v5.12.1 (#4908)

Signed-off-by: Christian König <ckoenig@posteo.de>

.codespellignore

@@ -0,0 +1,3 @@
+doubleclick
+wan
+nwe

.editorconfig

@@ -13,26 +13,8 @@ tab_width = 4
 charset = utf-8
 trim_trailing_whitespace = true
 
-# Matches multiple files with brace expansion notation
-# Set default charset
-[*.{js,py}]
-charset = utf-8
+[*.yml]
+tab_width = 2
 
-# 4 space indentation
-[*.py]
-indent_style = space
-indent_size = 4
-
-# Tab indentation (no size specified)
-[Makefile]
-indent_style = tab
-
-# Indentation override for all JS under lib directory
-[scripts/**.js]
-indent_style = space
-indent_size = 2
-
-# Matches the exact files either package.json or .travis.yml
-[{package.json,.travis.yml}]
-indent_style = space
-indent_size = 2
+[*.md]
+tab_width = 2

.github/dependabot.yml

@@ -7,4 +7,6 @@ updates:
     day: saturday
     time: "10:00"
   open-pull-requests-limit: 10
-  target-branch: developement
+  target-branch: development
+  reviewers:
+    - "pi-hole/core-maintainers"

.github/workflows/codeql-analysis.yml

@@ -25,16 +25,16 @@ jobs:
     steps:
     -
       name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3.0.2
     # Initializes the CodeQL tools for scanning.
     -
       name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: 'python'
     -
       name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
     -
       name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/stale.yml

@@ -2,7 +2,7 @@ name: Mark stale issues
 
 on:
   schedule:
-  - cron: '0 * * * *'
+    - cron: '0 8 * * *'
   workflow_dispatch:
 
 jobs:
@@ -13,13 +13,14 @@ jobs:
       issues: write
 
     steps:
-    - uses: actions/stale@v4
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        days-before-stale: 30
-        days-before-close: 5
-        stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
-        stale-issue-label: 'stale'
-        exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'
-        exempt-all-issue-assignees: true
-        operations-per-run: 300
+      - uses: actions/stale@v5.1.1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 30
+          days-before-close: 5
+          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
+          stale-issue-label: 'stale'
+          exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'
+          exempt-all-issue-assignees: true
+          operations-per-run: 300
+          close-issue-reason: 'not_planned'

.github/workflows/sync-back-to-dev.yml

@@ -11,7 +11,7 @@ jobs:
     name: Syncing branches
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.0.2
       - name: Opening pull request
         id: pull
         uses: tretuna/sync-branches@1.4.0
@@ -20,7 +20,7 @@ jobs:
           FROM_BRANCH: 'master'
           TO_BRANCH: 'development'
       - name: Label the pull request to ignore for release note generation
-        uses: actions-ecosystem/action-add-labels@v1
+        uses: actions-ecosystem/action-add-labels@v1.1.3
         with:
           labels: internal
           repo: ${{ github.repository }}

.github/workflows/test.yml

@@ -8,39 +8,51 @@ permissions:
   contents: read
 
 jobs:
-  smoke-test:
+  smoke-tests:
     if: github.event.pull_request.draft == false
     runs-on: ubuntu-latest
     steps:
     -
       name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3.0.2
     -
-      name: Run Smoke Tests
+      name: Check scripts in repository are executable
       run: |
-        # Ensure scripts in repository are executable
         IFS=$'\n';
         for f in $(find . -name '*.sh'); do if [[ ! -x $f ]]; then echo "$f is not executable" && FAIL=1; fi ;done
         unset IFS;
         # If FAIL is 1 then we fail.
-        [[ $FAIL == 1 ]] && exit 1 || echo "Smoke Tests Passed"
+        [[ $FAIL == 1 ]] && exit 1 || echo "Scripts are executable!"
+    -
+      name: Spell-Checking
+      uses: codespell-project/actions-codespell@master
+      with:
+        ignore_words_file: .codespellignore
+    -
+      name: Get editorconfig-checker
+      uses: editorconfig-checker/action-editorconfig-checker@main # tag v1.0.0 is really out of date
+    -
+      name: Run editorconfig-checker
+      run: editorconfig-checker
+
 
   distro-test:
     if: github.event.pull_request.draft == false
     runs-on: ubuntu-latest
-    needs: smoke-test
+    needs: smoke-tests
     strategy:
+      fail-fast: false
       matrix:
-        distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_33, fedora_34]
+        distro: [debian_10, debian_11, ubuntu_20, ubuntu_22, centos_8, fedora_34]
     env:
       DISTRO: ${{matrix.distro}}
     steps:
     -
       name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3.0.2
     -
       name: Set up Python 3.8
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v4.2.0
       with:
         python-version: 3.8
     -

.stickler.yml

@@ -1,6 +1,10 @@
+---
 linters:
   shellcheck:
     shell: bash
   phpcs:
   flake8:
     max-line-length: 120
+  yamllint:
+    config: ./.yamllint.conf
+  remarklint:

.yamllint.conf

@@ -0,0 +1,3 @@
+rules:
+  line-length: disable
+  document-start: disable

CONTRIBUTING.md

@@ -3,5 +3,3 @@
 Please read and understand the contribution guide before creating an issue or pull request.
 
 The guide can be found here: [https://docs.pi-hole.net/guides/github/contributing/](https://docs.pi-hole.net/guides/github/contributing/)
-
-

README.md

@@ -3,12 +3,15 @@
 #
 
 <p align="center">
-    <a href="https://pi-hole.net/">
-        <img src="https://pi-hole.github.io/graphics/Vortex/Vortex_with_Wordmark.svg" width="150" height="260" alt="Pi-hole">
-    </a>
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_darkmode.png">
+    <source media="(prefers-color-scheme: light)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png">
+    <img src="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png" width="168" height="270" alt="Pi-hole website">
+  </picture>
     <br>
     <strong>Network-wide ad blocking via your own Linux hardware</strong>
 </p>
+
 <!-- markdownlint-enable MD033 -->
 
