From eee03efebb745b322c54f4fe0f379f617f411979 Mon Sep 17 00:00:00 2001
From: pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Mon, 2 Jan 2012 21:51:22 +0000
Subject: [PATCH] Document some previously added configuration parameters

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14256 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 config/config_default.php | 47 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/config/config_default.php b/config/config_default.php
index 9d8bd858..654c0eda 100644
--- a/config/config_default.php
+++ b/config/config_default.php
@@ -673,6 +673,53 @@ $allow_advanced_search = 0;
  */
 $session_name = 'SQMSESSID';
 
+/**
+ * Secure Cookies
+ *
+ * Only transmit cookies via a secure connection
+ * if the session was started using HTTPS/SSL?
+ *
+ * Highly recommended
+ *
+ * @global bool $only_secure_cookies
+ * @since 1.5.2 and 1.4.16
+ */
+$only_secure_cookies = true;
+
+/**
+ * Secure Forms
+ *
+ * Disable security tokens used to authenticate the
+ * source of user data received by SquirrelMail?
+ *
+ * It is highly discouraged to enable this setting.
+ *
+ * @global bool $disable_security_tokens
+ * @since 1.5.2 and 1.4.20RC1
+ */
+$disable_security_tokens = false;
+
+/**
+ * Check Page Referrer
+ *
+ * Enforces a safety check on page requests by checking
+ * that the referrer is the domain specified by this
+ * setting.  If this setting is "###DOMAIN###", the
+ * current value of the $domain variable will be used
+ * for the check.
+ *
+ * If a browser doesn't send referrer data, this check
+ * will be silently bypassed.
+ *
+ * Examples:
+ * $check_referrer = 'example.com';
+ * $check_referrer = '###DOMAIN###';
+ *
+ * @global string $check_referrer
+ * @since 1.5.2 and 1.4.20RC1
+ */
+$check_referrer = '';
+
 
 /**
  * User Themes
-- 
2.25.1