Add ability for administrator to control whether or not users can edit their reply-to address

config/conf.pl

@@ -426,6 +426,8 @@ $hide_sm_attributions = 'false'         if ( !$hide_sm_attributions );
 # since 1.2.5
 $edit_identity = 'true'                 if ( !$edit_identity );
 $edit_name = 'true'                     if ( !$edit_name );
+# since 1.4.23/1.5.2
+$edit_reply_to = 'true'                 if ( !$edit_reply_to );
 
 # since 1.4.0
 $use_smtp_tls= 'false'                  if ( !$use_smtp_tls);
@@ -732,6 +734,7 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) {
         print "8.  Allow use of receipts        : $WHT$default_use_mdn$NRM\n";
         print "9.  Allow editing of identity    : $WHT$edit_identity$NRM\n";
         print "    Allow editing of name        : $WHT$edit_name$NRM\n";
+        print "    Allow editing of reply-to    : $WHT$edit_reply_to$NRM\n";
         print "    Remove username from header  : $WHT$hide_auth_header$NRM\n";
         print "10. Disable server thread sort   : $WHT$disable_thread_sort$NRM\n";
         print "11. Disable server-side sorting  : $WHT$disable_server_sort$NRM\n";
@@ -2577,11 +2580,13 @@ sub command310 {
     if ( ( $new_edit =~ /^y\n/i ) || ( ( $new_edit =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
         $edit_identity = 'true';
         $edit_name = 'true';
-        $hide_auth_header = command311b();
+        $edit_reply_to = 'true';
+        $hide_auth_header = command311c();
     } else {
         $edit_identity = 'false';
         $edit_name = command311();
-        $hide_auth_header = command311b();
+        $edit_reply_to = command311b();
+        $hide_auth_header = command311c();
     }
     return $edit_identity;
 }
@@ -2609,6 +2614,28 @@ sub command311 {
 }
 
 sub command311b {
+    print "$NRM";
+    print "\n  Given that users are not allowed to modify their
+  email address, can they edit their reply-to address?
+
+  ";
+
+    if ( lc($edit_reply_to) eq 'true' ) {
+        $default_value = "y";
+    } else {
+        $default_value = "n";
+    }
+    print "Allow the user to edit their reply-to address? (y/n) [$WHT$default_value$NRM]: $WHT";
+    $new_edit = <STDIN>;
+    if ( ( $new_edit =~ /^y\n/i ) || ( ( $new_edit =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+        $edit_reply_to = 'true';
+    } else {
+        $edit_reply_to = 'false';
+    }
+    return $edit_reply_to;
+}
+
+sub command311c {
     print "$NRM";
     print "\n  SquirrelMail adds username information to every outgoing email in
   order to prevent possible sender forging by users that are allowed
@@ -5009,6 +5036,8 @@ sub save_data {
         # boolean
         print CF "\$edit_name                = $edit_name;\n";
         # boolean
+        print CF "\$edit_reply_to            = $edit_reply_to;\n";
+        # boolean
         print CF "\$hide_auth_header         = $hide_auth_header;\n";
         # boolean
         print CF "\$disable_thread_sort      = $disable_thread_sort;\n";

config/config_default.php

@@ -601,15 +601,18 @@ $default_use_mdn = true;
  * Identity Controls
  *
  * If you don't want to allow users to change their email address
- * then you can set $edit_identity to false, if you want them to
+ * then you can set $edit_identity to false; if you want them to
  * not be able to change their full name too then set $edit_name
- * to false as well. $edit_name has no effect unless $edit_identity
- * is false;
+ * to false as well. $edit_reply_to likewise controls users' ability
+ * to change their reply-to address. $edit_name and $edit_reply_to
+ * have no effect unless $edit_identity is false;
  * @global bool $edit_identity
  * @global bool $edit_name
+ * @global bool $edit_reply_to
  */
 $edit_identity = true;
 $edit_name = true;
+$edit_reply_to = true;
 
 /**
  * SquirrelMail adds username information to every sent email.

doc/ChangeLog

@@ -396,6 +396,8 @@ Version 1.5.2 - SVN
   - Prevent session lock-up caused by filters plugin trying to move
     messages in an account that is over quota.
   - Added MD5 alternative to directory hash calculation
+  - Added ability for administrator to control whether or not users
+    can edit their reply-to address ($edit_reply_to in config.php)
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

include/options/personal.php

@@ -34,7 +34,7 @@ define('SMOPT_GRP_TZ', 3);
  * @return array all option information
  */
 function load_optpage_data_personal() {
-    global $data_dir, $username, $edit_identity, $edit_name,
+    global $data_dir, $username, $edit_identity, $edit_name, $edit_reply_to,
            $full_name, $reply_to, $email_address, $signature, $tzChangeAllowed,
            $timeZone, $domain;
 
@@ -108,13 +108,26 @@ function load_optpage_data_personal() {
         );
     }
 
-    $optvals[SMOPT_GRP_CONTACT][] = array(
-        'name'    => 'reply_to',
-        'caption' => _("Reply To"),
-        'type'    => SMOPT_TYPE_STRING,
-        'refresh' => SMOPT_REFRESH_NONE,
-        'size'    => SMOPT_SIZE_HUGE
-    );
+    if ($edit_identity || $edit_reply_to) {
+        $optvals[SMOPT_GRP_CONTACT][] = array(
+            'name'    => 'reply_to',
+            'caption' => _("Reply To"),
+            'type'    => SMOPT_TYPE_STRING,
+            'refresh' => SMOPT_REFRESH_NONE,
+            'size'    => SMOPT_SIZE_HUGE
+        );
+    } else {
+//TODO: For many users, this is redundant to the email address above, especially if not editable -- so here instead of a comment, we could just hide it... in fact, that's what we'll do, but keep this code for posterity in case someone decides we shouldn't do this
+/*
+        $optvals[SMOPT_GRP_CONTACT][] = array(
+            'name'    => 'reply_to',
+            'caption' => _("Reply To"),
+            'type'    => SMOPT_TYPE_COMMENT,
+            'refresh' => SMOPT_REFRESH_NONE,
+            'comment' => sm_encode_html_special_chars($reply_to),
+        );
+*/
+    }
 
     $optvals[SMOPT_GRP_CONTACT][] = array(
         'name'    => 'signature',

plugins/administrator/defines.php

@@ -261,6 +261,7 @@ $defcfg = array( '$config_version' => array( 'name' => _("Config File Version"),
                  '$edit_identity' => array( 'name' => _("Allow editing of identities"),
                                             'type' => SMOPT_TYPE_BOOLEAN ),
                  '$edit_name' => array( 'name' => _("Allow editing of full name"),
+                 '$edit_reply_to' => array( 'name' => _("Allow editing of reply-to address"),
                                         'type' => SMOPT_TYPE_BOOLEAN ),
                  '$hide_auth_header' => array( 'name' => _("Remove username from headers"),
                                                'comment' => _("Used only when identities can't be modified"),