+Set($HideArticleSearchOnReplyCreate, 0);
+
+=item C<$LinkArticlesOnInclude>
+
+Set this to 0 to suppress the default behavior of automatically linking
+to Articles when they are included in a message.
+
+=cut
+
+Set($LinkArticlesOnInclude, 1);
+
+=back
+
+
+
+=head2 Message box properties
+
+=over 4
+
+=item C<$MessageBoxWidth>, C<$MessageBoxHeight>
+
+For message boxes, set the entry box width, height and what type of
+wrapping to use. These options can be overridden by users in their
+preferences.
+
+When the width is set to undef, no column count is specified and the
+message box will take up 100% of the available width. Combining this
+with HARD messagebox wrapping (below) is not recommended, as it will
+lead to inconsistent width in transactions between browsers.
+
+These settings only apply to the non-RichText message box. See below
+for Rich Text settings.
+
+=cut
+
+Set($MessageBoxWidth, undef);
+Set($MessageBoxHeight, 15);
+
+=item C<$MessageBoxRichText>
+
+Should "rich text" editing be enabled? This option lets your users
+send HTML email messages from the web interface.
+
+=cut
+
+Set($MessageBoxRichText, 1);
+
+=item C<$MessageBoxRichTextHeight>
+
+Height of rich text JavaScript enabled editing boxes (in pixels)
+
+=cut
+
+Set($MessageBoxRichTextHeight, 200);
+
+=item C<$MessageBoxIncludeSignature>
+
+Should your users' signatures (from their Preferences page) be
+included in Comments and Replies.
+
+=cut
+
+Set($MessageBoxIncludeSignature, 1);
+
+=item C<$MessageBoxIncludeSignatureOnComment>
+
+Should your users' signatures (from their Preferences page) be
+included in Comments. Setting this to 0 overrides
+C<$MessageBoxIncludeSignature>.
+
+=cut
+
+Set($MessageBoxIncludeSignatureOnComment, 1);
+
+=back
+
+
+=head2 Transaction display
+
+=over 4
+
+=item C<$OldestTransactionsFirst>
+
+By default, RT shows newest transactions at the bottom of the ticket
+history page, if you want see them at the top set this to 0. This
+option can be overridden by users in their preferences.
+
+=cut
+
+Set($OldestTransactionsFirst, 1);
+
+=item C<$ShowHistory>
+
+This option controls how history is shown on the ticket display page. It
+accepts one of three possible modes and is overrideable on a per-user
+preference level. If you regularly deal with long tickets and don't care much
+about the history, you may wish to change this option to C<click>.
+
+=over
+
+=item C<delay> (the default)
+
+When set to C<delay>, history is loaded via javascript after the rest of the
+page has been loaded. This speeds up apparent page load times and generally
+provides a smoother experience. You may notice slight delays before the ticket
+history appears on very long tickets.
+
+=item C<click>
+
+When set to C<click>, history is loaded on demand when a placeholder link is
+clicked. This speeds up ticket display page loads and history is never loaded
+if not requested.
+
+=item C<always>
+
+When set to C<always>, history is loaded before showing the page. This ensures
+history is always available immediately, but at the expense of longer page load
+times. This behaviour was the default in RT 4.0.
+
+=back
+
+=cut
+
+Set($ShowHistory, 'delay');
+
+=item C<$ShowBccHeader>
+
+By default, RT hides from the web UI information about blind copies
+user sent on reply or comment.
+
+=cut
+
+Set($ShowBccHeader, 0);
+
+=item C<$TrustHTMLAttachments>
+
+If C<TrustHTMLAttachments> is not defined, we will display them as
+text. This prevents malicious HTML and JavaScript from being sent in a
+request (although there is probably more to it than that)
+
+=cut
+
+Set($TrustHTMLAttachments, undef);
+
+=item C<$AlwaysDownloadAttachments>
+
+Always download attachments, regardless of content type. If set, this
+overrides C<TrustHTMLAttachments>.
+
+=cut
+
+Set($AlwaysDownloadAttachments, undef);
+
+=item C<$PreferRichText>
+
+By default, RT shows rich text (HTML) messages if possible. If
+C<$PreferRichText> is set to 0, RT will show plain text messages in
+preference to any rich text alternatives.
+
+As a security precaution, RT limits the HTML that is displayed to a
+known-good subset -- as allowing arbitrary HTML to be displayed exposes
+multiple vectors for XSS and phishing attacks. If
+L</$TrustHTMLAttachments> is enabled, the original HTML is available for
+viewing via the "Download" link.