 The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content without installing any client-side software.
@@ -19,7 +22,7 @@ The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) th
 - **Lightweight**: runs smoothly with [minimal hardware and software requirements](https://docs.pi-hole.net/main/prerequisites/)
 - **Robust**: a command line interface that is quality assured for interoperability
 - **Insightful**: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
-- **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring *all* your devices are protected automatically
+- **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring _all_ your devices are protected automatically
 - **Scalable**: [capable of handling hundreds of millions of queries](https://pi-hole.net/2017/05/24/how-much-traffic-can-pi-hole-handle/) when installed on server-grade hardware
 - **Modern**: blocks ads over both IPv4 and IPv6
 - **Free**: open source software that helps ensure _you_ are the sole person in control of your privacy
@@ -50,7 +53,9 @@ sudo bash basic-install.sh
 wget -O basic-install.sh https://install.pi-hole.net
 sudo bash basic-install.sh
 ```
+
 ### Method 3: Using Docker to deploy Pi-hole
+
 Please refer to the [Pi-hole docker repo](https://github.com/pi-hole/docker-pi-hole) to use the Official Docker Images.
 
 ## [Post-install: Make your network take advantage of Pi-hole](https://docs.pi-hole.net/main/post-install/)
@@ -112,7 +117,7 @@ While we are primarily reachable on our [Discourse User Forum](https://discourse
 
 ### [Faster-than-light Engine](https://github.com/pi-hole/ftl)
 
-[FTLDNS](https://github.com/pi-hole/ftl) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
+[FTLDNS](https://github.com/pi-hole/ftl) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all _very quickly_!
 
 Some of the statistics you can integrate include:
 
@@ -139,7 +144,7 @@ Some notable features include:
 - [Updating Ad Lists](https://docs.pi-hole.net/core/pihole-command/#gravity)
 - [Querying Ad Lists for blocked domains](https://docs.pi-hole.net/core/pihole-command/#query)
 - [Enabling and Disabling Pi-hole](https://docs.pi-hole.net/core/pihole-command/#enable-disable)
-- ... and *many* more!
+- ... and _many_ more!
 
 You can read our [Core Feature Breakdown](https://docs.pi-hole.net/core/pihole-command/#pi-hole-core) for more information.
 

advanced/01-pihole.conf

@@ -37,6 +37,6 @@ interface=@INT@
 cache-size=@CACHE_SIZE@
 
 log-queries
-log-facility=/var/log/pihole.log
+log-facility=/var/log/pihole/pihole.log
 
 log-async

advanced/Scripts/database_migration/gravity/11_to_12.sql

@@ -16,4 +16,4 @@ CREATE TRIGGER tr_group_zero AFTER DELETE ON "group"
 
 UPDATE info SET value = 12 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/database_migration/gravity/12_to_13.sql

@@ -15,4 +15,4 @@ CREATE TRIGGER tr_adlist_update AFTER UPDATE OF address,enabled,comment ON adlis
 
 UPDATE info SET value = 13 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/database_migration/gravity/3_to_4.sql

@@ -93,4 +93,4 @@ CREATE VIEW vw_regex_blacklist AS SELECT domain, domainlist.id AS id, domainlist
 
 UPDATE info SET value = 4 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/database_migration/gravity/4_to_5.sql

@@ -35,4 +35,4 @@ CREATE TABLE client_by_group
 
 UPDATE info SET value = 5 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/list.sh

@@ -100,21 +100,29 @@ Options:
 ValidateDomain() {
     # Convert to lowercase
     domain="${1,,}"
+    local str validDomain
 
     # Check validity of domain (don't check for regex entries)
-    if [[ "${#domain}" -le 253 ]]; then
-        if [[ ( "${typeId}" == "${regex_blacklist}" || "${typeId}" == "${regex_whitelist}" ) && "${wildcard}" == false ]]; then
-            validDomain="${domain}"
-        else
+    if [[ ( "${typeId}" == "${regex_blacklist}" || "${typeId}" == "${regex_whitelist}" ) && "${wildcard}" == false ]]; then
+        validDomain="${domain}"
+    else
+        # Check max length
+        if [[ "${#domain}" -le 253 ]]; then
             validDomain=$(grep -P "^((-|_)*[a-z\\d]((-|_)*[a-z\\d])*(-|_)*)(\\.(-|_)*([a-z\\d]((-|_)*[a-z\\d])*))*$" <<< "${domain}") # Valid chars check
             validDomain=$(grep -P "^[^\\.]{1,63}(\\.[^\\.]{1,63})*$" <<< "${validDomain}") # Length of each label
+            # set error string
+            str="is not a valid argument or domain name!"
+        else
+            validDomain=
+            str="is too long!"
+
         fi
     fi
 
     if [[ -n "${validDomain}" ]]; then
         domList=("${domList[@]}" "${validDomain}")
     else
-        echo -e "  ${CROSS} ${domain} is not a valid argument or domain name!"
+        echo -e "  ${CROSS} ${domain} ${str}"
     fi
 
     domaincount=$((domaincount+1))

advanced/Scripts/piholeCheckout.sh

@@ -9,7 +9,7 @@
 # Please see LICENSE file for your rights under this license.
 
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-PH_TEST="true"
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 
 # webInterfaceGitUrl set in basic-install.sh

advanced/Scripts/piholeDebug.sh

@@ -66,8 +66,8 @@ PIHOLE_DIRECTORY="/etc/pihole"
 PIHOLE_SCRIPTS_DIRECTORY="/opt/pihole"
 BIN_DIRECTORY="/usr/local/bin"
 RUN_DIRECTORY="/run"
-LOG_DIRECTORY="/var/log"
-WEB_SERVER_LOG_DIRECTORY="${LOG_DIRECTORY}/lighttpd"
+LOG_DIRECTORY="/var/log/pihole"
+WEB_SERVER_LOG_DIRECTORY="/var/log/lighttpd"
 WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd"
 HTML_DIRECTORY="/var/www/html"
 WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin"
@@ -129,36 +129,17 @@ FTL_PORT="${RUN_DIRECTORY}/pihole-FTL.port"
 PIHOLE_LOG="${LOG_DIRECTORY}/pihole.log"
 PIHOLE_LOG_GZIPS="${LOG_DIRECTORY}/pihole.log.[0-9].*"
 PIHOLE_DEBUG_LOG="${LOG_DIRECTORY}/pihole_debug.log"
-PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log")"
+PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/FTL.log")"
 
-PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log"
-PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log"
+PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access-pihole.log"
+PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error-pihole.log"
 
 RESOLVCONF="${ETC}/resolv.conf"
 DNSMASQ_CONF="${ETC}/dnsmasq.conf"
 
-# An array of operating system "pretty names" that we officially support
-# We can loop through the array at any time to see if it matches a value
-#SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS")
-
 # Store Pi-hole's processes in an array for easy use and parsing
 PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" )
 
-# Store the required directories in an array so it can be parsed through
-#REQUIRED_DIRECTORIES=("${CORE_GIT_DIRECTORY}"
-#"${CRON_D_DIRECTORY}"
-#"${DNSMASQ_D_DIRECTORY}"
-#"${PIHOLE_DIRECTORY}"
-#"${PIHOLE_SCRIPTS_DIRECTORY}"
-#"${BIN_DIRECTORY}"
-#"${RUN_DIRECTORY}"
-#"${LOG_DIRECTORY}"
-#"${WEB_SERVER_LOG_DIRECTORY}"
-#"${WEB_SERVER_CONFIG_DIRECTORY}"
-#"${HTML_DIRECTORY}"
-#"${WEB_GIT_DIRECTORY}"
-#"${BLOCK_PAGE_DIRECTORY}")
-
 # Store the required directories in an array so it can be parsed through
 REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
 "${WEB_SERVER_CONFIG_FILE}"
@@ -351,17 +332,34 @@ compare_local_version_to_git_version() {
 
 check_ftl_version() {
     local ftl_name="FTL"
+    local FTL_VERSION FTL_COMMIT FTL_BRANCH
     echo_current_diagnostic "${ftl_name} version"
     # Use the built in command to check FTL's version
-    FTL_VERSION=$(pihole-FTL version)
+    FTL_VERSION=$(pihole-FTL -vv | grep -m 1 Version | awk '{printf $2}')
+    FTL_BRANCH=$(pihole-FTL -vv | grep -m 1 Branch | awk '{printf $2}')
+    FTL_COMMIT=$(pihole-FTL -vv | grep -m 1 Commit | awk '{printf $2}')
+
     # Compare the current FTL version to the remote version
     if [[ "${FTL_VERSION}" == "$(pihole -v | awk '/FTL/ {print $6}' | cut -d ')' -f1)" ]]; then
         # If they are the same, FTL is up-to-date
         log_write "${TICK} ${ftl_name}: ${COL_GREEN}${FTL_VERSION}${COL_NC}"
     else
         # If not, show it in yellow, signifying there is an update
-        log_write "${TICK} ${ftl_name}: ${COL_YELLOW}${FTL_VERSION}${COL_NC} (${FAQ_UPDATE_PI_HOLE})"
+        log_write "${INFO} ${ftl_name}: ${COL_YELLOW}${FTL_VERSION}${COL_NC} (${FAQ_UPDATE_PI_HOLE})"
     fi
+
+    # If they use the master branch, they are on the stable codebase
+    if [[ "${FTL_BRANCH}" == "master" ]]; then
+        # so the color of the text is green
+        log_write "${INFO} Branch: ${COL_GREEN}${FTL_BRANCH}${COL_NC}"
+        # If it is any other branch, they are in a development branch
+    else
+        # So show that in yellow, signifying it's something to take a look at, but not a critical error
+        log_write "${INFO} Branch: ${COL_YELLOW}${FTL_BRANCH}${COL_NC} (${FAQ_CHECKOUT_COMMAND})"
+    fi
+
+    # echo the current commit
+    log_write "${INFO} Commit: ${FTL_COMMIT}"
 }
 
 # Checks the core version of the Pi-hole codebase
@@ -600,10 +598,10 @@ disk_usage() {
     # Some lines of df might contain sensitive information like usernames and passwords.
     # E.g. curlftpfs filesystems (https://www.looklinux.com/mount-ftp-share-on-linux-using-curlftps/)
