config.pod - documents BSE configuration file options


BSE historically used to keep most configuration information. The plan is to make sure any new configuration is kept in bse.cfg, and to slowly move most configuration information into bse.cfg.

Keeping configuration information in makes it difficult to perform upgrades and makes it impossible to use tools such as mod_perl, at least if you want more than one site on the machine.

bse.cfg is read as a utf-8 encoded file.



Contains URL configuration for the site.


The normal URL for the non-secure parts of the site.


The secure URL for the shop, products and other portions of the site that should use SSL. This isn't checked to make sure it is https.


Used as the site "name" in a few places.


If set, this is used as the base URL for accessing the administrative functions of your site.


Ignored if adminurl is set.

If this is true then secureurl is used as the base URL for accessing the administrative functions of your site, otherwise url is used as the base URL. Default: false (url's value is used)


Configure the IP address of one or more front-end proxies. This can be a regular expression except that . is translated to \. and * is tranlated to .* to give more glob() like matching.

If the reqesting host matches then admin site URL matching is done against HTTP_X_FORWARDED_SERVER instead of SERVER_NAME.

Default: no front-end server configured.


A secret used (currently) for hashing cookie values passed between the secure and non-secure parts of the site. This must be set. A suitable value can be created with:

  openssl rand -base64 32


Contains various file system paths.


This is where the files uploads with the file wizard are stored. It must be writable by the web server user.


Directory containing administrative templates. Note: this is not completely implemented for now, so assume the default. Default: admin directory under $TMPLDIR.


Directory base for most templates. This can contain references like $(section/key) to other configuration entries. Split on the systems PATH separators (run: perl -V:path_sep)


Local Directory base for templates. This is searched before the templates directory. This can contain references like $(section/key) to other configuration entries. Split on the system's PATH separator.


Web server document root. Static pages are generated under this directory. Default: $CONTENTBASE.


Where uploaded images are stored. This is not yet completely implemented. Default: $IMAGEDIR.


Local search path for BSE::Custom, or the class configured by custom_class in [basic].


The directory where cached versions of scaled thumbnails are stored. Defaults to [paths].images/scaled. This must be in the document tree. If you set this you should also set [uri].scalecache.


Where uploaded siteuser images are stored. This must be set in the config file. The default bse.cfg include an entry to use the current values of [paths].downloads


Pregenerated dynamic article pages are stored here. This must be defined if you site contains any dynamicly generated pages.


The directory to store public BSE::TB::File content in (currently used for application specific files.)


This section is used by the file wizard to map uploaded file extensions to MIME content types. This can be used to extend BSE::FileEditor's internal extension map. It cannot override that map.

The key for each entry is the extension, without the leading '.'.


  xls = application/msexcel


Used for translating symbolic template names into full names under the template directory.

In each case the default is the name with a .tmpl extension.


user logon page


user registration page

[admin templates]

Used for translating the names of administration templates into filenames.

In each case the default is the name with a .tmpl extension.


article file wizard


Catalog editor page. Default admin/edit_catalog.tmpl

  • Article edit pages. Default admin/edit_<number>.tmpl

  • steps

    Step child/parent management page. Default admin/edit_steps.tmpl


    Minor html items.


    The value of the charset keyword when outputting HTML from a script. Set to the empty string to suppress the charset keyword. Default: iso-8859-1.


    If this is a non-zero number, then all but mailto links are redirected to so you can display a diclaimer. If this contained alphabetics it's treated as a comma separated list of url schemes that should be handled via If 0 or not present, no redirection is done.

    The redirect URL includes a hash of the url, title and the redirect salt to prevent using this mechanism by external sites for cookie stealing attacks.


    The salt used in generating the has for redirect_links. Default: an empty string.


    If non-zero then any HTML output is validated with HTML::Tidy. Validation errors and warnings are sent to the audit log. See [html tidy].



    If this is true then the user/group/permissions database is used to control access to the system. Default: False.


    If this is true, then the drop-down lists of possible parents on the newsletter edit pages are filtered for access control. Default: False.


    If this is true, then the drop-down lists of possible stepparents and stepchildren on the article edit pages are filtered for access control. Default: False.


    The prefix applied to articles that use a linkAlias url. This should start with a /.


    If this is non-zero then the link is formed by the alias_prefix, followed by slash (/) separated aliases from the ancestors starting from the section, followed by the alias_suffix. You may need to change your redirect handling if you enable this. Default: Off.


    If this is non-zero then the title is cleaned up (all but alphanumerics removed) and appended to the alias URL generated.


    If true then all articles are treated as dynamic. Default: false.


    By default, if the author doesn't use any image tags, BSE will insert any unnamed article images into the body text of an article. You can disable this on a per-article basis in the image tool, or disable it globally by setting auto_images to 0.

