# HG changeset patch
# User Charlie Root
# Date 1546078228 18000
# Node ID a36beb7d3ea2ec15f3ac026566d912aadda4b7cb
# Parent  05c4c32948af818eb055bb6054d5757112104be2
minor stuff left-over from january

diff -r 05c4c32948af -r a36beb7d3ea2 .htaccess
--- a/.htaccess	Thu Aug 30 16:21:59 2018 -0400
+++ b/.htaccess	Sat Dec 29 05:10:28 2018 -0500
@@ -1,89 +1,1 @@
-# WARNING: For PHP 7 the module name in the line below need to be modified!
-<IfModule mod_php5.c>
-php_flag    display_errors  Off
-php_flag    log_errors      On
-# php_value    error_log    logs/errors
-
-php_value   upload_max_filesize   5M
-php_value   post_max_size         6M
-php_value   memory_limit          64M
-
-php_flag    zlib.output_compression     Off
-php_flag    suhosin.session.encrypt     Off
-
-#php_value   session.cookie_path     /
-#php_value   session.hash_function   sha256
-php_flag    session.auto_start       Off
-php_value   session.gc_maxlifetime   21600
-php_value   session.gc_divisor       500
-php_value   session.gc_probability   1
-</IfModule>
-
-<IfModule mod_rewrite.c>
-Options +SymLinksIfOwnerMatch
-RewriteEngine On
-RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
-
-# security rules:
-# - deny access to files not containing a dot or starting with a dot
-#   in all locations except installer directory
-RewriteRule ^(?!installer|\.well-known\/|[a-zA-Z0-9]{16})(\.?[^\.]+)$ - [F]
-# - deny access to some locations
-RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
-# - deny access to composer binaries
-RewriteRule ^/vendor\/bin\/.* - [F]
-# - deny access to some documentation files
-RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml|jsdeps.json|Dockerfile)$ - [F]
-</IfModule>
-
-<IfModule mod_deflate.c>
-SetOutputFilter DEFLATE
-</IfModule>
-
-<IfModule mod_expires.c>
-ExpiresActive On
-ExpiresDefault "access plus 1 month"
-</IfModule>
-
-FileETag MTime Size
-
-<IfModule mod_autoindex.c>
-Options -Indexes
-</ifModule>
-
-<IfModule mod_headers.c>
-# Disable page indexing
-Header set X-Robots-Tag "noindex, nofollow"
-
-# replace 'append' with 'merge' for Apache version 2.2.9 and later
-#Header append Cache-Control public env=!NO_CACHE
-
-# Optional security header
-# Only increased security if the browser support those features
-# Be careful! Testing is required! They should be adusted to your intallation / user environment
-
-# HSTS - HTTP Strict Transport Security
-#Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS
-
-# HPKP - HTTP Public Key Pinning
-# Only template - fill with your values
-#Header always set Public-Key-Pins "max-age=3600; report-uri=\"\"; pin-sha256=\"\"; pin-sha256=\"\"" env=HTTPS
-
-# X-Xss-Protection
-# This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit). 
-#Header set X-XSS-Protection "1; mode=block"
-
-# X-Frame-Options
-# The X-Frame-Options header (RFC), or XFO header, protects your visitors against clickjacking attacks
-# Already set by php code! Do not activate both options
-#Header set X-Frame-Options SAMEORIGIN
-
-# X-Content-Type-Options
-# It prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server.