     # We are not interested in those lines so we collect keyword, to remove them from the output
-    # Additinal keywords can be added, separated by "|"
+    # Additional keywords can be added, separated by "|"
     hide="curlftpfs"
 
-    # only show those lines not containg a sensitive phrase
+    # only show those lines not containing a sensitive phrase
     for line in "${file_system[@]}"; do
       if [[ ! $line =~ $hide ]]; then
         log_write "   ${line}"
@@ -816,29 +814,13 @@ check_x_headers() {
     # server is operating correctly
     echo_current_diagnostic "Dashboard and block page"
     # Use curl -I to get the header and parse out just the X-Pi-hole one
-    local block_page
-    block_page=$(curl -Is localhost | awk '/X-Pi-hole/' | tr -d '\r')
-    # Do it for the dashboard as well, as the header is different than above
+    local full_curl_output_dashboard
     local dashboard
-    dashboard=$(curl -Is localhost/admin/ | awk '/X-Pi-hole/' | tr -d '\r')
+    full_curl_output_dashboard="$(curl -Is localhost/admin/)"
+    dashboard=$(echo "${full_curl_output_dashboard}" | awk '/X-Pi-hole/' | tr -d '\r')
     # Store what the X-Header should be in variables for comparison later
-    local block_page_working
-    block_page_working="X-Pi-hole: A black hole for Internet advertisements."
     local dashboard_working
     dashboard_working="X-Pi-hole: The Pi-hole Web interface is working!"
-    local full_curl_output_block_page
-    full_curl_output_block_page="$(curl -Is localhost)"
-    local full_curl_output_dashboard
-    full_curl_output_dashboard="$(curl -Is localhost/admin/)"
-    # If the X-header found by curl matches what is should be,
-    if [[ $block_page == "$block_page_working" ]]; then
-        # display a success message
-        log_write "$TICK Block page X-Header: ${COL_GREEN}${block_page}${COL_NC}"
-    else
-        # Otherwise, show an error
-        log_write "$CROSS Block page X-Header: ${COL_RED}X-Header does not match or could not be retrieved.${COL_NC}"
-        log_write "${COL_RED}${full_curl_output_block_page}${COL_NC}"
-    fi
 
     # Same logic applies to the dashboard as above, if the X-Header matches what a working system should have,
     if [[ $dashboard == "$dashboard_working" ]]; then
@@ -847,6 +829,7 @@ check_x_headers() {
     else
         # Otherwise, it's a failure since the X-Headers either don't exist or have been modified in some way
         log_write "$CROSS Web interface X-Header: ${COL_RED}X-Header does not match or could not be retrieved.${COL_NC}"
+
         log_write "${COL_RED}${full_curl_output_dashboard}${COL_NC}"
     fi
 }
@@ -1009,7 +992,7 @@ make_array_from_file() {
     else
         # Otherwise, read the file line by line
         while IFS= read -r line;do
-            # Othwerise, strip out comments and blank lines
+            # Otherwise, strip out comments and blank lines
             new_line=$(echo "${line}" | sed -e 's/^\s*#.*$//' -e '/^$/d')
             # If the line still has content (a non-zero value)
             if [[ -n "${new_line}" ]]; then
@@ -1067,7 +1050,7 @@ parse_file() {
 }
 
 check_name_resolution() {
-    # Check name resolution from localhost, Pi-hole's IP, and Google's name severs
+    # Check name resolution from localhost, Pi-hole's IP, and Google's name servers
     # using the function we created earlier
     dig_at 4
     dig_at 6
@@ -1249,7 +1232,7 @@ check_dhcp_servers() {
     OLD_IFS="$IFS"
     IFS=$'\n'
     local entries=()
-    mapfile -t entries < <(pihole-FTL dhcp-discover)
+    mapfile -t entries < <(pihole-FTL dhcp-discover & spinner)
 
     for line in "${entries[@]}"; do
         log_write "   ${line}"
@@ -1278,12 +1261,21 @@ show_messages() {
     show_FTL_db_entries "Pi-hole diagnosis messages" "SELECT count (message) as count, datetime(max(timestamp),'unixepoch','localtime') as 'last timestamp', type, message, blob1, blob2, blob3, blob4, blob5 FROM message GROUP BY type, message, blob1, blob2, blob3, blob4, blob5;" "6 19 20 60 20 20 20 20 20"
 }
 
+database_permissions() {
+    local permissions
+    permissions=$(ls -lhd "${1}")
+    log_write "${COL_GREEN}${permissions}${COL_NC}"
+}
+
 analyze_gravity_list() {
     echo_current_diagnostic "Gravity Database"
 
-    local gravity_permissions
-    gravity_permissions=$(ls -lhd "${PIHOLE_GRAVITY_DB_FILE}")
-    log_write "${COL_GREEN}${gravity_permissions}${COL_NC}"
+    database_permissions "${PIHOLE_GRAVITY_DB_FILE}"
+
+    # if users want to check database integrity
+    if [[ "${CHECK_DATABASE}" = true ]]; then
+        database_integrity_check "${PIHOLE_FTL_DB_FILE}"
+    fi
 
     show_db_entries "Info table" "SELECT property,value FROM info" "20 40"
     gravity_updated_raw="$(pihole-FTL sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT value FROM info where property = 'updated'")"
@@ -1305,6 +1297,95 @@ analyze_gravity_list() {
     IFS="$OLD_IFS"
 }
 
+analyze_ftl_db() {
+    echo_current_diagnostic "Pi-hole FTL Query Database"
+    database_permissions "${PIHOLE_FTL_DB_FILE}"
+    # if users want to check database integrity
+    if [[ "${CHECK_DATABASE}" = true ]]; then
+        database_integrity_check "${PIHOLE_FTL_DB_FILE}"
+    fi
+}
+
+database_integrity_check(){
+    local result
+    local database="${1}"
+
+    log_write "${INFO} Checking integrity of ${database} ... (this can take several minutes)"
+    result="$(pihole-FTL "${database}" "PRAGMA integrity_check" 2>&1 & spinner)"
+    if [[ ${result} = "ok" ]]; then
+      log_write "${TICK} Integrity of ${database} intact"
+
+
+      log_write "${INFO} Checking foreign key constraints of ${database} ... (this can take several minutes)"
+      unset result
+      result="$(pihole-FTL sqlite3 "${database}" -cmd ".headers on" -cmd ".mode column" "PRAGMA foreign_key_check" 2>&1 & spinner)"
+      if [[ -z ${result} ]]; then
+        log_write "${TICK} No foreign key errors in ${database}"
+      else
+        log_write "${CROSS} ${COL_RED}Foreign key errors in ${database} found.${COL_NC}"
+        while IFS= read -r line ; do
+            log_write "    $line"
+        done <<< "$result"
+      fi
+
+    else
+      log_write "${CROSS} ${COL_RED}Integrity errors in ${database} found.\n${COL_NC}"
+      while IFS= read -r line ; do
+        log_write "    $line"
+      done <<< "$result"
+    fi
+
+}
+
+check_database_integrity() {
+    echo_current_diagnostic "Gravity Database"
+    database_permissions "${PIHOLE_GRAVITY_DB_FILE}"
+    database_integrity_check "${PIHOLE_GRAVITY_DB_FILE}"
+
+    echo_current_diagnostic "Pi-hole FTL Query Database"
+    database_permissions "${PIHOLE_FTL_DB_FILE}"
+    database_integrity_check "${PIHOLE_FTL_DB_FILE}"
+}
+
+# Show a text spinner during a long process run
+spinner(){
+    # Show the spinner only if there is a tty
+    if tty -s; then
+        # PID of the most recent background process
+        _PID=$!
+        _spin="/-\|"
+        _start=0
+        _elapsed=0
+        _i=1
+
+        # Start the counter
+        _start=$(date +%s)
+
+        # Hide the cursor
+        tput civis > /dev/tty
+
+        # ensures cursor is visible again, in case of premature exit
+        trap 'tput cnorm > /dev/tty' EXIT
+
+        while [ -d /proc/$_PID ]; do
+            _elapsed=$(( $(date +%s) - _start ))
+            # use hours only if needed
+            if [ "$_elapsed" -lt 3600 ]; then
+                printf "\r${_spin:_i++%${#_spin}:1} %02d:%02d" $((_elapsed/60)) $((_elapsed%60)) >"$(tty)"
+            else
+                printf "\r${_spin:_i++%${#_spin}:1} %02d:%02d:%02d" $((_elapsed/3600)) $(((_elapsed/60)%60)) $((_elapsed%60)) >"$(tty)"
+            fi
+            sleep 0.25
+        done
+
+        # Return to the begin of the line after completion (the spinner will be overwritten)
+        printf "\r" >"$(tty)"
+
+        # Restore cursor visibility
+        tput cnorm > /dev/tty
+    fi
+}
+
 obfuscated_pihole_log() {
   local pihole_log=("$@")
   local line
@@ -1328,7 +1409,7 @@ obfuscated_pihole_log() {
           # If the variable does not a value (the current default behavior), so do not obfuscate anything
           if [[ -z ${OBFUSCATE} ]]; then
               log_write "   ${line}"
-          # Othwerise, a flag was passed to this command to obfuscate domains in the log
+          # Otherwise, a flag was passed to this command to obfuscate domains in the log
           else
               # So first check if there are domains in the log that should be obfuscated
               if [[ -n ${line_to_obfuscate} ]]; then
@@ -1394,7 +1475,7 @@ curl_to_tricorder() {
 upload_to_tricorder() {
     local username="pihole"
     # Set the permissions and owner
-    chmod 644 ${PIHOLE_DEBUG_LOG}
+    chmod 640 ${PIHOLE_DEBUG_LOG}
     chown "$USER":"${username}" ${PIHOLE_DEBUG_LOG}
 
     # Let the user know debugging is complete with something strikingly visual
@@ -1450,7 +1531,7 @@ upload_to_tricorder() {
         if [[ "${WEBCALL}" ]] && [[ ! "${AUTOMATED}" ]]; then
             :
         else
-            log_write "${CROSS}  ${COL_RED}There was an error uploading your debug log.${COL_NC}"