    An alternative is to set imagePos in [article defaults] to xx which will default articles to not auto-inserting images.


    If true, BSE will cache compiled templates using the configured BSE cache, if any. Depending on the configured cache this may slow things down. Default: disabled.


    If true, BSE will cache compiled templates in memory. This may significantly improve performance but may increase memory use. Default: disabled.


    If set to zero the results of the thumbimage/gthumbimage body/template tags will not be cached. Default: 1 (caching is enabled).


    This overrides the domain value set for cookies. This is useful if you allow the site to run under both and, if you set cookie_domain to then a user visiting will still have their cookies when they visit


    The expiry time for cookies. This should be in the form supported by for the -expires parameter. Typically you want a plus ('+'), a number, and a time character (s - seconds, m - minutes, h - hours, d - days, M - months). Default: +3h


    This overrides the cookie name used to store the session id. Default: sessionid. This is useful when you have 2 sites under the same top-level domain, and helps disambiguate the cookie returned by the browser.


    The name of the custom class for your site. This is currently only used for article editing customizations. This class should derive from BSE::CustomBase. Default: BSE::Custom.


    This is the default popup image class for the popimage[] and gpopimage[] tags. Default: popup.


    If set to 0, dynamic article iterators will no access control filter their results. Default: 1.


    If this is non-zero, the default, the session cookie sent to the browser has the HttpOnly attribute set. This can prevent session cookie hijacking. Default: 1.


    This should be the path to a file to be updated with the list of users and crypt() versions of their passwords. If this is set then the security system will check for a user set by the browser before attempting a form based logon. Default: None.


    The name of the file to generate for static articles when the link is terminated by "/". Default: index.html.


    If this is true, then pre-generation for dynamic pages will be delayed until the page is displayed to a user. Default: off.


    If this is true then the links to your articles within BSE will be followed by a / and then by a simplified version of the article title. The aim is to include at least some title information in the URL without modifying the name of the HTML file. Default: False.


    If this is non-zero, the default, then when the site member logs in, a javascript visible cookie, userid will be set that contains the login name of the user. BSE's back-end doesn't use this cookie, its only use is for Javascript to enable/disable user interface elements. Default: 1.


    Minimum password length in characters. Default: 4.


    If non-zero, the default, dynamic responses will include a Cache-Control: no-cache header. This can be overridden for articles via , article flags, [template templatename].no_cache_dynamic and [article].no_cache_dynamic. Default: 1.


    Preload the named template, searching the template search part. Any text that would normally be produced by the preloaded template is ignored. This can be useful for common definitions and variables for use in many templates. Default: none.


    Device to read random data from. This device should not block when it runs out of entropy.


    If true then will 301 redirect (Moved Permanently) requests for an article by its id to the generated link if the article has a link alias. Default: false. Must only be used with use_alias true.


    If this is non-zero then the session cookie sent to the browser has the Secure attribute set. This means that the cookie will only be visible over https. This is only useful when the only URL the site is visited over is a https URL. Default: 0.


    Set this to non-zero to enable authentication via server authentication (usually Basic Authentication.) You should normally set this if you set htusers below. Default: 0 (disabled)


    If this is true then the encrypted messages containing the customer's credit card number are sent to the shop owner signed. To avoid keeping a passphrase and signing key on the server you can set this to false (0). This has the effect that anyone could send you an unsigned message encrypted with your public key, though this may not be a security threat. Default: True.


    If true, the ifAjax and ajax tags will be active for static pages.


    If true and cache_thumbnails is true then thumbnails for the thumbnail cache will be generated when a static page is regenerated, and the link from the page will link to the image in the cache rather than to Default: 1 (static thumbnails enabled).


    If this is non-zero, and a cache is configured (see [cache]), file uploads are tracked in entries in the cache.

    The script can be called by Ajax to display file upload progress information to the user. The upload state is updated a maximum of once a second.


    If this is non-zero then an article with linkAlias set will use an alias url instead of the "real" url. You will need to configure a RewriteRule or ErrorDocument to to direct the user to the correct URL. Default: 1.


    Some obsolete tags will warn to stderr if this is non-zero. Default: don't warn.


    This section controls how BSE sends email.


    The host or IP address of your mail server. If this is not set sendmail will be used instead. If this is set you must also set helo.


    The name that BSE uses to identify itself when sending mail via SMTP. Required if smtp_server is set.


    The path to the sendmail binary. Default: /usr/lib/sendmail


    The options supplied to sendmail. Default: -t -oi

    You may want to add the -odq option to this if you want mail queued rather than sent immediately.


    If true, we add an Errors-To header set to the same as the From header. Default: true.


    If non-zero then emails sent via the compose mail system that aren't being sent to a member record, will be sent as HTML, if the HTML template is available.


    If this is style (the default) then use CSS::Inliner to attempt to inline CSS in mail if the text "<style" is found in the generated HTML.