-#Header set X-Content-Type-Options: "nosniff"
-
-# CSP - Content Security Policy
-# for better privacy/security ask browsers to not set the Referer
-# more flags for script, stylesheets and images available, read RFC for more information
-#Header set Content-Security-Policy "referrer no-referrer"
-</IfModule>
+/etc/roundcube/htaccess
\ No newline at end of file
diff -r 05c4c32948af -r a36beb7d3ea2 index.php
--- a/index.php	Thu Aug 30 16:21:59 2018 -0400
+++ b/index.php	Sat Dec 29 05:10:28 2018 -0500
@@ -1,326 +1,1 @@
-<?php
-/**
- +-------------------------------------------------------------------------+
- | Roundcube Webmail IMAP Client                                           |
- | Version 1.3.3                                                           |
- |                                                                         |
- | Copyright (C) 2005-2017, The Roundcube Dev Team                         |
- |                                                                         |
- | This program is free software: you can redistribute it and/or modify    |
- | it under the terms of the GNU General Public License (with exceptions   |
- | for skins & plugins) as published by the Free Software Foundation,      |
- | either version 3 of the License, or (at your option) any later version. |
- |                                                                         |
- | This file forms part of the Roundcube Webmail Software for which the    |
- | following exception is added: Plugins and Skins which merely make       |
- | function calls to the Roundcube Webmail Software, and for that purpose  |
- | include it by reference shall not be considered modifications of        |
- | the software.                                                           |
- |                                                                         |
- | If you wish to use this file in another project or create a modified    |
- | version that will not be part of the Roundcube Webmail Software, you    |
- | may remove the exception above and use this source code under the       |
- | original version of the license.                                        |
- |                                                                         |
- | This program is distributed in the hope that it will be useful,         |
- | but WITHOUT ANY WARRANTY; without even the implied warranty of          |
- | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the            |
- | GNU General Public License for more details.                            |
- |                                                                         |
- | You should have received a copy of the GNU General Public License       |
- | along with this program.  If not, see http://www.gnu.org/licenses/.     |
- |                                                                         |
- +-------------------------------------------------------------------------+
- | Author: Thomas Bruederli <roundcube@gmail.com>                          |
- | Author: Aleksander Machniak <alec@alec.pl>                              |
- +-------------------------------------------------------------------------+
-*/
-
-// include environment
-require_once 'program/include/iniset.php';
-
-// init application, start session, init output class, etc.
-$RCMAIL = rcmail::get_instance(0, $GLOBALS['env']);
-
-// Make the whole PHP output non-cacheable (#1487797)
-$RCMAIL->output->nocacheing_headers();
-$RCMAIL->output->common_headers();
-
-// turn on output buffering
-ob_start();
-
-// check if config files had errors
-if ($err_str = $RCMAIL->config->get_error()) {
-    rcmail::raise_error(array(
-        'code' => 601,
-        'type' => 'php',
-        'message' => $err_str), false, true);
-}
-
-// check DB connections and exit on failure
-if ($err_str = $RCMAIL->db->is_error()) {
-    rcmail::raise_error(array(
-        'code' => 603,
-        'type' => 'db',
-        'message' => $err_str), false, true);
-}
-
-// error steps
-if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) {
-    rcmail::raise_error(array('code' => hexdec($_GET['_code'])), false, true);
-}
-
-// check if https is required (for login) and redirect if necessary
-if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
-    // force_https can be true, <hostname>, <hostname>:<port>, <port>
-    if (!is_bool($force_https)) {
-        list($host, $port) = explode(':', $force_https);
-
-        if (is_numeric($host) && empty($port)) {
-            $port = $host;
-            $host = '';
-        }
-    }
-
-    if (!rcube_utils::https_check($port ?: 443)) {
-        if (empty($host)) {
-            $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
-        }
-        if ($port && $port != 443) {
-            $host .= ':' . $port;
-        }
-
-        header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
-        exit;
-    }
-}
-
-// trigger startup plugin hook
-$startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
-$RCMAIL->set_task($startup['task']);