+            log_write "${CROSS} ${COL_RED}There was an error uploading your debug log.${COL_NC}"
             log_write "   * Please try again or contact the Pi-hole team for assistance."
         fi
     fi
@@ -1479,6 +1560,7 @@ process_status
 ftl_full_status
 parse_setup_vars
 check_x_headers
+analyze_ftl_db
 analyze_gravity_list
 show_groups
 show_domainlist

advanced/Scripts/piholeLogFlush.sh

@@ -31,7 +31,7 @@ if [ -z "$DBFILE" ]; then
 fi
 
 if [[ "$@" != *"quiet"* ]]; then
-    echo -ne "  ${INFO} Flushing /var/log/pihole.log ..."
+    echo -ne "  ${INFO} Flushing /var/log/pihole/pihole.log ..."
 fi
 if [[ "$@" == *"once"* ]]; then
     # Nightly logrotation
@@ -44,9 +44,9 @@ if [[ "$@" == *"once"* ]]; then
         # Note that moving the file is not an option, as
         # dnsmasq would happily continue writing into the
         # moved file (it will have the same file handler)
-        cp -p /var/log/pihole.log /var/log/pihole.log.1
-        echo " " > /var/log/pihole.log
-        chmod 644 /var/log/pihole.log
+        cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
+        echo " " > /var/log/pihole/pihole.log
+        chmod 640 /var/log/pihole/pihole.log
     fi
 else
     # Manual flushing
@@ -56,10 +56,10 @@ else
         /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
     else
         # Flush both pihole.log and pihole.log.1 (if existing)
-        echo " " > /var/log/pihole.log
-        if [ -f /var/log/pihole.log.1 ]; then
-            echo " " > /var/log/pihole.log.1
-            chmod 644 /var/log/pihole.log.1
+        echo " " > /var/log/pihole/pihole.log
+        if [ -f /var/log/pihole/pihole.log.1 ]; then
+            echo " " > /var/log/pihole/pihole.log.1
+            chmod 640 /var/log/pihole/pihole.log.1
         fi
     fi
     # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
@@ -70,6 +70,6 @@ else
 fi
 
 if [[ "$@" != *"quiet"* ]]; then
-    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole.log"
+    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole/pihole.log"
     echo -e "  ${TICK} Deleted ${deleted} queries from database"
 fi

advanced/Scripts/query.sh

@@ -16,7 +16,6 @@ GRAVITYDB="${piholeDir}/gravity.db"
 options="$*"
 all=""
 exact=""
-blockpage=""
 matchType="match"
 # Source pihole-FTL from install script
 pihole_FTL="${piholeDir}/pihole-FTL.conf"
@@ -34,7 +33,7 @@ source "${colfile}"
 # Scan an array of files for matching strings
 scanList(){
     # Escape full stops
-    local domain="${1}" esc_domain="${1//./\\.}" lists="${2}" type="${3:-}"
+    local domain="${1}" esc_domain="${1//./\\.}" lists="${2}" list_type="${3:-}"
 
     # Prevent grep from printing file path
     cd "$piholeDir" || exit 1
@@ -43,7 +42,7 @@ scanList(){
     export LC_CTYPE=C
 
     # /dev/null forces filename to be printed when only one list has been generated
-    case "${type}" in
+    case "${list_type}" in
         "exact" ) grep -i -E -l "(^|(?<!#)\\s)${esc_domain}($|\\s|#)" ${lists} /dev/null 2>/dev/null;;
         # Iterate through each regexp and check whether it matches the domainQuery
         # If it does, print the matching regexp and continue looping
@@ -71,18 +70,14 @@ Options:
 fi
 
 # Handle valid options
-if [[ "${options}" == *"-bp"* ]]; then
-    exact="exact"; blockpage=true
-else
-    [[ "${options}" == *"-all"* ]] && all=true
-    if [[ "${options}" == *"-exact"* ]]; then
-        exact="exact"; matchType="exact ${matchType}"
-    fi
+[[ "${options}" == *"-all"* ]] && all=true
+if [[ "${options}" == *"-exact"* ]]; then
+    exact="exact"; matchType="exact ${matchType}"
 fi
 
 # Strip valid options, leaving only the domain and invalid options
 # This allows users to place the options before or after the domain
-options=$(sed -E 's/ ?-(bp|adlists?|all|exact) ?//g' <<< "${options}")
+options=$(sed -E 's/ ?-(adlists?|all|exact) ?//g' <<< "${options}")
 
 # Handle remaining options
 # If $options contain non ASCII characters, convert to punycode
@@ -99,10 +94,10 @@ if [[ -n "${str:-}" ]]; then
 fi
 
 scanDatabaseTable() {
-    local domain table type querystr result extra
+    local domain table list_type querystr result extra
     domain="$(printf "%q" "${1}")"
     table="${2}"
-    type="${3:-}"
+    list_type="${3:-}"
 
     # As underscores are legitimate parts of domains, we escape them when using the LIKE operator.
     # Underscores are SQLite wildcards matching exactly one character. We obviously want to suppress this
@@ -115,8 +110,8 @@ scanDatabaseTable() {
         esac
     else
         case "${exact}" in
-            "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain = '${domain}'";;
-            *       ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
+            "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${list_type}' AND domain = '${domain}'";;
+            *       ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${list_type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
         esac
     fi
 
@@ -136,17 +131,11 @@ scanDatabaseTable() {
     wbMatch=true
 
     # Print table name
-    if [[ -z "${blockpage}" ]]; then
-        echo " ${matchType^} found in ${COL_BOLD}exact ${table}${COL_NC}"
-    fi
+    echo " ${matchType^} found in ${COL_BOLD}exact ${table}${COL_NC}"
 
     # Loop over results and print them
     mapfile -t results <<< "${result}"
     for result in "${results[@]}"; do
-        if [[ -n "${blockpage}" ]]; then
-            echo "π ${result}"
-            exit 0
-        fi
         domain="${result/|*}"
         if [[ "${result#*|}" == "0" ]]; then
             extra=" (disabled)"
@@ -158,13 +147,13 @@ scanDatabaseTable() {
 }
 
 scanRegexDatabaseTable() {
-    local domain list
+    local domain list list_type
     domain="${1}"
     list="${2}"
-    type="${3:-}"
+    list_type="${3:-}"
 
     # Query all regex from the corresponding database tables
-    mapfile -t regexList < <(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT domain FROM domainlist WHERE type = ${type}" 2> /dev/null)
+    mapfile -t regexList < <(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT domain FROM domainlist WHERE type = ${list_type}" 2> /dev/null)
 
     # If we have regexps to process
     if [[ "${#regexList[@]}" -ne 0 ]]; then
@@ -181,18 +170,13 @@ scanRegexDatabaseTable() {
             # Form a "results" message
             str_result="${COL_BOLD}${str_regexMatches}${COL_NC}"
             # If we are displaying more than just the source of the block
-            if [[ -z "${blockpage}" ]]; then
-                # Set the wildcard match flag
-                wcMatch=true
-                # Echo the "matched" message, indented by one space
-                echo " ${str_message}"
-                # Echo the "results" message, each line indented by three spaces
-                # shellcheck disable=SC2001
-                echo "${str_result}" | sed 's/^/   /'
-            else
-                echo "π .wildcard"
-                exit 0
-            fi
+            # Set the wildcard match flag
+            wcMatch=true
+            # Echo the "matched" message, indented by one space
+            echo " ${str_message}"
+            # Echo the "results" message, each line indented by three spaces
+            # shellcheck disable=SC2001
+            echo "${str_result}" | sed 's/^/   /'
         fi
     fi
 }
@@ -222,7 +206,7 @@ elif [[ -z "${all}" ]] && [[ "${#results[*]}" -ge 100 ]]; then
 fi
 
 # Print "Exact matches for" title
-if [[ -n "${exact}" ]] && [[ -z "${blockpage}" ]]; then
+if [[ -n "${exact}" ]]; then
     plural=""; [[ "${#results[*]}" -gt 1 ]] && plural="es"
     echo " ${matchType^}${plural} for ${COL_BOLD}${domainQuery}${COL_NC} found in:"
 fi
@@ -238,9 +222,7 @@ for result in "${results[@]}"; do
         extra=""
     fi
 
-    if [[ -n "${blockpage}" ]]; then
-        echo "0 ${adlistAddress}"
-    elif [[ -n "${exact}" ]]; then
+    if [[ -n "${exact}" ]]; then
         echo "  - ${adlistAddress}${extra}"
     else
         if [[ ! "${adlistAddress}" == "${adlistAddress_prev:-}" ]]; then

advanced/Scripts/setupLCD.sh

@@ -1,74 +0,0 @@
-#!/usr/bin/env bash
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Automatically configures the Pi to use the 2.8 LCD screen to display stats on it (also works over ssh)
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-
-
-############ FUNCTIONS ###########
-
-# Borrowed from adafruit-pitft-helper < borrowed from raspi-config
-# https://github.com/adafruit/Adafruit-PiTFT-Helper/blob/master/adafruit-pitft-helper#L324-L334
-getInitSys() {
-    if command -v systemctl > /dev/null && systemctl | grep -q '\-\.mount'; then
-        SYSTEMD=1
-    elif [ -f /etc/init.d/cron ] && [ ! -h /etc/init.d/cron ]; then
-        SYSTEMD=0
-    else
-        echo "Unrecognized init system"
-        return 1
-    fi
-}
-
-# Borrowed from adafruit-pitft-helper:
-# https://github.com/adafruit/Adafruit-PiTFT-Helper/blob/master/adafruit-pitft-helper#L274-L285
-autoLoginPiToConsole() {
-    if [ -e /etc/init.d/lightdm ]; then
-        if [ ${SYSTEMD} -eq 1 ]; then
-            systemctl set-default multi-user.target
-            ln -fs /etc/systemd/system/autologin@.service /etc/systemd/system/getty.target.wants/getty@tty1.service