    If this is force then we always attempt to inline CSS.

    If this is any other value then don't inline CSS.


    A comma separated list of flags to supply to CSS::Inliner->new(). Reasonable flags are strip_attrs to strip id and class attributes, and leave_style to leave the HTML style block in place.

    Default: no flags.


    If this is true and CSS inlining fails, log an error to the audit log. This is intended for use in debugging and should be disabled in production. Default: false (disabled)

    [children of id]

    Where id is the identifier for an article.


    the name of the default template for children of the given parent


    a comma-separated list of extra directories under $TMPLDIR to search for templates that can be used for children of the given parent article.

    [article id]

    Where id is the identifier of an article.


    A comma-separated list of extra directories under $TMPLDIR to search for templates that can be used for children of the given parent article.


    A comma-separated list of extra templates under $TMPLDIR that can be used for the given article.

    [level level]


    The default template for this level of article, assuming it hasn't been set in the [children of article id] section.


    A comma-separated list of extra directories under $TMPLDIR to search for templates that can be used for articles at the given level.



    The default template for catalogs.



    The default template for products.


    A comma separated list of extra templates that can be used for products.


    This can be used to control translation of error messages. Each key has a prefix identifying the module that uses the error, followed by '/' followed by a specific identifier for the message.

    Message parameters, expressed as $digit, are replaced with the parameters passed to the message. $$ is replaced with $.

    Each message identifier below is documented with the id, when it occurs, the default message, and any parameters.


    the user attempted to logon without entering a logon name. Default: "Please enter a logon name". No parameters.


    the user attempted to logon without entering a password. Default: "Please enter your password." No parameters.


    the user's logon name or password was not found or did not match. Default: "Invalid user or password". No parameters.


    the user attempted to logoff while not logged on. Default: "You aren't logged on". No parameters.


    the user entered a new password on the options page without entering their old password. Default: "You need to enter your old password to change your password". No parameters.


    Displayed if the user attempts to checkout when [shop].require_logon is true.



    if non-zero, the order must be marked as paid for before the file can be downloaded.


    if non-zero the order must be marked as filled before the files can be downloaded.


    if non-zero the user must be registered/logged on to download any file.


    if non-zero, downloads of userfiles will be logged. Default: 0


    the maximum age of entries in the user file download log, in days. Default: 30.


    Control over confirmation emails.


    The subject of email confirmation emails. Default: Subcription Confirmation.


    The from field for the email. Default: $SHOP_FROM


    Control over subscription messages.


    The from field for the email. Default: $SHOP_FROM.


    Default for the "Test Name" field for sending test subscription messages.


    Default for the "Test Email" field for sending test subscription messages.


    Set to 1 if you want the "Test Text Only" box checked by default for sending test subscription messages.


    Set to 0 to disable display of the test subscription messages portions of the subscriptions send form.


    Set to format links as they appear in the text version of emails. $1 is replaced with the title, $2 with the URL and $3 with the index. $$ is replaced with '$'. Default: $1 [$3]


    Set to format links as they appear at the footer of the body text. If this is set to the empty string then no list appears. $1, $2, $3, $$ are replaced as for text_link_inline and $n is replaced with newline. Default: [$3] $2


    A line of text produced above the list of URLs if there is one. Default: -----. $n in this is replaced with newlines.

    For example, if the configuration is:

      text_link_inline="$1" ($3)
      text_link_list=($3) "$1"$n  => $2

    and the body text is:


    the result will be:

      "The Shop" (1)
      "Example" (2)
      (1) "The Shop"
      (2) "Example"



    If this is true then partial matches will be highlight in search result excerpts. Default: True


    If this is true then resulting articles that can't be accessed by the user are listed in the search results. Default: false.


    The default regular expression used to match words in text during indexing. Default: \w+


    The field specific word match regular expression for the built-in search indexer. Default: the value of wordre.


    Module used to build the search index. Default: BSE::Index::BSE.


    For BSE::Index::BSE, the optimization priority. The default of speed builds the index in memory and is very fast, but can consume a lot of memory. Otherwise, set this to memory to reduce memory usage.

    memory priority index building requires that the DBM::Deep module be installed.


    Articles with a higher level than this are indexed as their ancestor. Default: $SEARCH_LEVEL which defaults to 5.

    [search highlight]

    Sets the prefix and suffix used for highlighting matches for different fields.

    These are used by the highlight_result, excerpt, pageTitle, author, keywords and matchFile tags.

    Each field has a prefix and suffix entry. The key is fieldname_prefix or fieldname_suffix. For file fields this is file_fieldname_prefix and file_fieldname_suffix.

    The default prefix is <b>. The default suffix is </b>.

    For example you can do:

      [search highlight]
      body_prefix=<span class="searchfound">



    Used by some templates to check if the shop is enabled. Set this to 1 to enable the shop, or 0 to disable it.


