From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Tue, 22 Oct 2013 08:17:26 -0400 Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) --- plugins/password/config.inc.php.dist | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist index 8d7b433..e960bbe 100644 --- a/plugins/password/config.inc.php.dist +++ b/plugins/password/config.inc.php.dist @@ -25,6 +25,12 @@ // will be not available (no Password tab in Settings) $rcmail_config['password_login_exceptions'] = null; +// Array of hosts that support password changing. Default is NULL. +// Listed hosts will feature a Password option in Settings; others will not. +// Example: +//$rcmail_config['password_hosts'] = array('mail.example.com', 'mail2.example.org'); +$rcmail_config['password_hosts'] = null; + // SQL Driver options // ------------------ -- Gitblit v1.9.1