-        else
-            update-rc.d lightdm disable 2
-            sed /etc/inittab -i -e "s/1:2345:respawn:\/sbin\/getty --noclear 38400 tty1/1:2345:respawn:\/bin\/login -f pi tty1 <\/dev\/tty1 >\/dev\/tty1 2>&1/"
-        fi
-    fi
-}
-
-######### SCRIPT ###########
-# Set pi to log in automatically
-getInitSys
-autoLoginPiToConsole
-
-# Set chronomter to run automatically when pi logs in
-echo /usr/local/bin/chronometer.sh >> /home/pi/.bashrc
-# OR
-#$SUDO echo /usr/local/bin/chronometer.sh >> /etc/profile
-
-# Set up the LCD screen based on Adafruits instuctions:
-# https://learn.adafruit.com/adafruit-pitft-28-inch-resistive-touchscreen-display-raspberry-pi/easy-install
-curl -SLs https://apt.adafruit.com/add-pin | bash
-apt-get -y install raspberrypi-bootloader
-apt-get -y install adafruit-pitft-helper
-adafruit-pitft-helper -t 28r
-
-# Download the cmdline.txt file that prevents the screen from going blank after a period of time
-mv /boot/cmdline.txt /boot/cmdline.orig
-curl -o /boot/cmdline.txt https://raw.githubusercontent.com/pi-hole/pi-hole/master/advanced/cmdline.txt
-
-# Back up the original file and download the new one
-mv /etc/default/console-setup /etc/default/console-setup.orig
-curl -o /etc/default/console-setup https://raw.githubusercontent.com/pi-hole/pi-hole/master/advanced/console-setup
-
-# Instantly apply the font change to the LCD screen
-setupcon
-
-reboot
-
-# Start showing the stats on the screen by running the command on another tty:
-# https://unix.stackexchange.com/questions/170063/start-a-process-on-a-different-tty
-#setsid sh -c 'exec /usr/local/bin/chronometer.sh <> /dev/tty1 >&0 2>&1'

advanced/Scripts/update.sh

@@ -17,7 +17,7 @@ readonly PI_HOLE_GIT_URL="https://github.com/pi-hole/pi-hole.git"
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
 
 # shellcheck disable=SC2034
-PH_TEST=true
+SKIP_INSTALL=true
 
 # when --check-only is passed to this script, it will not perform the actual update
 CHECK_ONLY=false

advanced/Scripts/updatecheck.sh

@@ -8,23 +8,6 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
-# Credit: https://stackoverflow.com/a/46324904
-function json_extract() {
-    local key=$1
-    local json=$2
-
-    local string_regex='"([^"\]|\\.)*"'
-    local number_regex='-?(0|[1-9][0-9]*)(\.[0-9]+)?([eE][+-]?[0-9]+)?'
-    local value_regex="${string_regex}|${number_regex}|true|false|null"
-    local pair_regex="\"${key}\"[[:space:]]*:[[:space:]]*(${value_regex})"
-
-    if [[ ${json} =~ ${pair_regex} ]]; then
-        echo $(sed 's/^"\|"$//g' <<< "${BASH_REMATCH[1]}")
-    else
-        return 1
-    fi
-}
-
 function get_local_branch() {
     # Return active branch
     cd "${1}" 2> /dev/null || return 1
@@ -41,54 +24,64 @@ function get_local_version() {
 # shellcheck disable=SC1091
 . /etc/pihole/setupVars.conf
 
+# Source the utils file
+# shellcheck disable=SC1091
+. /opt/pihole/utils.sh
+
+# Remove the below three legacy files if they exist
+rm -f "/etc/pihole/GitHubVersions"
+rm -f "/etc/pihole/localbranches"
+rm -f "/etc/pihole/localversions"
+
+# Create new versions file if it does not exist
+VERSION_FILE="/etc/pihole/versions"
+touch "${VERSION_FILE}"
+chmod 644 "${VERSION_FILE}"
+
 if [[ "$2" == "remote" ]]; then
 
     if [[ "$3" == "reboot" ]]; then
         sleep 30
     fi
 
-    GITHUB_VERSION_FILE="/etc/pihole/GitHubVersions"
-
-    GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
-    echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}"
-    chmod 644 "${GITHUB_VERSION_FILE}"
+    GITHUB_CORE_VERSION="$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null | jq --raw-output .tag_name)"
+    addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_CORE_VERSION" "${GITHUB_CORE_VERSION}"
 
     if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
-        GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
-        echo -n " ${GITHUB_WEB_VERSION}" >> "${GITHUB_VERSION_FILE}"
+        GITHUB_WEB_VERSION="$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null | jq --raw-output .tag_name)"
+        addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_WEB_VERSION" "${GITHUB_WEB_VERSION}"
     fi
 
-    GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"
-    echo -n " ${GITHUB_FTL_VERSION}" >> "${GITHUB_VERSION_FILE}"
+    GITHUB_FTL_VERSION="$(curl -s 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null | jq --raw-output .tag_name)"
+    addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_FTL_VERSION" "${GITHUB_FTL_VERSION}"
+
+    if [[ "${PIHOLE_DOCKER_TAG}" ]]; then
+        GITHUB_DOCKER_VERSION="$(curl -s 'https://api.github.com/repos/pi-hole/docker-pi-hole/releases/latest' 2> /dev/null | jq --raw-output .tag_name)"
+        addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_DOCKER_VERSION" "${GITHUB_DOCKER_VERSION}"
+    fi
 
 else
 
-    LOCAL_BRANCH_FILE="/etc/pihole/localbranches"
-
     CORE_BRANCH="$(get_local_branch /etc/.pihole)"
-    echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}"
-    chmod 644 "${LOCAL_BRANCH_FILE}"
+    addOrEditKeyValPair "${VERSION_FILE}" "CORE_BRANCH" "${CORE_BRANCH}"
 
     if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
         WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
-        echo -n " ${WEB_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
+        addOrEditKeyValPair "${VERSION_FILE}" "WEB_BRANCH" "${WEB_BRANCH}"
     fi
 
     FTL_BRANCH="$(pihole-FTL branch)"
-    echo -n " ${FTL_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
-
-    LOCAL_VERSION_FILE="/etc/pihole/localversions"
+    addOrEditKeyValPair "${VERSION_FILE}" "FTL_BRANCH" "${FTL_BRANCH}"
 
     CORE_VERSION="$(get_local_version /etc/.pihole)"
-    echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}"
-    chmod 644 "${LOCAL_VERSION_FILE}"
+    addOrEditKeyValPair "${VERSION_FILE}" "CORE_VERSION" "${CORE_VERSION}"
 
     if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
         WEB_VERSION="$(get_local_version /var/www/html/admin)"
-        echo -n " ${WEB_VERSION}" >> "${LOCAL_VERSION_FILE}"
+        addOrEditKeyValPair "${VERSION_FILE}" "WEB_VERSION" "${WEB_VERSION}"
     fi
 
     FTL_VERSION="$(pihole-FTL version)"
-    echo -n " ${FTL_VERSION}" >> "${LOCAL_VERSION_FILE}"
+    addOrEditKeyValPair "${VERSION_FILE}" "FTL_VERSION" "${FTL_VERSION}"
 
 fi

advanced/Scripts/utils.sh

@@ -12,7 +12,7 @@
 
 # Basic Housekeeping rules
 #  - Functions must be self contained
-#  - Functions must be added in alphabetical order
+#  - Functions should be grouped with other similar functions
 #  - Functions must be documented
 #  - New functions must have a test added for them in test/test_any_utils.py
 
@@ -71,28 +71,87 @@ removeKey() {
 }
 
 #######################
-# returns FTL's current telnet API port
+# returns path of FTL's port file
+#######################
+getFTLAPIPortFile() {
+    local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
+    local DEFAULT_PORT_FILE="/run/pihole-FTL.port"
+    local FTL_APIPORT_FILE
+
+    if [ -s "${FTLCONFFILE}" ]; then
+        # if PORTFILE is not set in pihole-FTL.conf, use the default path
+        FTL_APIPORT_FILE="$({ grep '^PORTFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PORT_FILE}"; } | cut -d'=' -f2-)"
+    else
+        # if there is no pihole-FTL.conf, use the default path
+        FTL_APIPORT_FILE="${DEFAULT_PORT_FILE}"
+    fi
+
+      echo "${FTL_APIPORT_FILE}"
+}
+
+
+#######################
+# returns FTL's current telnet API port based on the content of the pihole-FTL.port file
+#
+# Takes one argument: path to pihole-FTL.port
+# Example getFTLAPIPort "/run/pihole-FTL.port"
 #######################
 getFTLAPIPort(){
-  local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
-  local DEFAULT_PORT_FILE="/run/pihole-FTL.port"
-  local DEFAULT_FTL_PORT=4711
-  local PORTFILE
-  local ftl_api_port
+    local PORTFILE="${1}"
+    local DEFAULT_FTL_PORT=4711
+    local ftl_api_port
 
-  if [ -f "$FTLCONFFILE" ]; then
-    # if PORTFILE is not set in pihole-FTL.conf, use the default path
-    PORTFILE="$( (grep "^PORTFILE=" $FTLCONFFILE || echo "$DEFAULT_PORT_FILE") | cut -d"=" -f2-)"
-  fi
+    if [ -s "$PORTFILE" ]; then
+        # -s: FILE exists and has a size greater than zero
+        ftl_api_port=$(cat "${PORTFILE}")
+        # Exploit prevention: unset the variable if there is malicious content
+        # Verify that the value read from the file is numeric
+        expr "$ftl_api_port" : "[^[:digit:]]" > /dev/null && unset ftl_api_port
+    fi
 
-  if [ -s "$PORTFILE" ]; then
-    # -s: FILE exists and has a size greater than zero
-    ftl_api_port=$(cat "${PORTFILE}")
-    # Exploit prevention: unset the variable if there is malicious content
-    # Verify that the value read from the file is numeric    
-    expr "$ftl_api_port" : "[^[:digit:]]" > /dev/null && unset ftl_api_port
-  fi
-
-  # echo the port found in the portfile or default to the default port
-  echo "${ftl_api_port:=$DEFAULT_FTL_PORT}"
+    # echo the port found in the portfile or default to the default port
+    echo "${ftl_api_port:=$DEFAULT_FTL_PORT}"