    If this is false then shop articles will not use the secureurl as their baseurl. Default: True


    If true the customer is required to register before checkout if there are any for sale files attached to products in the cart. Default: True


    If true the customer is required to be logged on before checkout, whether or not for sale files are attached to products in the cart. Default: False.


    A comma-separated list of acceptable payment types. Default: 0

    The possible payment types are:

    Other types can be added by adding entries to the [payment type names] and [payment type descs] sections.


    These are used by various shop templates to present an address that a cheque payment should be sent to.


    From email address for emails sent by the shop. Overides $SHOP_FROM in


    To name for emailed orders sent by the shop. Overrides $SHOP_TO_NAME in


    To email for emailed orders sent by the shop. Overrides $SHOP_TO_EMAIL in


    BCC email address for order confirmation emails sent to the customer. Default: No bcc.


    If this is true then orders sent to you by the shop will not be encrypted. Enabling this disabled acceptance of credit card orders, and the default for payment_types will become 1 instead or 0.

    Please realize that other potentially commercially sensitive information is being sent in the clear to a central location, unencrypted.


    If true, then the order is email to to_email, possibly with credit card information included. Default: $SHOP_EMAIL_ORDER.


    Used to translate the stored order field name into a presentation name suitable for error messages.


    The name of a class to load to process credit card transactions online.

    Currently this can be either DevHelp::Payments::Test or DevHelp::Payments::Inpho.


    Name of the encryption module to use. Default: $SHOP_CRYPTO.


    Id of the key to sign the order email with. If this is non-empty then the email is signed even if [basic].sign is false. Default: $SHOP_SIGNING_ID.


    Path to the GnuPG program. Default: $SHOP_GPG


    Passphrase of the key used to sign the email. Default: $SHOP_PASSPHRASE.


    If true, request the card type when requesting credit card information. Default: False.


    Maximum number of entries in the cart. This limits the number of distinct products (with options) in the cart, not the total quantities. Default: Unlimited.


    The shop currency as a 3-letter currency code. Default: AUD. Currencies other than "AUD" aren't supported by most of the system.


    Set to non-zero if you're using country codes in the order country field. If this is set then the delivCountry is supplied as is to various parts of the system, otherwise it is translated from a country name to a country code. Default: 0.


    A comma separated list of extra fields to require during checkout. This is in addition to the usual fields required during checkout. Default: none.


    If true, and the need_delivery CGI parameter is true, treat the following delivery fields as required during checkout: delivFirstName, delivLastName, delivStreet, delivSuburb, delivPostCode and delivCountry. Default: true.


    If require_delivery is true, and the need_delivery CGI parameter is true, add the comma separated fields listed here to the required checkout fields list. Default: none.



    A space-separated list of modules under Courier::, e.g. "Fastway::Road AustraliaPost::Air". These will be made available as shipping methods on the checkout page.


    If true then a default "Quote shipping charges later" shipping method will be added to the shipping methods list.


    The post code from which products are shipped.


    The name of the Fastway franchisee used to ship products from the sourcepostcode.


    The Fastway franchisee code for the customer, if any.

    [Shop Order Validation]

    This section can contain extra order validation information, including specifying required fields, display names and extra validation rules.



    The maximum length of the article title field. Default: 255. Should not be set higher than this unless you change the database schema.


    Controls the script.


    Email address that is notified of the interest. Defaults to $SHOP_FROM.


    Used for debugging.


    When a user logs on, and the site url is different to the secure url BSE attempts to refresh to the other "side" of the site to set the same cookie.

    BSE does some simple comparisons to attempt to determine whether the logon form was triggered on the secure side of the site (possibly from the shop) or on the insecure side. Since CGI doesn't necessarily give us all the information required, it's possible it will guess wrong.

    Setting this option to 1 will enable debugging information sent to standard error, which will be sent to the error log on Apache. This probably isn't useful on IIS.


    Reports errors to STDERR (hence to the error log on Apache) if there is a problem deleting the actual file when an attached file is removed.


    Reports debugging information to standard error while encrypting your mail.


    Reports cookies received from the browser and sent to the browser to STDERR (hence to the error log on Apache.)


    If nonzero the session hash is dumped to STDERR after it is retrived from the database.


    If non-zero then subscription expiry date calculations are dumped to STDERR.


    If non-zero then information about jit_dynamic_regen is sent to STDERR.


    If non-zero then the ifUserCan tag will output some trace information to STDERR.


    Enables some trace messages from tags that return an ENOIMPL exception. This can be useful for tracking down why a tag isn't being replaced. This will produce a lot of output during page regeneration.


    Contains various URIs.

    This is underused, so don't rely on it yet.


    The URI to the CGI directory. Default: /cgi-bin


    The URI where images included with BSE can be found.

