#!/usr/bin/env perl
# conf.pl
#
-# Copyright (c) 1999-2007 The SquirrelMail Project Team
+# Copyright (c) 1999-2017 The SquirrelMail Project Team
# Licensed under the GNU GPL. For full terms see COPYING.
#
# A simple configure script to configure SquirrelMail
############################################################
-# First, lets read in the data already in there...
+# Try to determine what the version of SquirrelMail is
+############################################################
+$sm_version = 'unknown';
+if ( -e "../include/constants.php" && -r "../include/constants.php") {
+ open( FILE, "../include/constants.php" );
+ while ( $line = <FILE> ) {
+ if ($line =~ m/^define\('SM_VERSION', ?'(\d+\.\d+\.\d+( ?\[\w+]|))'/) {
+ $sm_version = $1;
+ last;
+ }
+ }
+ close(FILE);
+}
+
+
+############################################################
+# First, let's read in the data already in there...
############################################################
if ( -e "config.php" ) {
# Make sure that file is readable
# since 1.2.5
$edit_identity = 'true' if ( !$edit_identity );
$edit_name = 'true' if ( !$edit_name );
+# since 1.4.23/1.5.2
+$edit_reply_to = 'true' if ( !$edit_reply_to );
# since 1.4.0
$use_smtp_tls= 'false' if ( !$use_smtp_tls);
$use_imap_tls = 'false' if ( !$use_imap_tls );
$imap_auth_mech = 'login' if ( !$imap_auth_mech );
+# $use_imap_tls and $use_smtp_tls are switched to integer since 1.5.1
+$use_imap_tls = 0 if ( $use_imap_tls eq 'false');
+$use_imap_tls = 1 if ( $use_imap_tls eq 'true');
+$use_smtp_tls = 0 if ( $use_smtp_tls eq 'false');
+$use_smtp_tls = 1 if ( $use_smtp_tls eq 'true');
+
# since 1.5.0
$show_alternative_names = 'false' if ( !$show_alternative_names );
# $available_languages option available only in 1.5.0. removed due to $languages
# $advanced_tree = 'false' if ( !$advanced_tree );
$use_php_recode = 'false' if ( !$use_php_recode );
$use_php_iconv = 'false' if ( !$use_php_iconv );
+$buffer_output = 'false' if ( !$buffer_output );
# since 1.5.1
$use_icons = 'false' if ( !$use_icons );
$lossy_encoding = 'false' if ( !$lossy_encoding );
$allow_remote_configtest = 'false' if ( !$allow_remote_configtest );
$secured_config = 'true' if ( !$secured_config );
+$sq_https_port = 443 if ( !$sq_https_port );
+$sq_ignore_http_x_forwarded_headers = 'true' if ( !$sq_ignore_http_x_forwarded_headers );
$sm_debug_mode = 'SM_DEBUG_MODE_MODERATE' if ( !$sm_debug_mode );
#FIXME: When this is STABLE software, remove the line above and uncomment the one below:
'verasans', 'bitstream vera sans,verdana,sans-serif');
}
-# $use_imap_tls and $use_smtp_tls are switched to integer since 1.5.1
-$use_imap_tls = 0 if ( $use_imap_tls eq 'false');
-$use_imap_tls = 1 if ( $use_imap_tls eq 'true');
-$use_smtp_tls = 0 if ( $use_smtp_tls eq 'false');
-$use_smtp_tls = 1 if ( $use_smtp_tls eq 'true');
# sorting options changed names and reversed values in 1.5.1
$disable_thread_sort = 'false' if ( !$disable_thread_sort );
$disable_server_sort = 'false' if ( !$disable_server_sort );
$disable_plugins = 'false' if ( !$disable_plugins );
$disable_plugins_user = '' if ( !$disable_plugins_user );
$only_secure_cookies = 'true' if ( !$only_secure_cookies );
+$disable_security_tokens = 'false' if ( !$disable_security_tokens );
+$check_referrer = '' if ( !$check_referrer );
$ask_user_info = 'true' if ( !$ask_user_info );
+$use_transparent_security_image = 'true' if ( !$use_transparent_security_image );
+$display_imap_login_error = 'false' if ( !$display_imap_login_error );
if ( $ARGV[0] eq '--install-plugin' ) {
print "Activating plugin " . $ARGV[1] . "\n";
" hmailserver = hMailServer\n" .