-$RCMAIL->action = $startup['action'];
-
-// try to log in
-if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
-    $request_valid = $_SESSION['temp'] && $RCMAIL->check_request();
-    $pass_charset  = $RCMAIL->config->get('password_charset', 'ISO-8859-1');
-
-    // purge the session in case of new login when a session already exists
-    $RCMAIL->kill_session();
-
-    $auth = $RCMAIL->plugins->exec_hook('authenticate', array(
-            'host'  => $RCMAIL->autoselect_host(),
-            'user'  => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)),
-            'pass'  => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true, $pass_charset),
-            'valid' => $request_valid,
-            'cookiecheck' => true,
-    ));
-
-    // Login
-    if ($auth['valid'] && !$auth['abort']
-        && $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
-    ) {
-        // create new session ID, don't destroy the current session
-        // it was destroyed already by $RCMAIL->kill_session() above
-        $RCMAIL->session->remove('temp');
-        $RCMAIL->session->regenerate_id(false);
-
-        // send auth cookie if necessary
-        $RCMAIL->session->set_auth_cookie();
-
-        // log successful login
-        $RCMAIL->log_login();
-
-        // restore original request parameters
-        $query = array();
-        if ($url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST)) {
-            parse_str($url, $query);
-
-            // prevent endless looping on login page
-            if ($query['_task'] == 'login') {
-                unset($query['_task']);
-            }
-
-            // prevent redirect to compose with specified ID (#1488226)
-            if ($query['_action'] == 'compose' && !empty($query['_id'])) {
-                $query = array('_action' => 'compose');
-            }
-        }
-
-        // allow plugins to control the redirect url after login success
-        $redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
-        unset($redir['abort'], $redir['_err']);
-
-        // send redirect
-        $OUTPUT->redirect($redir, 0, true);
-    }
-    else {
-        if (!$auth['valid']) {
-            $error_code = rcmail::ERROR_INVALID_REQUEST;
-        }
-        else {
-            $error_code = is_numeric($auth['error']) ? $auth['error'] : $RCMAIL->login_error();
-        }
-
-        $error_labels = array(
-            rcmail::ERROR_STORAGE          => 'storageerror',
-            rcmail::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
-            rcmail::ERROR_INVALID_REQUEST  => 'invalidrequest',
-            rcmail::ERROR_INVALID_HOST     => 'invalidhost',
-            rcmail::ERROR_RATE_LIMIT       => 'accountlocked',
-        );
-
-        $error_message = !empty($auth['error']) && !is_numeric($auth['error']) ? $auth['error'] : ($error_labels[$error_code] ?: 'loginfailed');
-
-        $OUTPUT->show_message($error_message, 'warning');
-
-        // log failed login
-        $RCMAIL->log_login($auth['user'], true, $error_code);
-
-        $RCMAIL->plugins->exec_hook('login_failed', array(
-            'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
-
-        $RCMAIL->kill_session();
-    }
-}
-
-// end session
-else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) {
-    $RCMAIL->request_security_check($mode = rcube_utils::INPUT_GET);
-
-    $userdata = array(
-        'user' => $_SESSION['username'],
-        'host' => $_SESSION['storage_host'],
-        'lang' => $RCMAIL->user->language,
-    );
-
-    $OUTPUT->show_message('loggedout');
-
-    $RCMAIL->logout_actions();
-    $RCMAIL->kill_session();
-    $RCMAIL->plugins->exec_hook('logout_after', $userdata);
-}
-
-// check session and auth cookie
-else if ($RCMAIL->task != 'login' && $_SESSION['user_id']) {
-    if (!$RCMAIL->session->check_auth()) {
-        $RCMAIL->kill_session();
-        $session_error = true;
-    }
-}
-
-// not logged in -> show login page
-if (empty($RCMAIL->user->ID)) {
-    // log session failures
-    $task = rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC);
-
-    if ($task && !in_array($task, array('login','logout'))
-        && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])
-    ) {
-        $RCMAIL->session->log("Aborted session $sess_id; no valid session data found");
-        $session_error = true;
-    }
-
-    if ($session_error || $_REQUEST['_err'] == 'session') {
-        $OUTPUT->show_message('sessionerror', 'error', null, true, -1);
-    }
-
-    if ($OUTPUT->ajax_call || $OUTPUT->get_env('framed')) {
-        $OUTPUT->command('session_error', $RCMAIL->url(array('_err' => 'session')));
-        $OUTPUT->send('iframe');
-    }
-
-    // check if installer is still active
-    if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
-        $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
-            html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
-            html::p(null, "The install script of your Roundcube installation is still stored in its default location!") .