    This includes images such as trans_pixel.gif and admin/error.gif.

    Default: /images


    The URI where managed images are kept which should correspond to images in [paths].

    Default: /images (from $Constants::IMAGES_URI)


    The URL to the directory represented by scalecache. Defaults to [uri].images/scaled.


    The URL to the directory configured as [paths].public_files.



    This will provide translations from symbolic names to article ids.

    Currently this is used for converting article ids in the access control code, and for looking up the id of the shop.

    [printable type]

    If the user supplies a template name to then you can use a different content type by adding an entry to this section. The key is the template name, and the value is the full content type.

    [search index scores]

    This section is used when generating the search index to override the default scores for each field in the articles.

    The default scores are:

      Field           Score  Notes
      -----           -----  -----
      title             5
      body              3
      keyword           4
      pageTitle         5
      author            4
      summary           0
      description       0    Products only
      product_code      0    Products only
      file_displayName  2    displayName for files
      file_description  2    description for files
      file_notes        1    notes for files

    [article flags]

    [product flags]

    [catalog flags]

    Flags that can be set for articles, products and catalogs respectively. Note that flags for articles are also visible in products and catalogs.

    All flag Ids are single letters or digits. Uppercase letters are reserved for use by BSE internally, leaving lower-case letters and digits for your own use.

    Use the id of the flag as the key, and a description of the flag as it's value.

    [article uris]

    Each key is an article id, the values are base URIs to store the HTML form of those articles and their children under.

    [protect link]

    The keys are ids of articles that shouldn't have their link field overwritten. The value should be a true value, but is otherwise ignored.



    The recipient for the data dump email sent by Default: $DATA_EMAIL.


    the From for the data dump email sent by Default: $SHOP_FROM.

    [site users]

    Configuration for site users.


    If this is set to true then no passwords are required during registration, a confirmation email is sent immediately upon registration and that confirmation email contains a link the user can use to manage their details.

    This option has some security concerns since it can leave links to the user's information in the browser history. This option is not recommended.

    You cannot use this to control access to the shop.


    Set these to true to require the corresponding field during registration, and to keep it required after modification. Default: false.

    If you enable any of these, you should enable info_on_register as well, or modify the registration template to include the given fields.

    display_field name

    Controls how the given field is displayed in error messages. If you change the field names on the registration and/or options forms you should probably change them here too. Default: internal field name with the first character converted to upper-case.


    If this is set then the user info is prompted for during user registration. The information still isn't required unless the appropriate require_field option is set. Default: false.


    The default URL to refresh to on completing registration if no r parameter is supplied.


    If this is set then the subcription checkboxes are all checked on registration by default. Default: false.

    The user will only receive the subscriptions if they leave them checked and follow the link in the confirmation email.


    Where id is the number identifying a subscription. If this is set then the subscription checkbox for that subscription will be checked by default on the registration form. Default: false.

    The user will only receive the subscriptions if they leave it checked and follow the link in the confirmation email.

    You can get the id of a subcription by looking at the Edit link on the subscriptions management page, the number after "id=" is the id.


    If set to zero then user billing options will be managed on a separate page. This is controlled by the user/options_base.tmpl template.


    If set to zero then users cannot register themselves. Default: true, allowing users to register themselves.


    If true then an email is sent when a new user registers on your site. The email address sent to is the first set of [site users].notify_register_email, [shop].from or $SHOP_FROM from

    No email is sent if a new user is created from the administration user interface.

    See also: notify_register_email, notify_register_subject.


    The email to sent the registration notification too. See notify_register above.


    The subject of the notification email sent when a new user registers. Any {field} is replaced with the given field from the registered user. See notify_register above.

    Default: New user {userId} registered


    If non-zero then email id notify_register_customer will be sent to new user on registration. By default this uses template user/email_register, subject "Thank you for registering" which can be overridden in [email notify_register_customer] or via the set_subject tag.


    If non-zero then the behaviour described for notify_register_customer will take place when a new member is added by an administrator. Defaults to the value of notify_register_customer.

    [payment type names]

    This section and [payment type descs] are used to configure new paymeny type ids.

    The key is the integer representing the payment type. The value is the name used in tags for checking the payment type.

    You can also add a description (currently unused) to [payment type descs].

    You should use numbers starting from 10 to avoid conflicts with future BSE payment types.

    [payment type descs]

    See [payment type names].

    [payment type required]

    Set the key given by the payment type id to a value of a comma-separated list of fields required for that payment type.

    [help style style-name]

    This type of configuration section is used to set values for a style of help icon. Only the template and prefix values are used directly by the code, the others are used by the default helpicon templates.


    The URI to the help files for this style. Default: /help/ in style "user", /admin/help/ in style "admin".


    The template used to produce the icon. Default: helpicon in style user, admin/helpicon in style "admin".


