From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
config/main.inc.php.dist | 29 +++++++++++++++--------------
1 files changed, 15 insertions(+), 14 deletions(-)
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index 2bd9491..78007de 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -406,12 +406,6 @@
// Note: useful when SMTP server stores sent mail in user mailbox
$rcmail_config['no_save_sent_messages'] = false;
-// A static list of canned responses which are immutable for the user
-$rcmail_config['compose_responses_static'] = array(
-// array('name' => 'Canned Response 1', 'text' => 'Static Response One'),
-// array('name' => 'Canned Response 2', 'text' => 'Static Response Two'),
-);
-
// ----------------------------------
// PLUGINS
// ----------------------------------
@@ -607,6 +601,8 @@
// DN and password to bind as before searching for bind DN, if anonymous search is not allowed
'search_bind_dn' => '',
'search_bind_pw' => '',
+ // Optional map of replacement strings => attributes used when binding for an individual address book
+ 'search_bind_attrib' => array(), // e.g. array('%udc' => 'ou')
// Default for %dn variable if search doesn't return DN value
'search_dn_default' => '',
// Optional authentication identifier to be used as SASL authorization proxy
@@ -688,14 +684,19 @@
// if the groups base_dn is empty, the contact base_dn is used for the groups as well
// -> in this case, assure that groups and contacts are separated due to the concernig filters!
'groups' => array(
- 'base_dn' => '',
- 'scope' => 'sub', // Search mode: sub|base|list
- 'filter' => '(objectClass=groupOfNames)',
- 'object_classes' => array("top", "groupOfNames"),
- 'member_attr' => 'member', // Name of the member attribute, e.g. uniqueMember
- 'name_attr' => 'cn', // Attribute to be used as group name
- 'member_filter' => '(objectclass=*)', // Optional filter to use when querying for group members
- 'vlv' => false, // Use VLV controls to list groups
+ 'base_dn' => '',
+ 'scope' => 'sub', // Search mode: sub|base|list
+ 'filter' => '(objectClass=groupOfNames)',
+ 'object_classes' => array('top', 'groupOfNames'), // Object classes to be assigned to new groups
+ 'member_attr' => 'member', // Name of the default member attribute, e.g. uniqueMember
+ 'name_attr' => 'cn', // Attribute to be used as group name
+ 'email_attr' => 'mail', // Group email address attribute (e.g. for mailing lists)
+ 'member_filter' => '(objectclass=*)', // Optional filter to use when querying for group members
+ 'vlv' => false, // Use VLV controls to list groups
+ 'class_member_attr' => array( // Mapping of group object class to member attribute used in these objects
+ 'groupofnames' => 'member',
+ 'groupofuniquenames' => 'uniquemember'
+ ),
),
// this configuration replaces the regular groups listing in the directory tree with
// a hard-coded list of groups, each listing entries with the configured base DN and filter.
--
Gitblit v1.9.1