" macosx = Mac OS X Mailserver\n" .
" mercury32 = Mercury/32\n" .
- " uw = University of Washington's IMAP server\n";
+ " uw = University of Washington's IMAP server\n" .
+ " gmail = IMAP access to Google mail (Gmail) accounts\n";
#####################################################################################
if ( $config_use_color == 1 ) {
- $WHT = "\x1B[37;1m";
+ $WHT = "\x1B[1m";
$NRM = "\x1B[0m";
} else {
$WHT = "";
print $WHT. "SquirrelMail Configuration : " . $NRM;
if ( $config == 1 ) { print "Read: config.php"; }
elsif ( $config == 2 ) { print "Read: config_default.php"; }
- print " ($print_config_version)\n";
+ print "\nConfig version $print_config_version; SquirrelMail version $sm_version\n";
print "---------------------------------------------------------\n";
if ( $menu == 0 ) {
print "8. Allow use of receipts : $WHT$default_use_mdn$NRM\n";
print "9. Allow editing of identity : $WHT$edit_identity$NRM\n";
print " Allow editing of name : $WHT$edit_name$NRM\n";
+ print " Allow editing of reply-to : $WHT$edit_reply_to$NRM\n";
print " Remove username from header : $WHT$hide_auth_header$NRM\n";
print "10. Disable server thread sort : $WHT$disable_thread_sort$NRM\n";
print "11. Disable server-side sorting : $WHT$disable_server_sort$NRM\n";
print "15. Time zone configuration : $WHT$time_zone_type$NRM\n";
print "16. Location base : $WHT$config_location_base$NRM\n";
print "17. Only secure cookies if poss. : $WHT$only_secure_cookies$NRM\n";
+ print "18. Disable secure forms : $WHT$disable_security_tokens$NRM\n";
+ print "19. Page referal requirement : $WHT$check_referrer$NRM\n";
+ print "20. Security image : $WHT" . (lc($use_transparent_security_image) eq 'true' ? 'Transparent' : 'Textual') . "$NRM\n";
+ print "21. Display login error from IMAP: $WHT$display_imap_login_error$NRM\n";
print "\n";
print "R Return to Main Menu\n";
} elsif ( $menu == 5 ) {
print $WHT. "PHP tweaks\n" . $NRM;
print "4. Use php recode functions : $WHT$use_php_recode$NRM\n";
print "5. Use php iconv functions : $WHT$use_php_iconv$NRM\n";
+ print "6. Buffer all output : $WHT$buffer_output$NRM\n";
print "\n";
print $WHT. "Configuration tweaks\n" . $NRM;
- print "6. Allow remote configtest : $WHT$allow_remote_configtest$NRM\n";
- print "7. Debug mode : $WHT$sm_debug_mode$NRM\n";
- print "8. Secured configuration mode : $WHT$secured_config$NRM\n";
+ print "7. Allow remote configtest : $WHT$allow_remote_configtest$NRM\n";
+ print "8. Debug mode : $WHT$sm_debug_mode$NRM\n";
+ print "9. Secured configuration mode : $WHT$secured_config$NRM\n";
+ print "10. HTTPS port : $WHT$sq_https_port$NRM\n";
+ print "11. Ignore HTTP_X_FORWARDED headers: $WHT$sq_ignore_http_x_forwarded_headers$NRM\n";
print "\n";
print "R Return to Main Menu\n";
}
$NRM = "";
} else {
$config_use_color = 1;
- $WHT = "\x1B[37;1m";
+ $WHT = "\x1B[1m";
$NRM = "\x1B[0m";
}
} elsif ( $command =~ /^w([0-9]+)/ ) {
elsif ( $command == 15 ) { $time_zone_type = command318(); }
elsif ( $command == 16 ) { $config_location_base = command_config_location_base(); }
elsif ( $command == 17 ) { $only_secure_cookies = command319(); }
+ elsif ( $command == 18 ) { $disable_security_tokens = command320(); }
+ elsif ( $command == 19 ) { $check_referrer = command321(); }
+ elsif ( $command == 20 ) { $use_transparent_security_image = command322(); }
+ elsif ( $command == 21 ) { $display_imap_login_error = command323(); }
} elsif ( $menu == 5 ) {
if ( $command == 1 ) { $use_icons = commandB3(); }