+}
+
+#######################
+# returns path of FTL's PID  file
+#######################
+getFTLPIDFile() {
+  local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
+  local DEFAULT_PID_FILE="/run/pihole-FTL.pid"
+  local FTL_PID_FILE
+
+  if [ -s "${FTLCONFFILE}" ]; then
+    # if PIDFILE is not set in pihole-FTL.conf, use the default path
+    FTL_PID_FILE="$({ grep '^PIDFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PID_FILE}"; } | cut -d'=' -f2-)"
+  else
+    # if there is no pihole-FTL.conf, use the default path
+    FTL_PID_FILE="${DEFAULT_PID_FILE}"
+  fi
+
+  echo "${FTL_PID_FILE}"
+}
+
+#######################
+# returns FTL's PID based on the content of the pihole-FTL.pid file
+#
+# Takes one argument: path to pihole-FTL.pid
+# Example getFTLPID "/run/pihole-FTL.pid"
+#######################
+getFTLPID() {
+    local FTL_PID_FILE="${1}"
+    local FTL_PID
+
+    if [ -s "${FTL_PID_FILE}" ]; then
+        # -s: FILE exists and has a size greater than zero
+        FTL_PID="$(cat "${FTL_PID_FILE}")"
+        # Exploit prevention: unset the variable if there is malicious content
+        # Verify that the value read from the file is numeric
+        expr "${FTL_PID}" : "[^[:digit:]]" > /dev/null && unset FTL_PID
+    fi
+
+    # If FTL is not running, or the PID file contains malicious stuff, substitute
+    # negative PID to signal this
+    FTL_PID=${FTL_PID:=-1}
+    echo  "${FTL_PID}"
 }

advanced/Scripts/version.sh

@@ -89,17 +89,18 @@ getRemoteVersion(){
     local daemon="${1}"
     local version
     local cachedVersions
-    local arrCache
-    cachedVersions="/etc/pihole/GitHubVersions"
+    cachedVersions="/etc/pihole/versions"
 
     #If the above file exists, then we can read from that. Prevents overuse of GitHub API
     if [[ -f "$cachedVersions" ]]; then
-        IFS=' ' read -r -a arrCache < "$cachedVersions"
+
+        # shellcheck disable=SC1090
+        . "$cachedVersions"
 
         case $daemon in
-            "pi-hole"   )  echo "${arrCache[0]}";;
-            "AdminLTE"  )  [[ "${INSTALL_WEB_INTERFACE}" == true ]] && echo "${arrCache[1]}";;
-            "FTL"       )  [[ "${INSTALL_WEB_INTERFACE}" == true ]] && echo "${arrCache[2]}" || echo "${arrCache[1]}";;
+            "pi-hole"   )  echo "${GITHUB_CORE_VERSION}";;
+            "AdminLTE"  )  [[ "${INSTALL_WEB_INTERFACE}" == true ]] && echo "${GITHUB_WEB_VERSION}";;
+            "FTL"       )  echo "${GITHUB_FTL_VERSION}";;
         esac
 
         return 0

advanced/Scripts/webpage.sh

@@ -24,8 +24,8 @@ readonly gravityDBfile="/etc/pihole/gravity.db"
 
 # Source install script for ${setupVars}, ${PI_HOLE_BIN_DIR} and valid_ip()
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-# shellcheck disable=SC2034  # used in basic-install
-PH_TEST="true"
+# shellcheck disable=SC2034  # used in basic-install to source the script without running it
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 
 utilsfile="/opt/pihole/utils.sh"
@@ -46,7 +46,6 @@ Options:
   -c, celsius                     Set Celsius as preferred temperature unit
   -f, fahrenheit                  Set Fahrenheit as preferred temperature unit
   -k, kelvin                      Set Kelvin as preferred temperature unit
-  -e, email                       Set an administrative contact address for the Block Page
   -h, --help                      Show this help dialog
   -i, interface                   Specify dnsmasq's interface listening behavior
   -l, privacylevel                Set privacy level (0 = lowest, 3 = highest)
@@ -296,7 +295,7 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
     # changes in the non-FQDN forwarding. This cannot be done in 01-pihole.conf
     # as we don't want to delete all local=/.../ lines so it's much safer to
     # simply rewrite the entire corresponding config file (which is what the
-    # DHCP settings subroutie is doing)
+    # DHCP settings subroutine is doing)
     ProcessDHCPSettings
 }
 
@@ -440,8 +439,8 @@ dhcp-leasefile=/etc/pihole/dhcp.leases
             echo "#quiet-dhcp6
 #enable-ra
 dhcp-option=option6:dns-server,[::]
-dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600
-ra-param=*,0,0
+dhcp-range=::,constructor:${interface},ra-names,ra-stateless,64
+
 " >> "${dhcpconfig}"
         fi
 
@@ -568,37 +567,6 @@ RemoveDHCPStaticAddress() {
 
 }
 
-SetAdminEmail() {
-    if [[ "${1}" == "-h" ]] || [[ "${1}" == "--help" ]]; then
-        echo "Usage: pihole -a email <address>
-Example: 'pihole -a email admin@address.com'
-Set an administrative contact address for the Block Page
-
-Options:
-  \"\"                  Empty: Remove admin contact
-  -h, --help          Show this help dialog"
-        exit 0
-    fi
-
-    if [[ -n "${args[2]}" ]]; then
-
-        # Sanitize email address in case of security issues
-        # Regex from https://stackoverflow.com/a/2138832/4065967
-        local regex
-        regex="^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\$"
-        if [[ ! "${args[2]}" =~ ${regex} ]]; then
-            echo -e "  ${CROSS} Invalid email address"
-            exit 0
-        fi
-
-        addOrEditKeyValPair "${setupVars}" "ADMIN_EMAIL" "${args[2]}"
-        echo -e "  ${TICK} Setting admin contact to ${args[2]}"
-    else
-        addOrEditKeyValPair "${setupVars}" "ADMIN_EMAIL" ""
-        echo -e "  ${TICK} Removing admin contact"
-    fi
-}
-
 SetListeningMode() {
     source "${setupVars}"
 
@@ -650,7 +618,8 @@ Teleporter() {
         host="${host//./_}"
         filename="pi-hole-${host:-noname}-teleporter_${datetimestamp}.tar.gz"
     fi
-    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "${filename}"
+    # webroot is sourced from basic-install above
+    php "${webroot}/admin/scripts/pi-hole/php/teleporter.php" > "${filename}"
 }
 
 checkDomain()
@@ -846,7 +815,6 @@ main() {
         "-h" | "--help"       ) helpFunc;;
         "addstaticdhcp"       ) AddDHCPStaticAddress;;
         "removestaticdhcp"    ) RemoveDHCPStaticAddress;;
-        "-e" | "email"        ) SetAdminEmail "$3";;
         "-i" | "interface"    ) SetListeningMode "$@";;
         "-t" | "teleporter"   ) Teleporter;;
         "adlist"              ) CustomizeAdLists;;

advanced/Templates/logrotate

@@ -1,4 +1,4 @@
-/var/log/pihole.log {
+/var/log/pihole/pihole.log {
 	# su #
 	daily
 	copytruncate
@@ -9,7 +9,7 @@
 	nomail
 }
 
-/var/log/pihole-FTL.log {
+/var/log/pihole/FTL.log {
 	# su #
 	weekly
 	copytruncate

advanced/Templates/pihole-FTL.service

@@ -9,8 +9,17 @@
 # Description:       Enable service provided by pihole-FTL daemon
 ### END INIT INFO
 
+#source utils.sh for getFTLPIDFile(), getFTLPID (), getFTLAPIPortFile()
+PI_HOLE_SCRIPT_DIR="/opt/pihole"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+. "${utilsfile}"
+
+
 is_running() {
-  pgrep -xo "pihole-FTL" > /dev/null
+  if [ -d "/proc/${FTL_PID}" ]; then
+    return 0
+  fi
+  return 1
 }
 
 
@@ -20,25 +29,39 @@ start() {
     echo "pihole-FTL is already running"
   else
     # Touch files to ensure they exist (create if non-existing, preserve if existing)
-    mkdir -pm 0755 /run/pihole
-    [ ! -f /run/pihole-FTL.pid ] && install -m 644 -o pihole -g pihole /dev/null /run/pihole-FTL.pid
-    [ ! -f /run/pihole-FTL.port ] && install -m 644 -o pihole -g pihole /dev/null /run/pihole-FTL.port
-    [ ! -f /var/log/pihole-FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole-FTL.log
-    [ ! -f /var/log/pihole.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole.log
+    mkdir -pm 0755 /run/pihole /var/log/pihole
+    [ ! -f "${FTL_PID_FILE}" ] && install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
+    [ ! -f "${FTL_PORT_FILE}" ] && install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}"
+    [ ! -f /var/log/pihole/FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
+    [ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
     [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
     # Ensure that permissions are set so that pihole-FTL can edit all necessary files
-    chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole.log /var/log/pihole.log /etc/pihole/dhcp.leases
+    chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
     # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
-    chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole-FTL.log /var/log/pihole.log
+    chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/FTL.log
+    chmod -f 0640 /var/log/pihole/pihole.log
     # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
     chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
     # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
     chmod -f 0664 /etc/pihole/pihole-FTL.db
+
+    # Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/
+    # Should be removed with Pi-hole v6.0
+    if [ ! -f /var/log/pihole.log ]; then
+        ln -s /var/log/pihole/pihole.log /var/log/pihole.log
+        chown -h pihole:pihole /var/log/pihole.log
+
+    fi
+    if [ ! -f /var/log/pihole-FTL.log ]; then
+        ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log
+        chown -h pihole:pihole /var/log/pihole-FTL.log
+    fi
+
     if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
