* passwords being leaked to e.g. other system users. Take extra care when
* the webserver is shared with untrusted users.
*
- * @copyright © 2000-2007 The SquirrelMail Project Team
+ * @copyright 2000-2019 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
*/
$imap_auth_mech = 'login';
+/**
+ * Show login error from the IMAP server (true) or show
+ * the traditional/generic "Unknown user or password
+ * incorrect" (false)?
+ *
+ * @global boolean $display_imap_login_error
+ */
+$display_imap_login_error = false;
+
/**
* IMAP folder delimiter
*
* Identity Controls
*
* If you don't want to allow users to change their email address
- * then you can set $edit_identity to false, if you want them to
+ * then you can set $edit_identity to false; if you want them to
* not be able to change their full name too then set $edit_name
- * to false as well. $edit_name has no effect unless $edit_identity
- * is false;
+ * to false as well. $edit_reply_to likewise controls users' ability
+ * to change their reply-to address. $edit_name and $edit_reply_to
+ * have no effect unless $edit_identity is false;
* @global bool $edit_identity
* @global bool $edit_name
+ * @global bool $edit_reply_to
*/
$edit_identity = true;
$edit_name = true;
+$edit_reply_to = true;
/**
* SquirrelMail adds username information to every sent email.
*/
$session_name = 'SQMSESSID';
+/**
+ * Secure Cookies
+ *
+ * Only transmit cookies via a secure connection
+ * if the session was started using HTTPS/SSL?
+ *
+ * Highly recommended
+ *
+ * @global bool $only_secure_cookies
+ * @since 1.5.2 and 1.4.16
+ */
+$only_secure_cookies = true;
+
+/**
+ * Secure Forms
+ *
+ * Disable security tokens used to authenticate the
+ * source of user data received by SquirrelMail?
+ *
+ * It is highly discouraged to enable this setting.
+ *
+ * @global bool $disable_security_tokens
+ * @since 1.5.2 and 1.4.20RC1
+ */
+$disable_security_tokens = false;
+
+/**
+ * Check Page Referrer
+ *
+ * Enforces a safety check on page requests by checking
+ * that the referrer is the domain specified by this
+ * setting. If this setting is "###DOMAIN###", the
+ * current value of the $domain variable will be used
+ * for the check.
+ *
+ * If a browser doesn't send referrer data, this check
+ * will be silently bypassed.
+ *
+ * Examples:
+ * $check_referrer = 'example.com';
+ * $check_referrer = '###DOMAIN###';
+ *
+ * @global string $check_referrer
+ * @since 1.5.2 and 1.4.20RC1
+ */
+$check_referrer = '';
+
+/**
+ * Security Image Type
+ *
+ * Switches between using a transparent image
+ * and one that states "this image has been
+ * removed for security reasons"
+ *
+ * @global bool $use_transparent_security_image
+ * @since 1.5.2 and 1.4.23
+ */
+$use_transparent_security_image = true;
+
/**
* User Themes
* being used. (Must be the "ID" of the desired
* template set)
*
+ * $rpc_templateset sets the skin that will be used by default
+ * when a user is making an RPC request. This
+ * does not usually need to be changed, but
+ * can be used to change the RPC protocol that
+ * is used to respond to RPC requets. (Must be
+ * the "ID" of the desired template set and
+ * should NOT be a template set that is included
+ * in the $aTemplateSet list; PLEASE NOTE that
+ * new RPC template sets should always be named
+ * "<skin name>_rpc", as SquirrelMail will assume
+ * any template sets ending in "_rpc" are intended
+ * for its RPC interface only)
+ *
* @global string $templateset_default
* @global string $templateset_fallback
+ * @global string $rpc_templateset
*/
$templateset_default = 'default';
$templateset_fallback = 'default';
+$rpc_templateset = 'default_rpc';
$aTemplateSet[0]['ID'] = 'default';
$aTemplateSet[0]['NAME'] = 'Default';
$use_php_iconv = false;
/**
+ * Output Buffering
+ *
+ * In some cases, buffering all output allows more complex functionality,
+ * especially for plugins that want to add headers on hooks that are beyond
+ * the point of output having been sent to the browser otherwise (although
+ * most plugins that need this feature will turn it on automatically by
+ * themselves).
+ *
+ * It is also possible to define a custom output handler as needed by special
+ * environments. If $buffered_output_handler is non-empty, a function named
+ * the same as the value of $buffered_output_handler should be defined in
+ * config_local.php.
+ *
+ */
+$buffer_output = false;
+$buffered_output_handler = '';
+
+/**
+ * Allow Remote configtest Access
+ *
* Controls remote configuration checks
* @global boolean $allow_remote_configtest
* @since 1.5.1
*/
$allow_remote_configtest = false;
+/**
+ * SquirrelMail Debug Mode
+ *
+ * Various debugging levels can be enabled using this setting.
+ * More than one mode can be used at once by combining them
+ * with pipes ("|"). See the SM_DEBUG_MODE_* constants in
+ * include/constants.php
+ */
+$sm_debug_mode = SM_DEBUG_MODE_OFF;
+
+/**
+ * "Secured Configuration" Mode
+ *
+ * Enable/disable "Secured Configuration" mode, wherein certain
+ * security-sensitive configuration settings are made immutable
+ * by other code.
+ */
+$secured_config = true;
+
+/**
+ * HTTPS Port
+ *
+ * This is the HTTPS (SSL-secured HTTP) port. It can be left empty,
+ * in which case SquirrelMail will assume the standard port 443.
+ * Make sure to set this correctly when serving HTTPS on a non-
+ * standard port.
+ */
+$sq_https_port = 443;
+
+/**
+ * Ignore HTTP_X_FORWARDED_* headers?
+ *
+ * Whether or not HTTP_X_FORWARDED_* headers are respected by
+ * SquirrelMail (or plugins).
+ */
+$sq_ignore_http_x_forwarded_headers = true;
+
/**
* Subscribe Listing Control
*