-# elsif ( $command == 3 ) { $icon_theme_def = commandB7(); }
+# elsif ( $command == 3 ) { $icon_theme_def = command53(); }
elsif ( $command == 2 ) { $default_fontsize = command_default_fontsize(); }
elsif ( $command == 3 ) { $templateset_default = command_templates(); }
elsif ( $command == 4 ) { command_userThemes(); }
elsif ( $command == 2 ) { $ask_user_info = command_ask_user_info(); }
elsif ( $command == 4 ) { $use_php_recode = commandB4(); }
elsif ( $command == 5 ) { $use_php_iconv = commandB5(); }
- elsif ( $command == 6 ) { $allow_remote_configtest = commandB6(); }
- elsif ( $command == 7 ) { $sm_debug_mode = commandB8(); }
- elsif ( $command == 8 ) { $secured_config = commandB9(); }
+ elsif ( $command == 6 ) { $buffer_output = commandB6(); }
+ elsif ( $command == 7 ) { $allow_remote_configtest = commandB7(); }
+ elsif ( $command == 8 ) { $sm_debug_mode = commandB8(); }
+ elsif ( $command == 9 ) { $secured_config = commandB9(); }
+ elsif ( $command == 10 ) { $sq_https_port = commandB10(); }
+ elsif ( $command == 11 ) { $sq_ignore_http_x_forwarded_headers = commandB11(); }
}
}
}
# SMTP authentication type
-# Possible choices: none, plain, cram-md5, digest-md5
+# Possible choices: none, login, plain, cram-md5, digest-md5
sub command112b {
if ($use_smtp_tls ne "0") {
print "Auto-detection of login methods is unavailable when using TLS or STARTTLS.\n";
print $sock "QUIT\r\n";
close $sock;
}
+
# Try login (SquirrelMail default)
print "Testing login:\t\t";
$tmp=detect_auth_support('SMTP',$host,'LOGIN');
print $WHT . "ERROR DETECTING$NRM\n";
}
+ # Try plain
+ print "Testing plain:\t\t";
+ $tmp=detect_auth_support('SMTP',$host,'PLAIN');
+ if (defined($tmp)) {
+ if ($tmp eq 'YES') {
+ print $WHT . "SUPPORTED$NRM\n";
+ } else {
+ print $WHT . "NOT SUPPORTED$NRM\n";
+ }
+ } else {
+ print $WHT . "ERROR DETECTING$NRM\n";
+ }
+
# Try CRAM-MD5
print "Testing CRAM-MD5:\t";
$tmp=detect_auth_support('SMTP',$host,'CRAM-MD5');
print "\nWhat authentication mechanism do you want to use for SMTP connections?\n";
print $WHT . "none" . $NRM . " - Your SMTP server does not require authorization.\n";
print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n";
- print $WHT . "plain" . $NRM . " - SASL PLAIN. You already know it if you need this.\n";
+ print $WHT . "plain" . $NRM . " - SASL PLAIN. Plaintext. If you can do better, you probably should.\n";
print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n";
print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n";
print $WHT . "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n" . $NRM;
print "If you don't understand or are unsure, you probably want \"none\"\n\n";
- print "none, login, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT";
+ print "none, login, plain, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT";
$inval=<STDIN>;
chomp($inval);
if ($inval =~ /^none\b/i) {
# $encode_header_key
sub command114 {
- print "Encryption key allows to hide SquirrelMail Received: headers\n";
- print "in outbound messages. Interface uses encryption key to encode\n";
- print "username, remote address and proxied address, then stores encoded\n";
- print "information in X-Squirrel-* headers.\n";
+ print "This encryption key allows the hiding of SquirrelMail Received:\n";
+ print "headers in outbound messages. SquirrelMail uses the encryption\n";
+ print "key to encode the username, remote address, and proxied address\n";
+ print "and then stores that encoded information in X-Squirrel-* headers.\n";