-            html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because
-                these files may expose sensitive configuration data like server passwords and encryption keys
-                to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
-        ));
-    }
-
-    $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array('task' => 'login', 'error' => $session_error));
-
-    $RCMAIL->set_task($plugin['task']);
-
-    $OUTPUT->send($plugin['task']);
-}
-else {
-    // CSRF prevention
-    $RCMAIL->request_security_check();
-
-    // check access to disabled actions
-    $disabled_actions = (array) $RCMAIL->config->get('disabled_actions');
-    if (in_array($RCMAIL->task . '.' . ($RCMAIL->action ?: 'index'), $disabled_actions)) {
-        rcube::raise_error(array(
-            'code' => 404, 'type' => 'php',
-            'message' => "Action disabled"), true, true);
-    }
-}
-
-// we're ready, user is authenticated and the request is safe
-$plugin = $RCMAIL->plugins->exec_hook('ready', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
-$RCMAIL->set_task($plugin['task']);
-$RCMAIL->action = $plugin['action'];
-
-// handle special actions
-if ($RCMAIL->action == 'keep-alive') {
-    $OUTPUT->reset();
-    $RCMAIL->plugins->exec_hook('keep_alive', array());
-    $OUTPUT->send();
-}
-else if ($RCMAIL->action == 'save-pref') {
-    include INSTALL_PATH . 'program/steps/utils/save_pref.inc';
-}
-
-
-// include task specific functions
-if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc')) {
-    include_once $incfile;
-}
-
-// allow 5 "redirects" to another action
-$redirects = 0; $incstep = null;
-while ($redirects < 5) {
-    // execute a plugin action
-    if (preg_match('/^plugin\./', $RCMAIL->action)) {
-        $RCMAIL->plugins->exec_action($RCMAIL->action);
-        break;
-    }
-    // execute action registered to a plugin task
-    else if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
-        if (!$RCMAIL->action) $RCMAIL->action = 'index';
-        $RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
-        break;
-    }
-    // try to include the step file
-    else if (($stepfile = $RCMAIL->get_action_file())
-        && is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
-    ) {
-        // include action file only once (in case it don't exit)
-        include_once $incfile;
-        $redirects++;
-    }
-    else {
-      #rcube::write_log('mail',$incfile." not found");
-        break;
-    }
-}
-
-if ($RCMAIL->action == 'refresh') {
-    $RCMAIL->plugins->exec_hook('refresh', array('last' => intval(rcube_utils::get_input_value('_last', rcube_utils::INPUT_GPC))));
-}
-
-#rcube::write_log('mail',"task: ".$RCMAIL->task." action: ".$RCMAIL->action);
-// parse main template (default)
-$OUTPUT->send($RCMAIL->task);
-
-// if we arrive here, something went wrong
-rcmail::raise_error(array(
-    'code' => 404,
-    'type' => 'php',
-    'line' => __LINE__,
-    'file' => __FILE__,
-    'message' => "Invalid request"), true, true);
+/usr/share/roundcube/index.php
\ No newline at end of file
diff -r 05c4c32948af -r a36beb7d3ea2 plugins/password/config.inc.php
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/plugins/password/config.inc.php	Sat Dec 29 05:10:28 2018 -0500
@@ -0,0 +1,483 @@
+<?php
+
+// Password Plugin options
+// -----------------------
+// A driver to use for password change. Default: "sql".
+// See README file for list of supported driver names.
+$config['password_driver'] = 'sql';
+
+// Determine whether current password is required to change password.
+// Default: false.
+$config['password_confirm_current'] = true;
+
+// Require the new password to be a certain length.
+// set to blank to allow passwords of any length
+$config['password_minimum_length'] = 0;
+
+// Require the new password to contain a letter and punctuation character
+// Change to false to remove this check.
+$config['password_require_nonalpha'] = false;
+
+// Enables logging of password changes into logs/password
+$config['password_log'] = false;
+
+// Comma-separated list of login exceptions for which password change
+// will be not available (no Password tab in Settings)
+$config['password_login_exceptions'] = null;
+
+// Array of hosts that support password changing.
+// Listed hosts will feature a Password option in Settings; others will not.
+// Example: array('mail.example.com', 'mail2.example.org');
+// Default is NULL (all hosts supported).
+$config['password_hosts'] = null;
+
+// Enables saving the new password even if it matches the old password. Useful
+// for upgrading the stored passwords after the encryption scheme has changed.
+$config['password_force_save'] = false;
+
+// Enables forcing new users to change their password at their first login.
+$config['password_force_new_user'] = false;
+
+// Default password hashing/crypting algorithm.
+// Possible options: des-crypt, ext-des-crypt, md5-crypt, blowfish-crypt,
+// sha256-crypt, sha512-crypt, md5, sha, smd5, ssha, samba, ad, dovecot, clear.
+// For details see password::hash_password() method.
+$config['password_algorithm'] = 'clear';
+
+// Password prefix (e.g. {CRYPT}, {SHA}) for passwords generated
+// using password_algorithm above. Default: empty.
+$config['password_algorithm_prefix'] = '';
+
+// Path for dovecotpw/doveadm-pw (if not in the $PATH).