-      su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
+      su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole || exit $?
     else
       echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
-      /usr/bin/pihole-FTL
+      /usr/bin/pihole-FTL || exit $?
     fi
     echo
   fi
@@ -47,7 +70,7 @@ start() {
 # Stop the service
 stop() {
   if is_running; then
-    pkill -xo "pihole-FTL"
+    kill "${FTL_PID}"
     for i in 1 2 3 4 5; do
       if ! is_running; then
         break
@@ -60,8 +83,7 @@ stop() {
 
     if is_running; then
       echo "Not stopped; may still be shutting down or shutdown may have failed, killing now"
-      pkill -xo -9 "pihole-FTL"
-      exit 1
+      kill -9 "${FTL_PID}"
     else
       echo "Stopped"
     fi
@@ -69,7 +91,7 @@ stop() {
     echo "Not running"
   fi
   # Cleanup
-  rm -f /run/pihole/FTL.sock /dev/shm/FTL-*
+  rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}" "${FTL_PORT_FILE}"
   echo
 }
 
@@ -86,6 +108,14 @@ status() {
 
 
 ### main logic ###
+
+# Get file paths
+FTL_PID_FILE="$(getFTLPIDFile)"
+FTL_PORT_FILE="$(getFTLAPIPortFile)"
+
+# Get FTL's current PID
+FTL_PID="$(getFTLPID ${FTL_PID_FILE})"
+
 case "$1" in
   stop)
         stop

advanced/Templates/pihole.cron

@@ -18,7 +18,7 @@
 #          early morning. Download any updates from the adlists
 #          Squash output to log, then splat the log to stdout on error to allow for
 #          standard crontab job error handling.
-59 1    * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
+59 1    * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole/pihole_updateGravity.log || cat /var/log/pihole/pihole_updateGravity.log
 
 # Pi-hole: Flush the log daily at 00:00
 #          The flush script will use logrotate if available

advanced/bash-completion/pihole

@@ -15,7 +15,7 @@ _pihole() {
 			COMPREPLY=( $(compgen -W "${opts_lists}" -- ${cur}) )
 		;;
 		"admin")
-			opts_admin="celsius email fahrenheit interface kelvin password privacylevel"
+			opts_admin="celsius fahrenheit interface kelvin password privacylevel"
 			COMPREPLY=( $(compgen -W "${opts_admin}" -- ${cur}) )
 		;;
 		"checkout")

advanced/blockingpage.css

@@ -1,455 +0,0 @@
-/* Pi-hole: A black hole for Internet advertisements
-*  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-*  Network-wide ad blocking via your own hardware.
-*
-*  This file is copyright under the latest version of the EUPL.
-*  Please see LICENSE file for your rights under this license. */
-
-/* Text Customisation Options ======> */
-.title::before { content: "Website Blocked"; }
-.altBtn::before { content: "Why am I here?"; }
-.linkPH::before { content: "About Pi-hole"; }
-.linkEmail::before { content: "Contact Admin"; }
-
-#bpOutput.add::before { content: "Info"; }
-#bpOutput.add::after { content: "The domain is being whitelisted..."; }
-#bpOutput.error::before, .unhandled::before { content: "Error"; }
-#bpOutput.unhandled::after { content: "An unhandled exception occurred. This may happen when your browser is unable to load jQuery, or when the webserver is denying access to the Pi-hole API."; }
-#bpOutput.success::before { content: "Success"; }
-#bpOutput.success::after { content: "Website has been whitelisted! You may need to flush your DNS cache"; }
-
-.recentwl::before { content: "This site has been whitelisted. Please flush your DNS cache and/or restart your browser."; }
-.unknown::before { content: "This website is not found in any of Pi-hole's blacklists. The reason you have arrived here is unknown."; }
-.cname::before { content: "This site is an alias for "; } /* <a href="http://cname.com">cname.com</a> */
-.cname::after { content: ", which may be blocked by Pi-hole."; }
-
-.blacklist::before { content: "Manually Blacklisted"; }
-.wildcard::before { content: "Manually Blacklisted by Wildcard"; }
-.noblock::before { content: "Not found on any Blacklist"; }
-
-#bpBlock::before { content: "Access to the following website has been denied:"; }
-#bpFlag::before { content: "This is primarily due to being flagged as:"; }
-
-#bpHelpTxt::before { content: "If you have an ongoing use for this website, please "; }
-#bpHelpTxt a::before, #bpHelpTxt span::before { content: "ask the administrator"; }
-#bpHelpTxt::after{ content: " of the Pi-hole on this network to have it whitelisted"; }
-
-#bpBack::before { content: "Back to safety"; }
-#bpInfo::before { content: "Technical Info"; }
-#bpFoundIn::before { content: "This site is found in "; }
-#bpFoundIn span::after { content: " of "; }
-#bpFoundIn::after { content: " lists:"; }
-#bpWhitelist::before { content: "Whitelist"; }
-
-footer span::before { content: "Page generated on "; }
-
-/* Hide whitelisting form entirely */
-/* #bpWLButtons { display: none; } */
-
-/* Text Customisation Options <=============================== */
-
-/* http://necolas.github.io/normalize.css ======> */
-html { font-family: sans-serif; line-height: 1.15; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; }
-body { margin: 0; }
-article, aside, footer, header, nav, section { display: block; }
-h1 { font-size: 2em; margin: 0.67em 0; }
-figcaption, figure, main { display: block; }
-figure { margin: 1em 40px; }
-hr { box-sizing: content-box; height: 0; overflow: visible; }
-pre { font-family: monospace, monospace; font-size: 1em; }
-a { background-color: transparent; -webkit-text-decoration-skip: objects; }
-a:active, a:hover { outline-width: 0; }
-abbr[title] { border-bottom: none; text-decoration: underline; text-decoration: underline dotted; }
-b, strong { font-weight: inherit; }
-b, strong { font-weight: bolder; }
-code, kbd, samp { font-family: monospace, monospace; font-size: 1em; }
-dfn { font-style: italic; }
-mark { background-color: #ff0; color: #000; }
-small { font-size: 80%; }
-sub, sup { font-size: 75%; line-height: 0; position: relative; vertical-align: baseline; }
-sub { bottom: -0.25em; }
-sup { top: -0.5em; }
-audio, video { display: inline-block; }
-audio:not([controls]) { display: none; height: 0; }
-img { border-style: none; }
-svg:not(:root) { overflow: hidden; }
-button, input, optgroup, select, textarea { font-family: sans-serif; font-size: 100%; line-height: 1.15; margin: 0; }
-button, input { overflow: visible; }
-button, select { text-transform: none; }
-button, html [type="button"], [type="reset"], [type="submit"] { -webkit-appearance: button; }
-button::-moz-focus-inner, [type="button"]::-moz-focus-inner, [type="reset"]::-moz-focus-inner, [type="submit"]::-moz-focus-inner { border-style: none; padding: 0; }
-button:-moz-focusring, [type="button"]:-moz-focusring, [type="reset"]:-moz-focusring, [type="submit"]:-moz-focusring { outline: 1px dotted ButtonText; }
-fieldset { border: 1px solid #c0c0c0; margin: 0 2px; padding: 0.35em 0.625em 0.75em; }
-legend { box-sizing: border-box; color: inherit; display: table; max-width: 100%; padding: 0; white-space: normal; }
-progress { display: inline-block; vertical-align: baseline; }
-textarea { overflow: auto; }
-[type="checkbox"], [type="radio"] { box-sizing: border-box; padding: 0; }
-[type="number"]::-webkit-inner-spin-button, [type="number"]::-webkit-outer-spin-button { height: auto; }
-[type="search"] { -webkit-appearance: textfield; outline-offset: -2px; }
-[type="search"]::-webkit-search-cancel-button, [type="search"]::-webkit-search-decoration { -webkit-appearance: none; }
-::-webkit-file-upload-button { -webkit-appearance: button; font: inherit; }
-details, menu { display: block; }
-summary { display: list-item; }
-canvas { display: inline-block; }
-template { display: none; }
-[hidden] { display: none; }
-/* Normalize.css <=============================== */
-
-html { font-size: 62.5%; }
-
-a { color: #3c8dbc; text-decoration: none; }
-a:hover { color: #72afda; text-decoration: underline; }
-b { color: rgb(68, 68, 68); }
-p { margin: 0; }
-
-label, .buttons a {
-  -webkit-user-select: none;
-  -moz-user-select: none;
-  -ms-user-select: none;
-  user-select: none;
-}
-
-label, .buttons *:not([disabled]) { cursor: pointer; }
-
-/* Touch device dark tap highlight */
-header h1 a, label, .buttons * { -webkit-tap-highlight-color: transparent; }
-
-/* Webkit Focus Glow */
-textarea, input, button { outline: none; }
-
-@font-face {
-  font-family: "Source Sans Pro";
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local("Source Sans Pro Regular"), local("SourceSansPro-Regular"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff2") format("woff2"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff") format("woff");
-}
-
-@font-face {
-  font-family: "Source Sans Pro";
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local("Source Sans Pro Bold"), local("SourceSansPro-Bold"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff2") format("woff2"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff") format("woff");
-}
-
-body {
-  background: #dbdbdb url("/admin/img/boxed-bg.jpg") repeat fixed;
-  color: #333;
-  font: 1.4rem "Source Sans Pro", "Helvetica Neue", Helvetica, Arial, sans-serif;
-  line-height: 2.2rem;
-}
-
-/* User is greeted with a splash page when browsing to Pi-hole IP address */
-#splashpage {