print "\n";
- print "Warning: used encryption function is not bulletproof. When used\n";
- print "with static encryption keys, it provides only minimal security\n";
- print "measures and information can be decoded quickly.\n";
+ print "Warning: the encryption function used to accomplish this is not\n";
+ print "bulletproof. When used with a static encryption key as it is here,\n";
+ print "it provides only minimal security and the encoded user information\n";
+ print "in the X-Squirrel-* headers can be decoded quickly by a skilled\n";
+ print "attacker.\n";
print "\n";
- print "Encoded information can be decoded with decrypt_headers.php script\n";
- print "from SquirrelMail contrib/ directory.\n";
+ print "When you need to inspect an email sent from your system with the\n";
+ print "X-Squirrel-* headers, you can decode the user information therein\n";
+ print "by using the decrypt_headers.php script found in the SquirrelMail\n";
+ print "contrib/ directory. You'll need the encryption key that you\n";
+ print "defined here when doing so.\n";
print "\n";
print "Enter encryption key: ";
$new_encode_header_key = <STDIN>;
if ( ( $new_edit =~ /^y\n/i ) || ( ( $new_edit =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
$edit_identity = 'true';
$edit_name = 'true';
- $hide_auth_header = command311b();
+ $edit_reply_to = 'true';
+ $hide_auth_header = command311c();
} else {
$edit_identity = 'false';
$edit_name = command311();
- $hide_auth_header = command311b();
+ $edit_reply_to = command311b();
+ $hide_auth_header = command311c();
}
return $edit_identity;
}
sub command311 {
- print " Given that users are not allowed to modify their
+ print "$NRM";
+ print "\n Given that users are not allowed to modify their
email address, can they edit their full name?
";
}
sub command311b {
- print " SquirrelMail adds username information to every sent email
- in order to prevent possible sender forging when users are allowed
+ print "$NRM";
+ print "\n Given that users are not allowed to modify their
+ email address, can they edit their reply-to address?
+
+ ";
+
+ if ( lc($edit_reply_to) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Allow the user to edit their reply-to address? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $new_edit = <STDIN>;
+ if ( ( $new_edit =~ /^y\n/i ) || ( ( $new_edit =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $edit_reply_to = 'true';
+ } else {
+ $edit_reply_to = 'false';
+ }
+ return $edit_reply_to;
+}
+
+sub command311c {
+ print "$NRM";
+ print "\n SquirrelMail adds username information to every outgoing email in
+ order to prevent possible sender forging by users that are allowed
to change their email and/or full name.
- You can remove user information from this header (y), if you think that
- it violates privacy or security.
+ You can remove user information from this header (y) if you think
+ that it violates privacy or security.
- Note: If users are allowed to change their email addresses,
- this setting will make it difficult to determine who sent what where.
+ Note: If users are allowed to change their email addresses, this
+ setting will make it difficult to determine who sent what where.
Use at your own risk.
+ Note: If you have defined a header encryption key in your SMTP or
+ Sendmail settings (see the \"Server Settings\" option page), this
+ setting is ignored because all user information in outgoing messages
+ is encoded.
