Index: bugzilla-config =================================================================== --- bugzilla-config (revision 605) +++ bugzilla-config (working copy) @@ -1,7 +1,7 @@ # If you are using Apache as your web server, Bugzilla can create .htaccess # files for you that will instruct Apache not to serve files that shouldn't -# be accessed from the web (like your local configuration data and non-cgi +# be accessed from the web browser (like your local configuration data and non-cgi # executable files). For this to work, the directory your Bugzilla # installation is in must be within the jurisdiction of a block # in the httpd.conf file that has 'AllowOverride Limit' in it. If it has @@ -12,9 +12,11 @@ # If this is set to 0, Bugzilla will not create these files. $create_htaccess = 1; -# This is the group your web server runs as. +# Usually, this is the group your web server runs as. # If you have a Windows box, ignore this setting. -# If you do not have access to the group your web server runs under, +# If you have use_suexec switched on below, this is the group Apache switches +# to in order to run Bugzilla scripts. +# If you do not have access to the group your scripts will run under, # set this to "". If you do set this to "", then your Bugzilla installation # will be _VERY_ insecure, because some files will be world readable/writable, # and so anyone who can get local access to your machine can do whatever they @@ -24,6 +26,17 @@ # asAdministrator, or as a user who is a member of the specified group. $webservergroup = ''; +# Set this if Bugzilla runs in an Apache SuexecUserGroup environment. +# (If your web server runs control panel software (cPanel, Plesk or similar), +# or if your Bugzilla is to run in a shared hosting environment, then you are +# almost certainly in an Apache SuexecUserGroup environment.) +# If you have a Windows box, ignore this setting. +# If set to 0, Bugzilla will set file permissions as tightly as possible. +# If set to 1, Bugzilla will set file permissions so that it may work in an +# SuexecUserGroup environment. The difference is that static files (CSS, +# JavaScript and so on) will receive world read permissions. +$use_suexec = 0; + # What SQL database to use. Default is mysql. List of supported databases # can be obtained by listing Bugzilla/DB directory - every module corresponds # to one supported database and the name corresponds to a driver name. @@ -87,4 +100,11 @@ # The interdiff feature needs diff, so we have to have that path. # Please specify the directory name only; do not use trailing slash. -$diffpath = ''; +$diffpath = '.'; + +# This secret key is used by your installation for the creation and +# validation of encrypted tokens to prevent unsolicited changes, +# such as bug changes. A random string is generated by default. +# It's very important that this key is kept secret. It also must be +# very long. +$site_wide_secret = 'O1IGiLPXhxjpvlhDhCtM9PYNAzC1k5Uop8v3GScovnq4cxUsv3aYxzRGyeGlR4w8';