+// Used for password_algorithm = 'dovecot'.
+$config['password_dovecotpw'] = '/usr/doveadm pw'; // for dovecot-2.x
+//$config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw'; // for dovecot-1.x
+
+// Dovecot password scheme.
+// Used for password_algorithm = 'dovecot'.
+$config['password_dovecotpw_method'] = 'CRAM-MD5';
+
+// Enables use of password with method prefix, e.g. {MD5}$1$LUiMYWqx$fEkg/ggr/L6Mb2X7be4i1/
+// when using password_algorithm=dovecot
+$config['password_dovecotpw_with_method'] = false;
+
+// Iteration count parameter for Blowfish-based hashing algo.
+// It must be between 4 and 31. Default: 12.
+// Be aware, the higher the value, the longer it takes to generate the password hashes.
+$config['password_blowfish_cost'] = 12;
+
+// Number of rounds for the sha256 and sha512 crypt hashing algorithms.
+// Must be at least 1000. If not set, then the number of rounds is left up
+// to the crypt() implementation. On glibc this defaults to 5000.
+// Be aware, the higher the value, the longer it takes to generate the password hashes.
+//$config['password_crypt_rounds'] = 50000;
+
+// This option temporarily disables the password change functionality.
+// Use it when the users database server is in maintenance mode or sth like that.
+// You can set it to TRUE/FALSE or a text describing the reason
+// which will replace the default.
+$config['password_disabled'] = false;
+
+
+// SQL Driver options
+// ------------------
+// PEAR database DSN for performing the query. By default
+// Roundcube DB settings are used.
+$config['password_db_dsn'] = '';
+
+// The SQL query used to change the password.
+// The query can contain the following macros that will be expanded as follows:
+//      %p is replaced with the plaintext new password
+//      %P is replaced with the crypted/hashed new password
+//         according to configured password_method
+//      %o is replaced with the old (current) password
+//      %O is replaced with the crypted/hashed old (current) password
+//         according to configured password_method
+//      %h is replaced with the imap host (from the session info)
+//      %u is replaced with the username (from the session info)
+//      %l is replaced with the local part of the username
+//         (in case the username is an email address)
+//      %d is replaced with the domain part of the username
+//         (in case the username is an email address)
+// Deprecated macros:
+//      %c is replaced with the crypt version of the new password, MD5 if available
+//         otherwise DES. More hash function can be enabled using the password_crypt_hash
+//         configuration parameter.
+//      %D is replaced with the dovecotpw-crypted version of the new password
+//      %n is replaced with the hashed version of the new password
+//      %q is replaced with the hashed password before the change
+// Escaping of macros is handled by this module.
+// Default: "SELECT update_passwd(%c, %u)"
+$config['password_query'] = 'SELECT update_passwd(%c, %u)';
+
+// By default the crypt() function which is used to create the %c
+// parameter uses the md5 algorithm (deprecated, use %P).
+// You can choose between: des, md5, blowfish, sha256, sha512.
+$config['password_crypt_hash'] = 'md5';
+
+// By default domains in variables are using unicode.
+// Enable this option to use punycoded names
+$config['password_idn_ascii'] = false;
+
+// Using a password hash for %n and %q variables (deprecated, use %P).
+// Determine which hashing algorithm should be used to generate
+// the hashed new and current password for using them within the
+// SQL query. Requires PHP's 'hash' extension.
+$config['password_hash_algorithm'] = 'sha1';
+
+// You can also decide whether the hash should be provided
+// as hex string or in base64 encoded format.
+$config['password_hash_base64'] = false;
+
+
+// Poppassd Driver options
+// -----------------------
+// The host which changes the password (default: localhost)
+// Supported replacement variables:
+//   %n - hostname ($_SERVER['SERVER_NAME'])
+//   %t - hostname without the first part
+//   %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
+//   %h - IMAP host
+//   %z - IMAP domain without first part
+//   %s - domain name after the '@' from e-mail address provided at login screen
+$config['password_pop_host'] = 'localhost';
+
+// TCP port used for poppassd connections (default: 106)
+$config['password_pop_port'] = 106;
+
+
+// SASL Driver options
+// -------------------
+// Additional arguments for the saslpasswd2 call
+$config['password_saslpasswd_args'] = '';
+
+
+// LDAP and LDAP_SIMPLE Driver options
+// -----------------------------------
+// LDAP server name to connect to. 