+
";
if ( lc($hide_auth_header) eq "true" ) {
}
+# disable_security_tokens (since 1.5.2)
+sub command320 {
+ print "This option allows you to turn off the security checks in the forms\n";
+ print "that SquirrelMail generates. It is NOT RECOMMENDED that you disable\n";
+ print "this feature - otherwise, your users may be exposed to phishing and\n";
+ print "other attacks.\n";
+ print "Unless you know what you are doing, you should leave this set to \"NO\".\n";
+ print "\n";
+
+ if ( lc($disable_security_tokens) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Disable secure forms? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $disable_security_tokens = <STDIN>;
+ if ( ( $disable_security_tokens =~ /^y\n/i ) || ( ( $disable_security_tokens =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $disable_security_tokens = 'true';
+ } else {
+ $disable_security_tokens = 'false';
+ }
+ return $disable_security_tokens;
+}
+
+
+
+# check_referrer (since 1.5.2)
+sub command321 {
+ print "This option allows you to enable referal checks for all page requests\n";
+ print "made to SquirrelMail. This can help ensure that page requests came\n";
+ print "from the same server and not from an attacker's site (usually the\n";
+ print "result of a XSS or phishing attack). To enable referal checking,\n";
+ print "this setting can be set to the domain where your SquirrelMail is\n";
+ print "being hosted (usually the same as the Domain setting under Server\n";
+ print "Settings). For example, it could be \"example.com\", or if you\n";
+ print "use a plugin (such as Login Manager) to host SquirrelMail on more\n";
+ print "than one domain, you can set this to \"###DOMAIN###\" to tell it\n";
+ print "to use the current domain.\n";
+ print "\n";
+ print "However, in some cases (where proxy servers are in use, etc.), the\n";
+ print "domain might be different.\n";
+ print "\n";
+ print "NOTE that referal checks are not foolproof - they can be spoofed by\n";
+ print "browsers, and some browsers intentionally don't send referal\n";
+ print "information (in which case, the check is silently bypassed)\n";
+ print "\n";
+
+ print "Referal requirement? [$WHT$check_referrer$NRM]: $WHT";
+ $new_check_referrer = <STDIN>;
+ chomp($new_check_referrer);
+ $check_referrer = $new_check_referrer;
+
+ return $check_referrer;
+}
+
+
+
+# use_transparent_security_image (since 1.5.2)
+sub command322 {
+ print "When HTML messages are being displayed, SquirrelMail's default behavior\n";
+ print "is to remove all remote images and replace them with a local one.\n";
+ print "\n";
+ print "This option allows you to specify whether the local image should contain\n";
+ print "text that indicates to the user that \"this image has been removed for\n";
+ print "security reasons\" (translated into most languages), or if it should be\n";
+ print "transparent.\n";
+ print "\n";
+
+ if ( lc($use_transparent_security_image) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Use transparent security image? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $use_transparent_security_image = <STDIN>;
+ if ( ( $use_transparent_security_image =~ /^y\n/i ) || ( ( $use_transparent_security_image =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $use_transparent_security_image = 'true';
+ } else {
+ $use_transparent_security_image = 'false';
+ }
+ return $use_transparent_security_image;
+}
+
+
+
+# display_imap_login_error (since 1.5.2)
+sub command323 {
+ print "Some IMAP servers return detailed information about why a login is\n";
+ print "being refused (the username or password could be invalid or there\n";
+ print "might be an administrative lock on the account).\n";
+ print "\n";
+ print "Enabling this option will cause SquirrelMail to display login failure\n";
+ print "messages directly from the IMAP server. When it is disabled, login\n";
+ print "failures are always reported to the user with the traditional \"Unknown\n";
+ print "user or password incorrect.\"\n";
+ print "\n";
+
+ if ( lc($display_imap_login_error) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Display login error messages directly from the IMAP server? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $display_imap_login_error = <STDIN>;
+ if ( ( $display_imap_login_error =~ /^y\n/i ) || ( ( $display_imap_login_error =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $display_imap_login_error = 'true';
+ } else {
+ $display_imap_login_error = 'false';
+ }
+ return $display_imap_login_error;
+}
+
+
+
sub command_userThemes {
print "\nDefine the user themes that you wish to use. If you have added\n";
print "a theme of your own, just follow the instructions (?) about\n";
print "[$WHT$addrbook_dsn$NRM]: $WHT";
$new_dsn = <STDIN>;