    URI to the help icon image. Default: /images/admin/help.gif


    The width of the help icon image. Default: 16


    The height of the help icon image. Default: 16

    If you just want to change the help icon image for user help icons you might do:

      [help style user]



    A semi-colon (;) separated list of referer domains that are allowed to link to the a_set target of the manpage.

    If the user's browser supplies a referer header then it will be checked against this list.


    If this is set then the a_set target of the manpage will require that the user's browser supply a Referer header.


    If no r parameter is supplied to the a_set target of the manpage then this is used as the default refresh.

    Default: the site base url.


    This is either the numeric or text of a subscription for which the affiliate must have an active subscription.


    A single letter flag which the site administrator must set for the affiliate page to be displayed for the given member.


    If this is set then will set the named cookie to the affiliate id.


    This is a comma-separated list of other cookies that should be set by the a_set target. The values for the cookies should be passed to the a_set target. For example with:


    if the url:

    is accessed, then the cookie alpha is set to "1", beta is set to "2". The cookie gamma will not be set since it's not listed.


    Used as the link base URL for the afflink.tmpl side bar template when an affiliate id is set. Default:


    Used at the text of the link for the afflink.tmpl side bar template when an affiliate id is set. Default: Your Site.


    Used as the link URL for the afflink.tmpl side bar template when an affiliate id is not set. Default:


    Used as the text of the link for the afflink.tmpl side bar template when an affiliate id is not set. Default: Our site

    [BSE Siteuser Images]

    Each key is the id of a member image, with a corresponding [BSE Siteuser Image image_id] section. The values are ignored.

    [BSE Siteuser Image image_id]

    Provides information about a single member image "template".


    Short description on the image, like "Logo". Used in error messages.


    Longer description of the image. Accessible with the member_image tag.


    The minimum and maximum dimensions of the image.


    Error messages displayed in the when the image is outside the configured dimensions.


    Default error messages for the above.


    Maximum storage the image can use in bytes. Default: 1000000.


    Error message displayed if the image uses too much storage.


    Various editor settings.


    If this is non-zero the system will attempt to load the configured thumbnail class, and put thumbnail images on the image manager page rather than full-size images. Default: off


    The name of a perl class that implement's BSE's thumbnail API. At this point the only class that implements that is BSE::Thumb::Imager, supplied with BSE. Default: None


    URI to the default thumbnail image. This is presented when the runtime production of a thumbnail image fails.


    Dimensions of the default thumbnail image.


    Alt text for the default thumbnail image.


    If this is true then BSE will check the value of the lastModified parameter passed against the value in the article. If these don't match the article isn't saved and is redisplayed with an error message. This provides simple protection against one user saving changes over those made by another.



    Default values for the thumbimage tag.


    Each value is used as the relative or absolute name of a file or directory to load more configuration data from.

    The keywords must remain unique.

    Only the [includes] section from bse.cfg itself is used to locate more configuration data.

    If the value references a directory, all files with an extension of .cfg are read for configuration data.

    The order the files are read (which later files overriding older files) is:

    1. bse.cfg is read

    2. the entries in [includes] are sorted alphabetically (or rather asciily), so an entry with key "A" is read before one with key "B", one with key "01" is read before "02", but key "10" would be read before key "2".

    3. if an entry is a file then that is read and the values merged.

    4. if an entry is a directory, then that is scanned and the files found read alphabetically as above.


    This is used to configure the error icon displayed next to fields that fail validation.


    URI to the image file.


    The width and height of the error icon image.

    [site user flags]

    Flags that can be set for site users.

    All flag Ids are single letters or digits. Uppercase letters are reserved for use by BSE internally, leaving lower-case letters and digits for your own use.

    Use the id of the flag as the key, and a description of the flag as it's value.

    [article defaults]

    [catalog defaults]

    [product defaults]

    These sections contain defaults values for the corresponding article types.

    Each key is the name of a column for the article type.

    If an entry is not found in [catalog defaults] then [article defaults] is also checked.

    If an entry is not found in [product defaults] then [article defaults] is also checked.

    These sections are checked after the [children of id] and [level level] sections.

    These defaults are used when creating an article where no value is supplied, they can also be accessed via the <:default name:> tag.

    [newsletter filters]

    Contains criteriaindex entries starting from criteria1, then criteria2, etc.

    Each entry consists of a filter class name, followed by a ; followed by data passed to that filter.

      ; user the original SQL based filter, configured from 
      ; section [foo]

    See the documentation for each filter to configure the filters.

    [Query Groups]

    The key of each entry is the numeric identifier of a query group, the values are the name of the query group. For example:

      [query groups]
      1=some name
      [query group some name]
      sql=select id from bse_siteusers where id = ? and name1 like '%some%'

    Each entry also has a corresponding [Query Group name] section.