+
+If the optional L<HTML::Gumbo> dependency is installed, RT will leverage
+this to allow a broader set of HTML through, including tables.
+
+=cut
+
+Set($PreferRichText, 1);
+
+=item C<$MaxInlineBody>
+
+C<$MaxInlineBody> is the maximum attachment size that we want to see
+inline when viewing a transaction. RT will inline any text if the
+value is undefined or 0. This option can be overridden by users in
+their preferences.
+
+=cut
+
+Set($MaxInlineBody, 120000);
+
+=item C<$ShowTransactionImages>
+
+By default, RT shows images attached to incoming (and outgoing) ticket
+updates inline. Set this variable to 0 if you'd like to disable that
+behavior.
+
+=cut
+
+Set($ShowTransactionImages, 1);
+
+=item C<$ShowRemoteImages>
+
+By default, RT doesn't show remote images attached to incoming (and outgoing)
+ticket updates inline. Set this variable to 1 if you'd like to enable remote
+image display. Showing remote images may allow spammers and other senders to
+track when messages are viewed and see referer information.
+
+Note that this setting is independent of L</$ShowTransactionImages> above.
+
+=cut
+
+Set($ShowRemoteImages, 0);
+
+=item C<$PlainTextMono>
+
+Normally plaintext attachments are displayed as HTML with line breaks
+preserved. This causes space- and tab-based formatting not to be
+displayed correctly. Set C<$PlainTextMono> to 1 to use a monospaced
+font and preserve formatting.
+
+=cut
+
+Set($PlainTextMono, 0);
+
+=item C<$SuppressInlineTextFiles>
+
+If C<$SuppressInlineTextFiles> is set to 1, then uploaded text files
+(text-type attachments with file names) are prevented from being
+displayed in-line when viewing a ticket's history.
+
+=cut
+
+Set($SuppressInlineTextFiles, undef);
+
+
+=item C<@Active_MakeClicky>
+
+MakeClicky detects various formats of data in headers and email
+messages, and extends them with supporting links. By default, RT
+provides two formats:
+
+* 'httpurl': detects http:// and https:// URLs and adds '[Open URL]'
+ link after the URL.
+
+* 'httpurl_overwrite': also detects URLs as 'httpurl' format, but
+ replaces the URL with a link. Enabled by default.
+
+See F<share/html/Elements/MakeClicky> for documentation on how to add
+your own styles of link detection.
+
+=cut
+
+Set(@Active_MakeClicky, qw(httpurl_overwrite));
+
+=item C<$QuoteFolding>
+
+Quote folding is the hiding of old replies in transaction history.
+It defaults to on. Set this to 0 to disable it.
+
+=cut
+
+Set($QuoteFolding, 1);
+
+=item C<$AllowLoginPasswordAutoComplete>
+
+Allow browsers to remember the user's password on login (in case the
+browser can do so, and has the appropriate setting enabled). Default
+is 0.
+
+=cut
+
+Set($AllowLoginPasswordAutoComplete, 0);
+
+=back
+
+
+=head1 Application logic
+
+=over 4
+
+=item C<$ParseNewMessageForTicketCcs>
+
+If C<$ParseNewMessageForTicketCcs> is set to 1, RT will attempt to
+divine Ticket 'Cc' watchers from the To and Cc lines of incoming
+messages that create new Tickets. This option does not apply to replies
+or comments on existing Tickets. Be forewarned that if you have I<any>
+addresses which forward mail to RT automatically and you enable this
+option without modifying C<$RTAddressRegexp> below, you will get
+yourself into a heap of trouble.
+
+=cut
+
+Set($ParseNewMessageForTicketCcs, undef);
+
+=item C<$UseTransactionBatch>
+
+Set C<$UseTransactionBatch> to 1 to execute transactions in batches,
+such that a resolve and comment (for example) would happen
+simultaneously, instead of as two transactions, unaware of each
+others' existence.
+
+=cut
+
+Set($UseTransactionBatch, 1);
+
+=item C<$StrictLinkACL>
+
+When this feature is enabled a user needs I<ModifyTicket> rights on
+both tickets to link them together; otherwise, I<ModifyTicket> rights
+on either of them is sufficient.
+
+=cut
+
+Set($StrictLinkACL, 1);
+
+=item C<$RedistributeAutoGeneratedMessages>
+
+Should RT redistribute correspondence that it identifies as machine
+generated? A 1 will do so; setting this to 0 will cause no
+such messages to be redistributed. You can also use 'privileged' (the
+default), which will redistribute only to privileged users. This helps
+to protect against malformed bounces and loops caused by auto-created
+requestors with bogus addresses.
