 * purposes.
106 *
107 * $pdo_identifier_quote_char (string) allows you to
108 * override the character used for quoting table and field
109 * names in database queries. Set this to the desired
110 * Quote character, for example:
111 * $pdo_identifier_quote_char = '"';
112 * Or you can tell SquirrelMail not to quote identifiers
113 * at all by setting this to "none". When this setting
114 * is empty or not found, SquirrelMail will attempt to
115 * quote table and field names with what it thinks is
116 * the appropriate quote character for the database type
117 * being used (backtick for MySQL (and thus MariaDB),
118 * double quotes for all others).
8cb60001 119 *
120 * $use_expiring_security_tokens (boolean) allows you to
121 * make SquirrelMail use short-lived anti-CSRF security
122 * tokens that expire as desired (not recommended, can
123 * cause user-facing issues when tokens expire unexpectedly).
124 *
125 * $max_token_age_days (integer) allows you to indicate how
126 * long a token should be valid for (in days) (only relevant
127 * when $use_expiring_security_tokens is enabled).
128 *
129 * $do_not_use_single_token (boolean) allows you to force
130 * SquirrelMail to generate a new token every time one is
131 * requested (which may increase obscurity through token
132 * randomness at the cost of some performance). Otherwise,
133 * only one token will be generated per user which will
134 * change only after it expires or is used outside of the
135 * validity period specified when calling
136 * sm_validate_security_token() (only relevant when
137 * $use_expiring_security_tokens is enabled).
138 *
c552d9d2 139 * $head_tag_extra can be used to add custom tags inside
140 * the <head> section of *ALL* pages. The string
141 * "###SM BASEURI###" will be replaced with the base URI
142 * for this SquirrelMail installation. This may be used,
143 * for example, to add custom favicon tags. If this
144 * setting is empty here, SquirrelMail will add a favicon
145 * tag by default. If you want to retain the default favicon
146 * while using this setting, you must include the following
147 * as part of this setting:
d7d9e676 148 * $head_tag_extra = '<link rel="shortcut icon" href="###SM BASEURI###favicon.ico" />...<YOUR CONTENT HERE>...';
99f175bc 149 */