Document new config_local item for CVE-2019-12970
authorpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Wed, 24 Jul 2019 01:07:50 +0000 (01:07 +0000)
committerpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Wed, 24 Jul 2019 01:07:50 +0000 (01:07 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14830 7612ce4b-ef26-0410-bec9-ea0150e637f0

config/config_local.example.php

index 16bc47c..b141a5d 100644 (file)
  * $imap_id_command_args = array('remote-host' => '###REMOTE ADDRESS###');
  * $do_not_parse_imap_id_command_response = FALSE;
  *
+ * $remove_rcdata_rawtext_tags_and_content
+ * When displaying HTML-format email message content, a small
+ * number of HTML tags are parsed differently (RCDATA, RAWTEXT
+ * content), but can also be removed entirely (with their contents)
+ * if desired (in most cases, should be a safe thing with minimal
+ * impact).  This would be done as a fallback security measure and
+ * can be enabled by adding this here:
+ * $remove_rcdata_rawtext_tags_and_content = TRUE; 
+ *
  */