+// You can provide one or several hosts in an array in which case the hosts are tried from left to right.
+// Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com');
+// Default: 'localhost'
+$config['password_ldap_host'] = 'localhost';
+
+// LDAP server port to connect to
+// Default: '389'
+$config['password_ldap_port'] = '389';
+
+// TLS is started after connecting
+// Using TLS for password modification is recommended.
+// Default: false
+$config['password_ldap_starttls'] = false;
+
+// LDAP version
+// Default: '3'
+$config['password_ldap_version'] = '3';
+
+// LDAP base name (root directory)
+// Exemple: 'dc=exemple,dc=com'
+$config['password_ldap_basedn'] = 'dc=exemple,dc=com';
+
+// LDAP connection method
+// There are two connection methods for changing a user's LDAP password.
+// 'user': use user credential (recommended, require password_confirm_current=true)
+// 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
+// Default: 'user'
+$config['password_ldap_method'] = 'user';
+
+// LDAP Admin DN
+// Used only in admin connection mode
+// Default: null
+$config['password_ldap_adminDN'] = null;
+
+// LDAP Admin Password
+// Used only in admin connection mode
+// Default: null
+$config['password_ldap_adminPW'] = null;
+
+// LDAP user DN mask
+// The user's DN is mandatory and as we only have his login,
+// we need to re-create his DN using a mask
+// '%login' will be replaced by the current roundcube user's login
+// '%name' will be replaced by the current roundcube user's name part
+// '%domain' will be replaced by the current roundcube user's domain part
+// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
+// Exemple: 'uid=%login,ou=people,dc=exemple,dc=com'
+$config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com';
+
+// LDAP search DN
+// The DN roundcube should bind with to find out user's DN
+// based on his login. Note that you should comment out the default
+// password_ldap_userDN_mask setting for this to take effect.
+// Use this if you cannot specify a general template for user DN with
+// password_ldap_userDN_mask. You need to perform a search based on
+// users login to find his DN instead. A common reason might be that
+// your users are placed under different ou's like engineering or
+// sales which cannot be derived from their login only.
+$config['password_ldap_searchDN'] = 'cn=roundcube,ou=services,dc=example,dc=com';
+
+// LDAP search password
+// If password_ldap_searchDN is set, the password to use for
+// binding to search for user's DN. Note that you should comment out the default
+// password_ldap_userDN_mask setting for this to take effect.
+// Warning: Be sure to set approperiate permissions on this file so this password
+// is only accesible to roundcube and don't forget to restrict roundcube's access to
+// your directory as much as possible using ACLs. Should this password be compromised
+// you want to minimize the damage.
+$config['password_ldap_searchPW'] = 'secret';
+
+// LDAP search base
+// If password_ldap_searchDN is set, the base to search in using the filter below.
+// Note that you should comment out the default password_ldap_userDN_mask setting
+// for this to take effect.
+$config['password_ldap_search_base'] = 'ou=people,dc=example,dc=com';
+
+// LDAP search filter
+// If password_ldap_searchDN is set, the filter to use when
+// searching for user's DN. Note that you should comment out the default
+// password_ldap_userDN_mask setting for this to take effect.
+// '%login' will be replaced by the current roundcube user's login
+// '%name' will be replaced by the current roundcube user's name part
+// '%domain' will be replaced by the current roundcube user's domain part
+// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
+// Example: '(uid=%login)'
+// Example: '(&(objectClass=posixAccount)(uid=%login))'
+$config['password_ldap_search_filter'] = '(uid=%login)';
+
+// LDAP password hash type
+// Standard LDAP encryption type which must be one of: crypt,
+// ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, ad, cram-md5 (dovecot style) or clear.
+// Set to 'default' if you want to use method specified in password_algorithm option above.
+// Multiple password Values can be generated by concatenating encodings with a +. E.g. 'cram-md5+crypt'
+// Default: 'crypt'.