    [query group name]

    This section corresponds to an entry in [Query Groups].


    This is an SQL statement. One placeholder is required and is passed the siteuser id (primary key) of the user to be checked. If this query returns any rows then the user is considered part of the group.

    [template types]

    Each key is a template name, the value is the content type to be used when displaying the template dynamically.

    [template descriptions]

    Each key is a template name, the value is a description used in the template dropdown for that template.

    [body class]

    This section defines CSS class names for BSE's body text link tags. The key is the tag name, the value is the CSS class to be used.

    By default the class used is the same as the name of the tag, but you can switch this off by adding an entry setting the class to the empty string, for example:

      ; no class attribute for any of the links
      [body class]

    You can set p here too to set the class for paragraphs generated as body text. By default no class is set.


    Controls the behaviour of the window displayed by the popimage[] body text tag. If the Javascript for this has been customized then this may not apply.


    Extra width and height for the window beyond the size of the image. Default: no extra width or height.


    If set to non-zero popimage[] will attempt to centre the popup within the current window. Default: 0.


    This is used to configure the DevHelp::Payments::Inpho module.


    If this is set then the test parameters are used instead of the product values.


    The URL to process requests through.



    Inpho supplied user name.


    Inpho supplied password.


    The URL to process test requests through.


    The user to supply to test requests.


    The password to supply to test requests.


    This section controls whether some custom class methods are called:


    If this is non-zero then siteuser_saveopts is called.

    [levellevel menus]

    Where level is the article level at which the defined menu options will be available. Configure each menu value and description as key and value.

    For example:

      [level1 menus]

    To create a menus using such values, use the "allkids_of" iterator "filter" option.

    For example:

      <:iterator begin allkids_of -1 filter: [menu] == 2 :>

    [title alias]

    Enable the "titleAlias" article field and set which level it will be available.


    Where level is the article "level" for which the "titleAlias" field should be enabled. To enable set the value to non-zero.

    For example:

      [title alias]

    The "titleAlias" can be used as an alternate "short" title for the given article, especially useful for space critical iterated menus. A template conditional can be used to display the "titleAlias" in place of the article "title" when appropriate.

    [thumb geometries]

    Each key represents a geometry identifier for use by the thumbimage[], gthumbimage[] body text tags and the <:thumbimage ...:>, <:gthumbimage ...:>, <:dthumbimage ...:> template tags.

    The key is the geometry identifier, the value is the geometry string as follows.

    The geometry string consists of:

    The dimensions can be in any of the following forms:

    The crop flag is a single letter "c", if present then the image should be scaled so the smaller dimension matches the requested size, and the longer dimension will be cropped to fit.

    The fill if present is: fill(color) where color is a color recognized by the underlying graphics implementation. This should be at least hex web colors without the #, eg fill(FF0000) will fill with red.

    [thumb classes]

    Each key represents a geometry identifier for use by the thumbimage[], gthumbimage[] body text tags and the <:thumbimage ...:>, <:gthumbimage ...:>, <:dthumbimage ...:> template tags.

    The value is used as the class for the generated img tag.


    Each value represents a handler or script name for the <:dyntarget script target ...:> tag.

    Each key has a TARGET version and a no-TARGET version, with the key suffixed with _n.

    The default nuser target is /cgi-bin/ The default no-target nuser is /cgi-bin/

    For other targets the default is /cgi-bin/ and /cgi-bin/

    The string TARGET is replaced with the target specified in the dyntarget tag.

    This, along with dyntarget is intended to allow a more "Web 2.0" type of access to BSE. eg. you might set:


    and have a rewrite rule:

      RewriteRule ^/xshop/(.*)$ /cgi-bin/$1 [PT]

    [popimage class classname]

    This defines the settings for a class of images generated by the popimage[] and gpopimage[] body text markup tags. For example, the settings for popimage[imageid|foo] can be found in section [popimage class foo].


    The html generated for this class. Tags of the form {identifier} are replaced, where identifier can be inline_ or outline_ followed by an image field name, for example inline_src is the URL to the inline image.

    Default: <a href="{outline_src}" rel="lightbox[id]" target="_blank"><img src="{inline_src}" alt="{inline_alt}" width="{inline_width}" height="{inline_height}" border="0" /></a>

    The default may be tuned as needed.


    The inline image geometry. Default: editor (the value used for thumbnails on the admin side)


    The outline image geometry. If no value is supplied then the original image values are used.

    [mail resources]

    Each key is the identifier of a file that can be attached to BSE::ComposeMail emails. The value is comma separated filename, content type, inline status.

    The files are searched for through the template search mechanism, so the filename can be relative to either the master or local templates directories.

    If the content type is not supplied, if the filename end in gif, png or jpg the appropriate content type is used, otherwise application/octet-stream.

    If the inline status is not supplied then images are considered inline, and other files arent.

