From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 INSTALL |   27 +++++++++++----------------
 1 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/INSTALL b/INSTALL
index 326ef88..51dbfd8 100644
--- a/INSTALL
+++ b/INSTALL
@@ -34,7 +34,7 @@
    - magic_quotes_runtime disabled
    - magic_quotes_sybase disabled
 * PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker
-* A MySQL (4.0.8 or newer), PostgreSQL, MSSQL database engine
+* A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine
   or SQLite support in PHP
 * One of the above databases with permission to create tables
 * An SMTP server (recommended) or PHP configured for mail delivery
@@ -95,18 +95,9 @@
 
 * SQLite
 --------
-You need sqlite 2 (preferably 2.8) to setup the sqlite db 
-(sqlite 3.x also doesn't work at the moment). Here is
-an example how you can setup the sqlite.db for roundcube:
-
-# sqlite -init SQL/sqlite.initial.sql sqlite.db
-Loading resources from SQL/sqlite.initial.sql
-SQLite version 2.8.16
-Enter ".help" for instructions
-sqlite> .exit
-# chmod o+rw sqlite.db
-
-Make sure your configuration points to the sqlite.db file and that the
+Versions of sqlite database engine older than 3 aren't supported.
+Database file and structure is created automatically by Roundcube.
+Make sure your configuration points to some file location and that the
 webserver can write to the file and the directory containing the file.
 
 
@@ -129,9 +120,15 @@
 using that version you'll have to change ownership of the DB later.
 
 
+* Microsoft SQL Server
+----------------------
+Language/locale of the database must be set to us_english (1033). More info
+on this at http://trac.roundcube.net/ticket/1488918.
+
+
 Database cleaning
 -----------------
-Do keep your database slick and clean we recommend to periodically execute
+To keep your database slick and clean we recommend to periodically execute
 bin/cleandb.sh which finally removes all records that are marked as deleted.
 Best solution is to install a cronjob running this script daily.
 
@@ -232,5 +229,3 @@
 
     compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css", "text/xml", "image/gif", "image/png")
 }
-
-

--
Gitblit v1.9.1