Document new config_local item for CVE-2019-12970

author pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Wed, 24 Jul 2019 01:07:50 +0000 (01:07 +0000)

committer pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Wed, 24 Jul 2019 01:07:50 +0000 (01:07 +0000)
author pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Wed, 24 Jul 2019 01:07:50 +0000 (01:07 +0000)
committer pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Wed, 24 Jul 2019 01:07:50 +0000 (01:07 +0000)
diff --git a/config/config_local.example.php b/config/config_local.example.php

index 16bc47ceda5f2fd512e6372e9d210ea5fec6781e..b141a5d669f9714c36cb7befeb9056e8c83175ea 100644 (file)
--- a/config/config_local.example.php
+++ b/config/config_local.example.php
@@ -174,4 +174,13 @@
   * $imap_id_command_args = array('remote-host' => '###REMOTE ADDRESS###');
   * $do_not_parse_imap_id_command_response = FALSE;
   *
+ * $remove_rcdata_rawtext_tags_and_content
+ * When displaying HTML-format email message content, a small
+ * number of HTML tags are parsed differently (RCDATA, RAWTEXT
+ * content), but can also be removed entirely (with their contents)
+ * if desired (in most cases, should be a safe thing with minimal
+ * impact).  This would be done as a fallback security measure and
+ * can be enabled by adding this here:
+ * $remove_rcdata_rawtext_tags_and_content = TRUE; 
+ *
   */
author	pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Wed, 24 Jul 2019 01:07:50 +0000 (01:07 +0000)
committer	pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Wed, 24 Jul 2019 01:07:50 +0000 (01:07 +0000)