+$config['password_ldap_encodage'] = 'crypt';
+
+// LDAP password attribute
+// Name of the ldap's attribute used for storing user password
+// Default: 'userPassword'
+$config['password_ldap_pwattr'] = 'userPassword';
+
+// LDAP password force replace
+// Force LDAP replace in cases where ACL allows only replace not read
+// See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace
+// Default: true
+$config['password_ldap_force_replace'] = true;
+
+// LDAP Password Last Change Date
+// Some places use an attribute to store the date of the last password change
+// The date is meassured in "days since epoch" (an integer value)
+// Whenever the password is changed, the attribute will be updated if set (e.g. shadowLastChange)
+$config['password_ldap_lchattr'] = '';
+
+// LDAP Samba password attribute, e.g. sambaNTPassword
+// Name of the LDAP's Samba attribute used for storing user password
+$config['password_ldap_samba_pwattr'] = '';
+ 
+// LDAP Samba Password Last Change Date attribute, e.g. sambaPwdLastSet
+// Some places use an attribute to store the date of the last password change
+// The date is meassured in "seconds since epoch" (an integer value)
+// Whenever the password is changed, the attribute will be updated if set
+$config['password_ldap_samba_lchattr'] = '';
+
+// LDAP PPolicy Driver options
+// -----------------------------------
+
+// LDAP Change password command - filename of the perl script
+// Example: 'change_ldap_pass.pl'
+$config['password_ldap_ppolicy_cmd'] = 'change_ldap_pass.pl';
+
+// LDAP URI
+// Example: 'ldap://ldap.example.com/ ldaps://ldap2.example.com:636/'
+$config['password_ldap_ppolicy_uri'] = 'ldap://localhost/';
+
+// LDAP base name (root directory)
+// Exemple: 'dc=exemple,dc=com'
+$config['password_ldap_ppolicy_basedn'] = 'dc=example,dc=com';
+
+$config['password_ldap_ppolicy_searchDN'] = 'cn=someuser,dc=example,dc=com';
+
+$config['password_ldap_ppolicy_searchPW'] = 'secret';
+
+// LDAP search filter
+// Example: '(uid=%login)'
+// Example: '(&(objectClass=posixAccount)(uid=%login))'
+$config['password_ldap_ppolicy_search_filter'] = '(uid=%login)';
+
+// CA Certificate file if in URI is LDAPS connection
+$config['password_ldap_ppolicy_cafile'] = '/etc/ssl/cacert.crt';
+
+
+
+// DirectAdmin Driver options
+// --------------------------
+// The host which changes the password
+// Use 'ssl://host' instead of 'tcp://host' when running DirectAdmin over SSL.
+// The host can contain the following macros that will be expanded as follows:
+//     %h is replaced with the imap host (from the session info)
+//     %d is replaced with the domain part of the username (if the username is an email)
+$config['password_directadmin_host'] = 'tcp://localhost';
+
+// TCP port used for DirectAdmin connections
+$config['password_directadmin_port'] = 2222;
+
+
+// vpopmaild Driver options
+// -----------------------
+// The host which changes the password
+$config['password_vpopmaild_host'] = 'localhost';
+
+// TCP port used for vpopmaild connections
+$config['password_vpopmaild_port'] = 89;
+
+// Timeout used for the connection to vpopmaild (in seconds)
+$config['password_vpopmaild_timeout'] = 10;
+
+
+// cPanel Driver options
+// --------------------------
+// The cPanel Host name
+$config['password_cpanel_host'] = 'host.domain.com';
+
+// The cPanel admin username
+$config['password_cpanel_username'] = 'username';
+
+// The cPanel admin password
+$config['password_cpanel_password'] = 'password';
+
+// The cPanel admin hash
+// If you prefer to use a hash (Remote Access Key) instead of plain password, enter it below.
+// Hash takes precedence over password auth.