+
+=cut
+
+Set($RedistributeAutoGeneratedMessages, "privileged");
+
+=item C<$ApprovalRejectionNotes>
+
+Should rejection notes from approvals be sent to the requestors?
+
+=cut
+
+Set($ApprovalRejectionNotes, 1);
+
+=item C<$ForceApprovalsView>
+
+Should approval tickets only be viewed and modified through the standard
+approval interface? With this setting enabled (by default), any attempt to use
+the normal ticket display and modify page for approval tickets will be
+redirected.
+
+For example, with this option set to 1 and an approval ticket #123:
+
+ /Ticket/Display.html?id=123
+
+is redirected to
+
+ /Approval/Display.html?id=123
+
+With this option set to 0, the redirect won't happen.
+
+=back
+
+=cut
+
+Set($ForceApprovalsView, 1);
+
+=head1 Extra security
+
+This is a list of extra security measures to enable that help keep your RT
+safe. If you don't know what these mean, you should almost certainly leave the
+defaults alone.
+
+=over 4
+
+=item C<$DisallowExecuteCode>
+
+If set to 1, the C<ExecuteCode> right will be removed from
+all users, B<including> the superuser. This is intended for when RT is
+installed into a shared environment where even the superuser should not
+be allowed to run arbitrary Perl code on the server via scrips.
+
+=cut
+
+Set($DisallowExecuteCode, 0);
+
+=item C<$Framebusting>
+
+If set to 0, framekiller javascript will be disabled and the
+X-Frame-Options: DENY header will be suppressed from all responses.
+This disables RT's clickjacking protection.
+
+=cut
+
+Set($Framebusting, 1);
+
+=item C<$RestrictReferrer>
+
+If set to 0, the HTTP C<Referer> (sic) header will not be
+checked to ensure that requests come from RT's own domain. As RT allows
+for GET requests to alter state, disabling this opens RT up to
+cross-site request forgery (CSRF) attacks.
+
+=cut
+
+Set($RestrictReferrer, 1);
+
+=item C<$RestrictLoginReferrer>
+
+If set to 0, RT will allow the user to log in from any link
+or request, merely by passing in C<user> and C<pass> parameters; setting
+it to 1 forces all logins to come from the login box, so the
+user is aware that they are being logged in. The default is off, for
+backwards compatability.
+
+=cut
+
+Set($RestrictLoginReferrer, 0);
+
+=item C<@ReferrerWhitelist>
+
+This is a list of hostname:port combinations that RT will treat as being
+part of RT's domain. This is particularly useful if you access RT as
+multiple hostnames or have an external auth system that needs to
+redirect back to RT once authentication is complete.
+
+ Set(@ReferrerWhitelist, qw(www.example.com:443 www3.example.com:80));
+
+If the "RT has detected a possible cross-site request forgery" error is triggered
+by a host:port sent by your browser that you believe should be valid, you can copy
+the host:port from the error message into this list.
+
+Simple wildcards, similar to SSL certificates, are allowed. For example:
+
+ *.example.com:80 # matches foo.example.com
+ # but not example.com
+ # or foo.bar.example.com
+
+ www*.example.com:80 # matches www3.example.com
+ # and www-test.example.com
+ # and www.example.com
+
+=cut
+
+Set(@ReferrerWhitelist, qw());
+
+=item C<%ReferrerComponents>
+
+C<%ReferrerComponents> is the hash to customize referrer checking behavior when
+C<$RestrictReferrer> is enabled, where you can whitelist or blacklist the
+components along with their query args. e.g.
+
+ Set( %ReferrerComponents,
+ ( '/Foo.html' => 1, '/Bar.html' => 0, '/Baz.html' => [ 'id', 'results' ] )
+ );
+
+With this, '/Foo.html' will be whitelisted, and '/Bar.html' will be blacklisted.
+'/Baz.html' with id/results query arguments will be whitelisted but blacklisted
+if there are other query arguments.
+
+=cut
+
+Set( %ReferrerComponents );
+
+=item C<$BcryptCost>
+
+This sets the default cost parameter used for the C<bcrypt> key
+derivation function. Valid values range from 4 to 31, inclusive, with
+higher numbers denoting greater effort.
+
+=cut
+
+Set($BcryptCost, 12);
+
+=back
+
+
+
+=head1 Authorization and user configuration
+
+=over 4
+
+=item C<$WebRemoteUserAuth>
+
+If C<$WebRemoteUserAuth> is defined, RT will defer to the environment's
+REMOTE_USER variable, which should be set by the webserver's
+authentication layer.
+
+=cut