    [shop registration]

    Each key represents a message id from attempts to checkout. Except the all key which covers all cases.

    If the all key or the message id key is non-zero then the checkout page will redirect to registration instead of login if the cart or configuration requires that the user be logged in.

    [template template-name]

    Settings for articles based on a particular template.


    Controls whether a cache-control: no-cache header will be produced. Can be overridden with the A and B article flags. If not set the value of [article].no_cache_dynamic is used.


    Global settings for articles.


    Controls whether a cache-control: no-cache header will be produced. Can be overridden with the A and B article flags or [template template-name].no_cache_dynamic. If not set the value of [basic].no_cache_dynamic is used.


    For the <:recaptcha:> tag currently only used for


    The public and private key you receive when you register with reCAPTCHA.


    Replace the error message for the given error_code where error_code is the reCAPTCHA error code (eg. "incorrect-captcha-sol") with dash replaced by underscore.


      error_incorrect_captch_sol=VERY BAD INPUT

    [global file metadata]

    Each key represents an item of metadata for files attached to articles.

    The values are ignored.

    For each key, extra information is defined in the [file metadata name] section.

    [file metadata name]

    Definition for the file metadata item name.

    [session cleanup]

    Controls the processing of the script.

    [nightly work]

    Controls the script.


    Parameters controlling where cached information - eg. file upload progress is stored.


    Database connection parameters. These override the settings in which are deprecated.

    [extra a_config]

    Defines extra configuration to be returned from the BSE system configuration.

    Each key is the keyword in the returned JSON object. If the key already exists it is not overwritten.

    Each value is the name of a section in the BSE configuration. The strings "{level}", "{generator}", "{parentid}", "{template}" are replaced with their values from the article that config is being requested for.


      [extra a_config]
      menu=level{level} menu
      [level1 menu]

    will include:

      menu: { alpha: "One", beta: "Two" }

    in the returned configuration

    [cookie names]

    This section maps BSE's default cookie names to alternate names. This can be useful if you have two BSE sites under the same domain and need to ensure they use different cookies.


      [cookie names]

    [siteuser updates]

    Each key identifies an update specification for, the value is a description of the specification.

    See [siteuser update specid] for the rest of the import specification.

    [siteuser update specid]

    Currently contains only a single key:


    Configuration for BSE's PayPal integration.

    It shouldn't be necessary to change any of the URLs.

    [paypal custom]

    Extra parameters supplied to the SetExpressCheckout API. See the Express Checkout Advanced Features Guide (from PayPal) for details.

    Some settings that may be useful:

    [audit log]

    [audit log facility]

    Most commonly [audit log bse]. Controls whether given events or families of events are logged.

    The key is one of:


    with the longer keys overriding the shorter keys, and defaulting to all actions being logged.

    [mail audit log]

    This enables sent when an event is logged in the audit log. Warning: for common events this will result in large amounts of email.

    with the longer keys overriding the shorter keys, and defaulting to all actions being logged.

    [html tidy]

    Contains options to pass to HTML::Tidy. Anything not listed below is passed directly to HTML::Tidy->new.

    [email token]

    Controls emails sent via cgi-bin/admin/

    [lost password]

    [link replacement]

    For formatted text, this is a list of URL prefixes to replace.

    The key is a sort key, replacements are checked in alphabetical order.

    The value is the original prefix, followed by ";", followed by the replacement.

    Replacement is performed case-insenitively. Regexp metacharacters

    [article categories]

    [article category id]

    Other keys may be used as desired, eg. to make it simpler to configure article behaviour based on the category.

    [article menu]

    This section can be used to add new menu items to the menu displayed on article edit pages.

    The keys are used for sorting only.

    The value is comma-separated:


      sample,a_foo,Sample Item

    will generate a link like:

      <a href="/cgi-bin/admin/;a_foo=1">Sample Item</a>

    where 10 is the id of the article being edited.

    Keys with a prefix of bse_ are reserved for BSE internal use.

    [undeletable articles]

    Keys are the ids of articles that may not be deleted.

    This applies if the value of the entry is a true perl value.

      [undeletable articles]
      1=home page
      2=more home page
      ; article 3 is deletable

    [dummy shipping methods]

    Configures extra shipping methods only selectable from the order detail page.

    Entries are sorted by value.

    If the value contains a comma the text up to the comma is removed and the remains used as the label, otherwise the key is used as the label.

    [article custom fields]

    [product custom fields]

    [catalog custom fields]

    These can be used to define article, product and catalog custom fields respectively, in a similar manner to the formmail manpage.

    The field names are predefined, customDate1, customDate2, customInt1, customInt2, customInt3, customInt4, customStr1 and customStr2, but are only active if a description is defined for the field:

      [article custom fields]
      customInt1_description=Stock Level


    Tony Cook <>