+# disable_security_tokens (since 1.5.2)
+sub command320 {
+ print "This option allows you to turn off the security checks in the forms\n";
+ print "that SquirrelMail generates. It is NOT RECOMMENDED that you disable\n";
+ print "this feature - otherwise, your users may be exposed to phishing and\n";
+ print "other attacks.\n";
+ print "Unless you know what you are doing, you should leave this set to \"NO\".\n";
+ print "\n";
+
+ if ( lc($disable_security_tokens) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Disable secure forms? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $disable_security_tokens = <STDIN>;
+ if ( ( $disable_security_tokens =~ /^y\n/i ) || ( ( $disable_security_tokens =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $disable_security_tokens = 'true';
+ } else {
+ $disable_security_tokens = 'false';
+ }
+ return $disable_security_tokens;
+}
+
+
+
+# check_referrer (since 1.5.2)
+sub command321 {
+ print "This option allows you to enable referal checks for all page requests\n";
+ print "made to SquirrelMail. This can help ensure that page requests came\n";
+ print "from the same server and not from an attacker's site (usually the\n";
+ print "result of a XSS or phishing attack). To enable referal checking,\n";
+ print "this setting can be set to the domain where your SquirrelMail is\n";
+ print "being hosted (usually the same as the Domain setting under Server\n";
+ print "Settings). For example, it could be \"example.com\", or if you\n";
+ print "use a plugin (such as Login Manager) to host SquirrelMail on more\n";
+ print "than one domain, you can set this to \"###DOMAIN###\" to tell it\n";
+ print "to use the current domain.\n";
+ print "\n";
+ print "However, in some cases (where proxy servers are in use, etc.), the\n";
+ print "domain might be different.\n";
+ print "\n";
+ print "NOTE that referal checks are not foolproof - they can be spoofed by\n";
+ print "browsers, and some browsers intentionally don't send referal\n";
+ print "information (in which case, the check is silently bypassed)\n";
+ print "\n";
+
+ print "Referal requirement? [$WHT$check_referrer$NRM]: $WHT";
+ $new_check_referrer = <STDIN>;
+ chomp($new_check_referrer);
+ $check_referrer = $new_check_referrer;
+
+ return $check_referrer;
+}
+
+
+
+# use_transparent_security_image (since 1.5.2)
+sub command322 {
+ print "When HTML messages are being displayed, SquirrelMail's default behavior\n";
+ print "is to remove all remote images and replace them with a local one.\n";
+ print "\n";
+ print "This option allows you to specify whether the local image should contain\n";
+ print "text that indicates to the user that \"this image has been removed for\n";
+ print "security reasons\" (translated into most languages), or if it should be\n";
+ print "transparent.\n";
+ print "\n";
+
+ if ( lc($use_transparent_security_image) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Use transparent security image? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $use_transparent_security_image = <STDIN>;
+ if ( ( $use_transparent_security_image =~ /^y\n/i ) || ( ( $use_transparent_security_image =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $use_transparent_security_image = 'true';
+ } else {
+ $use_transparent_security_image = 'false';
+ }
+ return $use_transparent_security_image;
+}
+
+
+
+# display_imap_login_error (since 1.5.2)
+sub command323 {
+ print "Some IMAP servers return detailed information about why a login is\n";
+ print "being refused (the username or password could be invalid or there\n";
+ print "might be an administrative lock on the account).\n";
+ print "\n";
+ print "Enabling this option will cause SquirrelMail to display login failure\n";
+ print "messages directly from the IMAP server. When it is disabled, login\n";
+ print "failures are always reported to the user with the traditional \"Unknown\n";
+ print "user or password incorrect.\"\n";
+ print "\n";
+
+ if ( lc($display_imap_login_error) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Display login error messages directly from the IMAP server? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $display_imap_login_error = <STDIN>;
+ if ( ( $display_imap_login_error =~ /^y\n/i ) || ( ( $display_imap_login_error =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $display_imap_login_error = 'true';
+ } else {
+ $display_imap_login_error = 'false';
+ }
+ return $display_imap_login_error;
+}
+
+
+
+# allow_svg_display (since 1.5.2)
+sub command324 {
+ print "Some email messages might contain SVG images or animations, however\n";
+ print "the power and dynamic nature of SVG objects may represent security or\n";
+ print "privacy vulnerabilities.\n";
+ print "\n";
+ print "Enabling this option will cause SquirrelMail to display any SVG objects\n";
+ print "included inline in email messages when they are viewed in HTML format.\n";
+ print "\n";
+
+ if ( lc($allow_svg_display) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Show inline SVG objects? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $allow_svg_display = <STDIN>;
+ if ( ( $allow_svg_display =~ /^y\n/i ) || ( ( $allow_svg_display =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $allow_svg_display = 'true';
+ } else {
+ $allow_svg_display = 'false';
+ }
+ return $allow_svg_display;
+}
+
+
+
+# block_svg_download (since 1.5.2)
+sub command325 {
+ print "Some email messages might contain SVG image or animation attachments,\n";
+ print "however even when downloaded, the power and dynamic nature of SVG\n";
+ print "objects may represent security or privacy vulnerabilities.\n";
+ print "\n";
+ print "Enabling this option will cause SquirrelMail to hide download links\n";
+ print "for any SVG objects attached to email messages, whereas disabling it\n";
+ print "will allow users to download such attachments as they see fit.\n";
+ print "\n";
+
+ if ( lc($block_svg_download) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Hide download links for SVG objects? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $block_svg_download = <STDIN>;
+ if ( ( $block_svg_download =~ /^y\n/i ) || ( ( $block_svg_download =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $block_svg_download = 'true';
+ } else {
+ $block_svg_download = 'false';
+ }
+ return $block_svg_download;
+}
+
+
+
+# fix_broken_base64_encoded_messages (since 1.5.2)
+sub command326 {
+ print "Some email messages might contain base64-encoded parts, and a very\n";
+ print "small number of unknown servers have been seen sending such\n";
+ print "messages in a malformed but recoverable manner.\n";
+ print "\n";
+ print "Enabling this option will cause SquirrelMail to detect and correct\n";
+ print "such messages at a slight cost in processing power. Chances are\n";
+ print "somewhat low that your users would ever receive such messages.\n";
+ print "\n";
+
+ if ( lc($fix_broken_base64_encoded_messages) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Fix broken base64-encoded messages? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $fix_broken_base64_encoded_messages = <STDIN>;
+ if ( ( $fix_broken_base64_encoded_messages =~ /^y\n/i ) || ( ( $fix_broken_base64_encoded_messages =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $fix_broken_base64_encoded_messages = 'true';
+ } else {
+ $fix_broken_base64_encoded_messages = 'false';
+ }
+ return $fix_broken_base64_encoded_messages;
+}
+
+
+
+####################################################################################
+#### THEMES ####