Remove data/ dir from distribution, update docs accordingly.

ChangeLog

@@ -434,6 +434,7 @@ Version 1.5.1 -- CVS
   - login_form hook changed from do_hook to concat_hook_function in order to
     place form elements before login button (#1245070).
   - Forwarding broken when not using compose in new window (#1222436).
+  - Drop data/ dir from distributed tarball.
 
 Version 1.5.0 - 2 February 2004
 -------------------------------

INSTALL

@@ -106,13 +106,14 @@ b. Setting up directories
   directories outside of your web tree.
 
   The data directory is used for storing user preferences, like
-  signature, name and theme. When unpacking the sources this directory
-  is created as data/ in your SquirrelMail directory. This directory
-  must be writable by the webserver. If your webserver is running as
-  the user "nobody" you can fix this by running:
+  signature, name and theme. You need to create this directory yourself.
+  Recommended location is under /var, for example:
+  /var/local/squirrelmail/data
+  This directory must be writable by the webserver. If your webserver is
+  running as the user "nobody" and group "nobody" you can fix this by
+  running:
 
-    $ chown -R nobody data
-    $ chgrp -R nobody data
+    $ chown -R nobody:nobody /path/to/your/datadir
 
   Keep in mind that with different installations, the web server could
   typically run as userid/groupid of nobody/nobody, nobody/nogroup,
@@ -134,8 +135,8 @@ b. Setting up directories
     $ chmod 730 SomeDirectory
 
   If you trust all the users on you system not to read mail they are
-  not supposed to read change the last line to chmod 777 SomeDirectory
-  or simply use /tmp as you attachments directory.
+  not supposed to read, you can simply use /tmp as you attachments
+  directory.
 
   If a user is aborting a mail but has uploaded some attachments to it
   the files will be lying around in this directory forever if you do not
@@ -143,7 +144,7 @@ b. Setting up directories
   deletes everything in the attachment directory.  Something similar
   to the following will be good enough:
 
-    $ cd /var/attach/directory
+    $ cd /var/local/squirrelmail/attach
     $ rm -f *
 
   However, this will delete attachments that are currently in use by people
@@ -157,7 +158,7 @@ b. Setting up directories
   attachment directory is the same as your data directory) might look like
   this:
 
-    $ rm `find /var/attach/directory -atime +2 | grep -v "\." | grep -v _`
+    $ rm `find /var/local/squirrelmail/attach -atime +2 | grep -v "\." | grep -v _`
 
   Remember to be careful with whatever method you do use, and to test out
   the command before it potentially wipes out everyone's preferences.

ReleaseNotes

@@ -26,6 +26,16 @@ Major updates
 as well as a new "save replies to the same folder as the original"
 option. 
 
+
+Data directory
+==============
+
+The directory data/ used to be included in our tarball. Since placing this
+dir under a web accessible directory is not very wise, we've decided to not
+pack it anymore; you need to create it yourself. Please choose a location
+that's safe, e.g. somewhere under /var.
+
+
 Reporting my favorite SquirrelMail 1.4 bug
 ==========================================
 

config/conf.pl

@@ -1921,9 +1921,10 @@ sub command216 {
 # Data directory
 sub command33a {
     print "Specify the location for your data directory.\n";
+    print "You need to create this directory yourself.\n";
     print "The path name can be absolute or relative (to the config directory).\n";
-    print "It doesn't matter.  Here are two examples:\n";
-    print "  Absolute:    /var/lib/squirrelmail/data/\n";
+    print "Here are two examples:\n";
+    print "  Absolute:    /var/local/squirrelmail/data/\n";
     print "  Relative:    ../data/\n";
     print "Relative paths to directories outside of the SquirrelMail distribution\n";
     print "will be converted to their absolute path equivalents in config.php.\n\n";
@@ -1952,9 +1953,9 @@ sub command33a {
 # Attachment directory
 sub command33b {
     print "Path to directory used for storing attachments while a mail is\n";
-    print "being sent. The path name can be absolute or relative (to the config directory).\n";
-    print "It doesn't matter.  Here are two examples:\n";
-    print "  Absolute:    /var/spool/squirrelmail/attach/\n";
+    print "being composed. The path name can be absolute or relative (to the\n";
+    print "config directory). Here are two examples:\n";
+    print "  Absolute:    /var/local/squirrelmail/attach/\n";
     print "  Relative:    ../attach/\n";
     print "Relative paths to directories outside of the SquirrelMail distribution\n";
     print "will be converted to their absolute path equivalents in config.php.\n\n";

config/config_default.php

@@ -425,21 +425,24 @@ $noselect_fix_enable = false;
 /**
  * Path to the data/ directory
  *
+ *   You need to create this directory yourself (see INSTALL).
+ *
  *   It is a possible security hole to have a writable directory
  *   under the web server's root directory (ex: /home/httpd/html).
- *   For this reason, it is possible to put the data directory
- *   anywhere you would like. The path name can be absolute or
- *   relative (to the config directory). It doesn't matter. Here
- *   are two examples:
+ *   The path name can be absolute or relative (to the config directory).
+ *   Here are two examples:
  *
  * Absolute:
- *   $data_dir = '/usr/local/squirrelmail/data/';
+ *   $data_dir = '/var/local/squirrelmail/data/';
  *
  * Relative (to main SM directory):
  *   $data_dir = SM_PATH . 'data/';
+ *   (NOT recommended: you need to secure apache to make sure these
+ *   files are not world readable)
+ *
  * @global string $data_dir
  */
-$data_dir = SM_PATH . 'data/';
+$data_dir = '/var/local/squirrelmail/data';
 
 /**
  * Attachments directory
@@ -452,8 +455,9 @@ $data_dir = SM_PATH . 'data/';
  *      list files in this directory. Confidential data might be laying
  *      around there.
  *    + Since the webserver is not able to list the files in the content
- *       is also impossible for the webserver to delete files lying around
- *       there for too long.
+ *      is also impossible for the webserver to delete files lying around
+ *      there for too long. You should have some script that deletes
+ *      left over temp files.
  *    + It should probably be another directory than data_dir.
  * @global string $attachment_dir
  */
@@ -1048,4 +1052,4 @@ $config_use_color = 2;
  * sent and regular output to begin, which will majorly screw
  * things up when we try to send more headers later.
  */
-?>
+?>

data/.cvsignore

@@ -1,3 +0,0 @@
-*.pref
-*.abook
-*.sig

data/.htaccess

@@ -1 +0,0 @@
-Deny from All

data/index.php

@@ -1,20 +0,0 @@
-<?php
-
-/**
- * index.php
- *
- * Copyright (c) 1999-2005 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
- * This file simply takes any attempt to view source files and sends those
- * people to the login screen. At this point no attempt is made to see if
- * the person is logged or not.
- *
- * $Id$
- */
-
-header("Location:../index.php");
-
-/* pretty impressive huh? */
-
-?>