if ( $new_dsn eq "\n" ) {
- $new_dsn = "";
+ $new_dsn = $addrbook_dsn;
} else {
$new_dsn =~ s/[\r\n]//g;
$new_dsn =~ s/^\s+$//g;
print "[$WHT$prefs_dsn$NRM]: $WHT";
$new_dsn = <STDIN>;
if ( $new_dsn eq "\n" ) {
- $new_dsn = "";
+ $new_dsn = $prefs_dsn;
} else {
$new_dsn =~ s/[\r\n]//g;
$new_dsn =~ s/^\s+$//g;
sub command95 {
print "This is the name of the field in which you want to store the\n";
- print "username of the person the prefs are for. It default to 'user'\n";
- print "which clashes with a reserved keyword in PostgreSQL so this\n";
- print "will need to be changed for that database at least\n";
+ print "username of the person the prefs are for. It defaults to 'user'\n";
print "\n";
print "[$WHT$prefs_user_field$NRM]: $WHT";
$new_field = <STDIN>;
print "[$WHT$addrbook_global_dsn$NRM]: $WHT";
$new_dsn = <STDIN>;
if ( $new_dsn eq "\n" ) {
- $new_dsn = "";
+ $new_dsn = $addrbook_global_dsn;
} else {
$new_dsn =~ s/[\r\n]//g;
$new_dsn =~ s/^\s+$//g;
return $use_php_iconv;
}
-# configtest block
+# buffer output
sub commandB6 {
+ print "In some cases, buffering all output (holding it on the server until\n";
+ print "the full page is ready to send to the browser) allows more complex\n";
+ print "functionality, especially for plugins that want to add headers on hooks\n";
+ print "that are beyond the point of output having been sent to the browser\n";
+ print "otherwise. Most plugins that need this functionality will enable it\n";
+ print "automatically on their own, but you can turn it on manually here. You'd\n";
+ print "usually want to do this if you want to specify a custom output handler\n";
+ print "for parsing the output - you can do that by specifying a value for\n";
+ print "\$buffered_output_handler in config_local.php. Don't forget to define\n";
+ print "a function of the same name as what \$buffered_output_handler is set to.\n";
+ print "\n";
+
+ if ( lc($buffer_output) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Buffer all output? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $buffer_output = <STDIN>;
+ if ( ( $buffer_output =~ /^y\n/i ) || ( ( $buffer_output =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $buffer_output = 'true';
+ } else {
+ $buffer_output = 'false';
+ }
+ return $buffer_output;
+}
+
+# configtest block
+sub commandB7 {
print "Enable this option if you want to check SquirrelMail configuration\n";
print "remotely with configtest.php script.\n";
print "\n";
}
# Default Icon theme
-sub commandB7 {
+sub command53 {
print "You may change the path to the default icon theme to be used, if icons\n";
print "have been enabled. This theme will be used when an icon cannot be\n";
print "found in the current theme, or when no icon theme is specified. If\n";
print "1 " . ($sm_debug_mode & 1 ? "y" : " ")
. " Simple debugging (PHP E_ERROR)\n";
print "2 " . ($sm_debug_mode & 512 ? "y" : " ")
- . " Moderate debugging (PHP E_ALL)\n";
+ . " Moderate debugging (PHP E_ALL without E_STRICT)\n";
print "3 " . ($sm_debug_mode & 524288 ? "y" : " ")
- . " Advanced debugging (PHP E_ALL plus log errors\n";
- print " intentionally suppressed)\n";
+ . " Advanced debugging (PHP E_ALL (without E_STRICT) plus\n";
+ print " log errors intentionally suppressed)\n";
print "4 " . ($sm_debug_mode & 536870912 ? "y" : " ")
- . " Strict debugging (PHP E_STRICT)\n";
+ . " Strict debugging (PHP E_ALL and E_STRICT)\n";
print "\n";
print "SquirrelMail debug mode (0,1,2,3,4) or d when done? : $WHT";
return $secured_config;
}
+# Set a (non-standard) HTTPS port
+sub commandB10 {
+ print "If you run HTTPS (SSL-secured HTTP) on a non-standard port, you should\n";
+ print "indicate that port here. Even if you do not, SquirrelMail may still\n";
+ print "auto-detect secure connections, but it is safer and also very useful\n";
+ print "for third party plugins if you specify the port number here.\n";
+ print "\n";
+ print "Most SquirrelMail administrators will not need to use this setting\n";
+ print "because most all web servers use port 443 for HTTPS connections, and\n";
+ print "SquirrelMail assumes 443 unless something else is given here.\n";
+ print "\n";
+
+ print "Enter your HTTPS port [$sq_https_port]: ";
+ my $tmp = <STDIN>;
+ $tmp = trim($tmp);
+ # value is not modified, if user hits Enter or enters space
+ if ($tmp ne '') {
+ # make sure that input is numeric
+ if ($tmp =~ /^\d+$/) {
+ $sq_https_port = $tmp;
+ } else {
+ print "\n";
+ print "--- INPUT ERROR ---\n";
+ print "\n";
+ print "If you want to change this setting, you must enter a number.\n";
+ print "If you want to keep the original value, just press Enter.\n\n";
+ print "Press Enter to continue...";
+ $tmp = <STDIN>;
+ }
+ }
+ return $sq_https_port;
+}
+
+# Ignore HTTP_X_FORWARDED_* headers?
