From 1c6f98e62fb12b74a56b3f2f730da61ccd3004f2 Mon Sep 17 00:00:00 2001
From: JediKev <kevin@enhancesoft.com>
Date: Wed, 6 Oct 2021 22:27:27 +0000
Subject: [PATCH] security: SSRF External Images

This is an extension of `d98c2d0` and addresses an issue reported by
haxatron. This ensures the `Allow External Images` setting is Disabled by
default on new installs.
---
 include/class.config.php       | 2 +-
 include/i18n/en_US/config.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/class.config.php b/include/class.config.php
index 9448f5cf19..e8d10a4204 100644
--- a/include/class.config.php
+++ b/include/class.config.php
@@ -230,7 +230,7 @@ class OsticketConfig extends Config {
         'max_open_tickets' => 0,
         'files_req_auth' => 1,
         'force_https' => '',
-        'allow_external_images' => 1,
+        'allow_external_images' => 0,
     );
 
     function __construct($section=null) {
diff --git a/include/i18n/en_US/config.yaml b/include/i18n/en_US/config.yaml
index 7fb476505c..24e2208264 100644
--- a/include/i18n/en_US/config.yaml
+++ b/include/i18n/en_US/config.yaml
@@ -80,7 +80,7 @@ core:
     ticket_number_format: '######'
     ticket_sequence_id: 0
     queue_bucket_counts: 0
-    allow_external_images: 1
+    allow_external_images: 0
     task_number_format: '#'
     task_sequence_id: 2
     log_level: 2