+// You can generate a Remote Access Key in WHM -> Clusters -> Remote Access Key
+$config['password_cpanel_hash'] = '';
+
+// The cPanel port to use
+$config['password_cpanel_port'] = 2087;
+
+
+// cPanel Webmail Driver options
+// -----------------------------
+// The cPanel Host name
+$config['password_cpanel_webmail_host'] = 'host.domain.com';
+
+// The cPanel port to use
+$config['password_cpanel_webmail_port'] = 2096;
+
+
+// XIMSS (Communigate server) Driver options
+// -----------------------------------------
+// Host name of the Communigate server
+$config['password_ximss_host'] = 'mail.example.com';
+
+// XIMSS port on Communigate server
+$config['password_ximss_port'] = 11024;
+
+
+// chpasswd Driver options
+// ---------------------
+// Command to use (see "Sudo setup" in README)
+$config['password_chpasswd_cmd'] = 'sudo /usr/sbin/chpasswd 2> /dev/null';
+
+
+// XMail Driver options
+// ---------------------
+$config['xmail_host'] = 'localhost';
+$config['xmail_user'] = 'YourXmailControlUser';
+$config['xmail_pass'] = 'YourXmailControlPass';
+$config['xmail_port'] = 6017;
+
+
+// hMail Driver options
+// -----------------------
+// Remote hMailServer configuration
+// true:  HMailserver is on a remote box (php.ini: com.allow_dcom = true)
+// false: Hmailserver is on same box as PHP
+$config['hmailserver_remote_dcom'] = false;
+// Windows credentials
+$config['hmailserver_server'] = array(
+    'Server'   => 'localhost',      // hostname or ip address
+    'Username' => 'administrator',  // windows username
+    'Password' => 'password'        // windows user password
+);
+
+
+// Virtualmin Driver options
+// -------------------------
+// Username format:
+// 0: username@domain
+// 1: username%domain
+// 2: username.domain
+// 3: domain.username
+// 4: username-domain
+// 5: domain-username
+// 6: username_domain
+// 7: domain_username
+$config['password_virtualmin_format'] = 0;
+
+
+// pw_usermod Driver options
+// --------------------------
+// Use comma delimited exlist to disable password change for users.
+// See "Sudo setup" in README file.
+$config['password_pw_usermod_cmd'] = 'sudo /usr/sbin/pw usermod -h 0 -n';
+
+
+// DBMail Driver options
+// -------------------
+// Additional arguments for the dbmail-users call
+$config['password_dbmail_args'] = '-p sha512';
+
+
+// Expect Driver options
+// ---------------------
+// Location of expect binary
+$config['password_expect_bin'] = '/usr/bin/expect';
+
+// Location of expect script (see helpers/passwd-expect)
+$config['password_expect_script'] = '';
+
+// Arguments for the expect script. See the helpers/passwd-expect file for details.
+// This is probably a good starting default:
+//   -telent -host localhost -output /tmp/passwd.log -log /tmp/passwd.log
+$config['password_expect_params'] = '';
+
+
+// smb Driver options
+// ---------------------
+// Samba host (default: localhost)
+// Supported replacement variables:
+// %n - hostname ($_SERVER['SERVER_NAME'])
+// %t - hostname without the first part
+// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
+$config['password_smb_host'] = 'localhost';
+// Location of smbpasswd binary (default: /usr/bin/smbpasswd)
+$config['password_smb_cmd'] = '/usr/bin/smbpasswd';
+
+// gearman driver options
+// ---------------------
+// Gearman host (default: localhost)
+$config['password_gearman_host'] = 'localhost';
+
+
+// Plesk/PPA Driver options
+// --------------------
+// You need to allow RCP for IP of roundcube-server in Plesk/PPA Panel 
+
+// Plesk RCP Host
+$config['password_plesk_host'] = '10.0.0.5';
+
+// Plesk RPC Username
+$config['password_plesk_user'] = 'admin';
+
+// Plesk RPC Password
+$config['password_plesk_pass'] = 'password';
+
+// Plesk RPC Port
+$config['password_plesk_rpc_port'] = '8443';
+
+// Plesk RPC Path
+$config['password_plesk_rpc_path'] = 'enterprise/control/agent.php';
+
+
+// kasswd Driver options
+// ---------------------
+// Command to use
+$config['password_kpasswd_cmd'] = '/usr/bin/kpasswd';
diff -r 05c4c32948af -r a36beb7d3ea2 plugins/thunderbird_labels/localization/en_CA.inc
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/plugins/thunderbird_labels/localization/en_CA.inc	Sat Dec 29 05:10:28 2018 -0500
@@ -0,0 +1,1 @@
+en_US.inc
\ No newline at end of file
diff -r 05c4c32948af -r a36beb7d3ea2 plugins/thunderbird_labels/localization/en_GB.inc
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/plugins/thunderbird_labels/localization/en_GB.inc	Sat Dec 29 05:10:28 2018 -0500
@@ -0,0 +1,1 @@
+en_US.inc
\ No newline at end of file