+sub commandB11 {
+
+ if ( lc($sq_ignore_http_x_forwarded_headers) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+
+ print "Because HTTP_X_FORWARDED_* headers can be sent by the client and\n";
+ print "therefore possibly exploited by an outsider, SquirrelMail ignores\n";
+ print "them by default. If a proxy server or other machine sits between\n";
+ print "clients and your SquirrelMail server, you can turn this off to\n";
+ print "tell SquirrelMail to use such headers.\n";
+ print "\n";
+
+ print "Ignore HTTP_X_FORWARDED headers? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $sq_ignore_http_x_forwarded_headers = <STDIN>;
+ if ( ( $sq_ignore_http_x_forwarded_headers =~ /^y\n/i ) || ( ( $sq_ignore_http_x_forwarded_headers =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $sq_ignore_http_x_forwarded_headers = 'true';
+ } else {
+ $sq_ignore_http_x_forwarded_headers = 'false';
+ }
+ return $sq_ignore_http_x_forwarded_headers;
+}
+
sub save_data {
$tab = " ";
if ( open( CF, ">config.php" ) ) {
# boolean
print CF "\$edit_name = $edit_name;\n";
# boolean
+ print CF "\$edit_reply_to = $edit_reply_to;\n";
+ # boolean
print CF "\$hide_auth_header = $hide_auth_header;\n";
# boolean
print CF "\$disable_thread_sort = $disable_thread_sort;\n";
# integer
print CF " 'search_tree' => $ldap_search_tree[$count]";
}
- if ( $ldap_listing[$count] ) {
+ if ( $ldap_starttls[$count] ) {
print CF ",\n";
# boolean
print CF " 'starttls' => $ldap_starttls[$count]";
print CF "\$smtp_sitewide_pass = '". quote_single($smtp_sitewide_pass) ."';\n";
# string
print CF "\$imap_auth_mech = '$imap_auth_mech';\n";
- # boolean
+ # integer
print CF "\$use_imap_tls = $use_imap_tls;\n";
- # boolean
+ # integer
print CF "\$use_smtp_tls = $use_smtp_tls;\n";
+ # boolean
+ print CF "\$display_imap_login_error = $display_imap_login_error;\n";
# string
print CF "\$session_name = '$session_name';\n";
# boolean
- print CF "\$only_secure_cookies = $only_secure_cookies;\n";
+ print CF "\$only_secure_cookies = $only_secure_cookies;\n";
+ print CF "\$disable_security_tokens = $disable_security_tokens;\n";
+
+ # string
+ print CF "\$check_referrer = '$check_referrer';\n";
+
+ # boolean
+ print CF "\$use_transparent_security_image = $use_transparent_security_image;\n";
print CF "\n";
print CF "\$use_php_iconv = $use_php_iconv;\n";
print CF "\n";
# boolean
+ print CF "\$buffer_output = $buffer_output;\n";
+ print CF "\n";
+ # boolean
print CF "\$allow_remote_configtest = $allow_remote_configtest;\n";
print CF "\$secured_config = $secured_config;\n";
+ # integer
+ print CF "\$sq_https_port = $sq_https_port;\n";
+ # boolean
+ print CF "\$sq_ignore_http_x_forwarded_headers = $sq_ignore_http_x_forwarded_headers;\n";
# (binary) integer or constant - convert integer
# values to constants before output
$sm_debug_mode = convert_debug_binary_integer_to_constants($sm_debug_mode);
$message = "\nIf you use IMAPdir depot, you must set default folder prefix to empty string.\n";
$continue = 1;
+ } elsif ( $server eq "gmail" ) {
+ $imap_server_type = "gmail";
+ $default_folder_prefix = "";
+ $trash_folder = "[Gmail]/Trash";
