X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=config%2Fconfig_default.php;h=5beea9631280a38a19ae4b51f6d4e09fa51cf520;hp=67bcc8f78b38d7af240eef96ae5d501dd01ad526;hb=a9805897ba12de9a63b9a435ccbb49a027d86e4a;hpb=30460a05016c7e066ad7b28df7788539e4054a99

diff --git a/config/config_default.php b/config/config_default.php
index 67bcc8f7..5beea963 100644
--- a/config/config_default.php
+++ b/config/config_default.php
@@ -15,7 +15,7 @@
  * passwords being leaked to e.g. other system users. Take extra care when
  * the webserver is shared with untrusted users.
  *
- * @copyright 2000-2009 The SquirrelMail Project Team
+ * @copyright 2000-2014 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -298,6 +298,15 @@ $smtp_sitewide_pass = '';
  */
 $imap_auth_mech = 'login';
 
+/**
+ * Show login error from the IMAP server (true) or show
+ * the traditional/generic "Unknown user or password
+ * incorrect" (false)?
+ *
+ * @global boolean $display_imap_login_error
+ */
+$display_imap_login_error = false;
+
 /**
  * IMAP folder delimiter
  *
@@ -673,6 +682,65 @@ $allow_advanced_search = 0;
  */
 $session_name = 'SQMSESSID';
 
+/**
+ * Secure Cookies
+ *
+ * Only transmit cookies via a secure connection
+ * if the session was started using HTTPS/SSL?
+ *
+ * Highly recommended
+ *
+ * @global bool $only_secure_cookies
+ * @since 1.5.2 and 1.4.16
+ */
+$only_secure_cookies = true;
+
+/**
+ * Secure Forms
+ *
+ * Disable security tokens used to authenticate the
+ * source of user data received by SquirrelMail?
+ *
+ * It is highly discouraged to enable this setting.
+ *
+ * @global bool $disable_security_tokens
+ * @since 1.5.2 and 1.4.20RC1
+ */
+$disable_security_tokens = false;
+
+/**
+ * Check Page Referrer
+ *
+ * Enforces a safety check on page requests by checking
+ * that the referrer is the domain specified by this
+ * setting.  If this setting is "###DOMAIN###", the
+ * current value of the $domain variable will be used
+ * for the check.
+ *
+ * If a browser doesn't send referrer data, this check
+ * will be silently bypassed.
+ *
+ * Examples:
+ * $check_referrer = 'example.com';
+ * $check_referrer = '###DOMAIN###';
+ *
+ * @global string $check_referrer
+ * @since 1.5.2 and 1.4.20RC1
+ */
+$check_referrer = '';
+
+/**
+ * Security Image Type
+ *
+ * Switches between using a transparent image
+ * and one that states "this image has been
+ * removed for security reasons"
+ *
+ * @global bool $use_transparent_security_image
+ * @since 1.5.2 and 1.4.23
+ */
+$use_transparent_security_image = true;
+
 
 /**
  * User Themes