X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=config%2Fconfig_default.php;h=0f080d0b8ee52846cc4e0d59fd2baa7c94f4df1d;hp=56f48cfbddde24960f3d01bb4c59527bf4648828;hb=69e110f3320c698f8ecc5a7f34ea9fac1caf3c39;hpb=8f557b942c5a3fb6663c349f4cc7d4a1c8aa4504 diff --git a/config/config_default.php b/config/config_default.php index 56f48cfb..0f080d0b 100644 --- a/config/config_default.php +++ b/config/config_default.php @@ -15,7 +15,7 @@ * passwords being leaked to e.g. other system users. Take extra care when * the webserver is shared with untrusted users. * - * @copyright © 2000-2007 The SquirrelMail Project Team + * @copyright 2000-2017 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -298,6 +298,15 @@ $smtp_sitewide_pass = ''; */ $imap_auth_mech = 'login'; +/** + * Show login error from the IMAP server (true) or show + * the traditional/generic "Unknown user or password + * incorrect" (false)? + * + * @global boolean $display_imap_login_error + */ +$display_imap_login_error = false; + /** * IMAP folder delimiter * @@ -592,15 +601,18 @@ $default_use_mdn = true; * Identity Controls * * If you don't want to allow users to change their email address - * then you can set $edit_identity to false, if you want them to + * then you can set $edit_identity to false; if you want them to * not be able to change their full name too then set $edit_name - * to false as well. $edit_name has no effect unless $edit_identity - * is false; + * to false as well. $edit_reply_to likewise controls users' ability + * to change their reply-to address. $edit_name and $edit_reply_to + * have no effect unless $edit_identity is false; * @global bool $edit_identity * @global bool $edit_name + * @global bool $edit_reply_to */ $edit_identity = true; $edit_name = true; +$edit_reply_to = true; /** * SquirrelMail adds username information to every sent email. @@ -673,6 +685,65 @@ $allow_advanced_search = 0; */ $session_name = 'SQMSESSID'; +/** + * Secure Cookies + * + * Only transmit cookies via a secure connection + * if the session was started using HTTPS/SSL? + * + * Highly recommended + * + * @global bool $only_secure_cookies + * @since 1.5.2 and 1.4.16 + */ +$only_secure_cookies = true; + +/** + * Secure Forms + * + * Disable security tokens used to authenticate the + * source of user data received by SquirrelMail? + * + * It is highly discouraged to enable this setting. + * + * @global bool $disable_security_tokens + * @since 1.5.2 and 1.4.20RC1 + */ +$disable_security_tokens = false; + +/** + * Check Page Referrer + * + * Enforces a safety check on page requests by checking + * that the referrer is the domain specified by this + * setting. If this setting is "###DOMAIN###", the + * current value of the $domain variable will be used + * for the check. + * + * If a browser doesn't send referrer data, this check + * will be silently bypassed. + * + * Examples: + * $check_referrer = 'example.com'; + * $check_referrer = '###DOMAIN###'; + * + * @global string $check_referrer + * @since 1.5.2 and 1.4.20RC1 + */ +$check_referrer = ''; + +/** + * Security Image Type + * + * Switches between using a transparent image + * and one that states "this image has been + * removed for security reasons" + * + * @global bool $use_transparent_security_image + * @since 1.5.2 and 1.4.23 + */ +$use_transparent_security_image = true; + /** * User Themes