+ $default_move_to_trash = true;
+ $sent_folder = "[Gmail]/Sent Mail";
+ $draft_folder = "[Gmail]/Drafts";
+ $auto_create_special = false;
+ $show_prefix_option = false;
+ $default_sub_of_inbox = false;
+ $show_contain_subfolders_option = false;
+ $delete_folder = true;
+ $force_username_lowercase = false;
+ $optional_delimiter = "/";
+ $disp_default_folder_prefix = "<none>";
+ $domain = "gmail.com";
+ $imapServerAddress = "imap.gmail.com";
+ $imapPort = 993;
+ $use_imap_tls = 1;
+ $imap_auth_mech = "login";
+ $smtpServerAddress = "smtp.gmail.com";
+ $smtpPort = 465;
+ $pop_before_smtp = false;
+ $useSendmail = false;
+ $use_smtp_tls = 1;
+ $smtp_auth_mech = "login";
+ $continue = 1;
+
+ # Gmail changes system folder names (Drafts, Sent, Trash) out
+ # from under you when the user changes language settings
+ $message = "\nNOTE! When a user changes languages in Gmail's interface, the\n"
+ . "Drafts, Sent and Trash folder names are changed to localized\n"
+ . "versions thereof. To see those folders correctly in SquirrelMail,\n"
+ . "the user should change the SquirrelMail language to match.\n"
+ . "Moreover, SquirrelMail then needs to be told what folders to use\n"
+ . "for Drafts, Sent and Trash in Options --> Folder Preferences.\n"
+ . "These default settings will only correctly find the Sent, Trash\n"
+ . "and Drafts folders if both Gmail and SquirrelMail languages are\n"
+ . "set to English.\n\n"
+ . "Also note that in some regions (Europe?), the default folder\n"
+ . "names (see main menu selection 3. Folder Defaults) are different\n"
+ . "(they may need to have the prefix \"[Google Mail]\" instead of\n"
+ . "\"[Gmail]\") and \"Trash\" may be called \"Bin\" instead.\n";
+
} elsif ( $server eq "quit" ) {
$continue = 1;
} else {
# the SM directory tree, the SM_PATH variable will be
# prepended to the path, if not, then the path will be
# converted to an absolute path, e.g.
-# '../images/logo.gif' --> SM_PATH . 'images/logo.gif'
-# '../../someplace/data' --> '/absolute/path/someplace/data'
-# 'images/logo.gif' --> SM_PATH . 'config/images/logo.gif'
-# '/absolute/path/logo.gif' --> '/absolute/path/logo.gif'
-# 'http://whatever/' --> 'http://whatever'
-# $some_var/path --> "$some_var/path"
+# '../images/logo.gif' --> SM_PATH . 'images/logo.gif'
+# '../../someplace/data' --> '/absolute/path/someplace/data'
+# 'images/logo.gif' --> SM_PATH . 'config/images/logo.gif'
+# '/absolute/path/logo.gif' --> '/absolute/path/logo.gif'
+# 'C:\absolute\path\logo.gif' --> 'C:\absolute\path\logo.gif'
+# 'http://whatever/' --> 'http://whatever'
+# $some_var/path --> "$some_var/path"
sub change_to_SM_path() {
my ($old_path) = @_;
my $new_path = '';
# If the path is absolute, don't bother.
return "\'" . $old_path . "\'" if ( $old_path eq '');
return "\'" . $old_path . "\'" if ( $old_path =~ /^(\/|http)/ );
- return "\'" . $old_path . "\'" if ( $old_path =~ /^\w:\// );
+ return "\'" . $old_path . "\'" if ( $old_path =~ /^\w:(\\|\/)/ );
return $old_path if ( $old_path =~ /^\'(\/|http)/ );
return $old_path if ( $old_path =~ /^\'\w:\// );
return $old_path if ( $old_path =~ /^SM_PATH/);