-  background: #222;
-  color: rgba(255, 255, 255, 0.7);
-  text-align: center;
-  width: 100%;
-  height: 100%;
-  display: flex;
-  align-items: center;
-  justify-content: center;
-}
-
-#splashpage img { margin: 5px; width: 256px; }
-#splashpage b { color: inherit; }
-
-#bpWrapper {
-  margin: 0 auto;
-  max-width: 1250px;
-  box-shadow: 0 0 8px rgba(0, 0, 0, 0.5);
-}
-
-header {
-  background: #3c8dbc;
-  display: table;
-  position: relative;
-  width: 100%;
-}
-
-header h1, header h1 a, header .spc, header #bpAlt label {
-  display: table-cell;
-  color: #fff;
-  white-space: nowrap;
-  vertical-align: middle;
-  height: 50px; /* Must match #bpAbout top value */
-}
-
-h1 a {
-  background-color: rgba(0, 0, 0, 0.1);
-  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
-  font-size: 2rem;
-  font-weight: 400;
-  min-width: 230px;
-  text-align: center;
-}
-
-h1 a:hover, header #bpAlt:hover { background-color: rgba(0, 0, 0, 0.12); color: inherit; text-decoration: none; }
-
-header .spc { width: 100%; }
-
-header #bpAlt label {
-  background: url("/admin/img/logo.svg") no-repeat center left 15px;
-  background-size: 15px 23px;
-  padding: 0 15px;
-  text-indent: 30px;
-}
-
-[type="checkbox"][id$="Toggle"] { display: none; }
-[type="checkbox"][id$="Toggle"]:checked ~ #bpAbout,
-[type="checkbox"][id$="Toggle"]:checked ~ #bpMoreInfo {
-  display: block;
-}
-
-html, body {
-    height: 100%;
-}
-
-#pihole_card {
-    width: 400px;
-    height: auto;
-    max-width: 400px;
-}
-
-    #pihole_card p, #pihole_card a {
-        font-size: 13pt;
-        text-align: center;
-    }
-
-#pihole_logo_splash {
-    height: auto;
-    width: 100%;
-}
-
-/* Click anywhere else on screen to hide #bpAbout */
-#bpAboutToggle:checked {
-  display: block;
-  height: 300px; /* VH Fallback */
-  height: 100vh;
-  left: 0;
-  top: 0;
-  opacity: 0;
-  position: absolute;
-  width: 100%;
-}
-
-#bpAbout {
-  background: #3c8dbc;
-  border-bottom-left-radius: 5px;
-  border: 1px solid #fff;
-  border-right-width: 0;
-  box-shadow: -1px 1px 1px rgba(0, 0, 0, 0.12);
-  box-sizing: border-box;
-  display: none;
-  font-size: 1.7rem;
-  top: 50px;
-  position: absolute;
-  right: 0;
-  width: 280px;
-  z-index: 1;
-}
-
-.aboutPH {
-  box-sizing: border-box;
-  color: rgba(255, 255, 255, 0.8);
-  display: block;
-  padding: 10px;
-  width: 100%;
-  text-align: center;
-}
-
-.aboutImg {
-  background: url("/admin/img/logo.svg") no-repeat center;
-  background-size: 90px 90px;
-  height: 90px;
-  margin: 0 auto;
-  padding: 2px;
-  width: 90px;
-}
-
-.aboutPH p { margin: 10px 0; }
-.aboutPH small { display: block; font-size: 1.2rem; }
-
-.aboutLink {
-  background: #fff;
-  border-top: 1px solid #ddd;
-  display: table;
-  font-size: 1.4rem;
-  text-align: center;
-  width: 100%;
-}
-
-.aboutLink a {
-  display: table-cell;
-  padding: 14px;
-  min-width: 50%;
-}
-
-main {
-  background: #ecf0f5;
-  font-size: 1.65rem;
-  padding: 10px;
-}
-
-#bpOutput {
-  background: #00c0ef;
-  border-radius: 3px;
-  border: 1px solid rgba(0, 0, 0, 0.1);
-  color: #fff;
-  font-size: 1.4rem;
-  margin-bottom: 10px;
-  margin-top: 5px;
-  padding: 15px;
-}
-
-#bpOutput::before {
-  background: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='7' height='14' viewBox='0 0 7 14'%3E%3Cpath fill='%23fff' d='M6 11a1.371 1.371 0 011 1v1a1.371 1.371 0 01-1 1H1a1.371 1.371 0 01-1-1v-1a1.371 1.371 0 011-1h1V8H1a1.371 1.371 0 01-1-1V6a1.371 1.371 0 011-1h3a1.371 1.371 0 011 1v5h1zM3.5 0A1.5 1.5 0 112 1.5 1.5 1.5 0 013.5 0z'/%3E%3C/svg%3E") no-repeat center left;
-  display: block;
-  font-size: 1.8rem;
-  text-indent: 15px;
-}
-
-#bpOutput.hidden { display: none; }
-#bpOutput.success { background: #00a65a; }
-#bpOutput.error { background: #dd4b39; }
-
-.blockMsg, .flagMsg {
-  font: 700 1.8rem Consolas, Courier, monospace;
-  padding: 5px 10px 10px;
-  text-indent: 15px;
-}
-
-#bpHelpTxt { padding-bottom: 10px; }
-
-.buttons {
-  border-spacing: 5px 0;
-  display: table;
-  width: 100%;
-}
-
-.buttons * {
-  -moz-appearance: none;
-  -webkit-appearance: none;
-  border-radius: 3px;
-  border: 1px solid rgba(0, 0, 0, 0.1);
-  box-sizing: content-box;
-  display: table-cell;
-  font-size: 1.65rem;
-  margin-right: 5px;
-  min-height: 20px;
-  padding: 6px 12px;
-  position: relative;
-  text-align: center;
-  vertical-align: top;
-  white-space: nowrap;
-  width: auto;
-}
-
-.buttons a:hover { text-decoration: none; }
-
-/* Button hover dark overlay */
-.buttons *:not(input):not([disabled]):hover {
-  background-image: linear-gradient(to bottom, rgba(0, 0, 0, 0.1), rgba(0, 0, 0, 0.1));
-  color: #fff;
-}
-
-/* Button active shadow inset */
-.buttons *:not([disabled]):not(input):active {
-  box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125);
-}
-
-/* Input border color */
-.buttons *:not([disabled]):hover, .buttons input:focus {
-  border-color: rgba(0, 0, 0, 0.25);
-}
-
-#bpButtons *  { width: 50%; color: #fff; }
-#bpBack       { background-color: #00a65a; }
-#bpInfo       { background-color: #3c8dbc; }
-#bpWhitelist  { background-color: #dd4b39; }
-
-#blockpage .buttons [type="password"][disabled] { color: rgba(0, 0, 0, 1); }
-#blockpage .buttons [disabled] { color: rgba(0, 0, 0, 0.55); background-color: #e3e3e3; }
-#blockpage .buttons [type="password"]:-ms-input-placeholder { color: rgba(51, 51, 51, 0.8); }
-
-input[type="password"] { font-size: 1.5rem; }
-
-@-webkit-keyframes slidein { from { max-height: 0; opacity: 0; } to { max-height: 300px; opacity: 1; } }
-
-@keyframes slidein { from { max-height: 0; opacity: 0; } to { max-height: 300px; opacity: 1; } }
-#bpMoreToggle:checked ~ #bpMoreInfo { display: block; margin-top: 8px; -webkit-animation: slidein 0.05s linear; animation: slidein 0.05s linear; }
-#bpMoreInfo { display: none; margin-top: 10px; }
-
-#bpQueryOutput {
-  font-size: 1.2rem;
-  line-height: 1.65rem;
-  margin: 5px 0 0;
-  overflow: auto;
-  padding: 0 5px;
-  -webkit-overflow-scrolling: touch;
-}
-
-#bpQueryOutput span { margin-right: 4px; }
-
-#bpWLButtons { width: auto; margin-top: 10px; }
-#bpWLButtons * { display: inline-block; }
-#bpWLDomain { display: none; }
-#bpWLPassword { width: 160px; }
-#bpWhitelist { color: #fff; }
-
-footer {
-  background: #fff;
-  border-top: 1px solid #d2d6de;
-  color: #444;
-  font: 1.2rem Consolas, Courier, monospace;
-  padding: 8px;
-}
-
-/* Responsive Content */
-@media only screen and (max-width: 500px) {
-  h1 a {
-        font-size: 1.8rem;
-        min-width: 170px;
-    }
-
-    footer span::before {
-        content: "Generated ";
-    }
-
-    footer span {
-        display: block;
-    }
-}
-
-@media only screen and (min-width: 1251px) {
-  #bpWrapper, footer {
-        border-radius: 0 0 5px 5px;
-    }
-
-    #bpAbout {
-        border-right-width: 1px;
-    }
-}
-
-@media only screen and (max-width: 400px) {
-    #pihole_card {
-        width: 100%;
-        height: auto;
-    }
-
-        #pihole_card p, #pihole_card a {
-            font-size: 100%;
-        }
-}
-
-@media only screen and (max-width: 256px) {
-    #pihole_logo_splash {
-        width: 90% !important;
-        height: auto;
-    }
-}

advanced/cmdline.txt

@@ -1 +0,0 @@
-dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fbcon=map:10 fbcon=font:VGA8x8 consoleblank=0

advanced/console-setup

@@ -1,17 +0,0 @@
-# CONFIGURATION FILE FOR SETUPCON
-
-# Consult the console-setup(5) manual page.
-
-ACTIVE_CONSOLES="/dev/tty[1-6]"
-
-CHARMAP="UTF-8"
-
-# For best results with the Adafruit 2.8 LCD and Pi-hole's chronometer
-CODESET="guess"
-FONTFACE="Terminus"
-FONTSIZE="10x20"
-
-VIDEOMODE=
-
-# The following is an example how to use a braille font
-# FONT='lat9w-08.psf.gz brl-8x8.psf'

advanced/dnsmasq.conf.original

@@ -507,7 +507,7 @@
 # (using /etc/hosts) then that name can be specified as the
 # tftp_servername (the third option to dhcp-boot) and in that
 # case dnsmasq resolves this name and returns the resultant IP
-# addresses in round robin fasion. This facility can be used to
+# addresses in round robin fashion. This facility can be used to
 # load balance the tftp load among a set of servers.
 #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
 

advanced/index.php

@@ -11,15 +11,6 @@ $serverName = htmlspecialchars($_SERVER["SERVER_NAME"]);
 // Remove external ipv6 brackets if any
 $serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);
 
-if (!is_file("/etc/pihole/setupVars.conf"))
-  die("[ERROR] File not found: <code>/etc/pihole/setupVars.conf</code>");
-
-// Get values from setupVars.conf
-$setupVars = parse_ini_file("/etc/pihole/setupVars.conf");
-$svPasswd = !empty($setupVars["WEBPASSWORD"]);
-$svEmail = (!empty($setupVars["ADMIN_EMAIL"]) && filter_var($setupVars["ADMIN_EMAIL"], FILTER_VALIDATE_EMAIL)) ? $setupVars["ADMIN_EMAIL"] : "";
-unset($setupVars);
-
 // Set landing page location, found within /var/www/html/
 $landPage = "../landing.php";
 
@@ -34,21 +25,6 @@ if (!empty($_SERVER["FQDN"])) {
     array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]);
 }
 
-// Set which extension types render as Block Page (Including "" for index.ext)
-$validExtTypes = array("asp", "htm", "html", "php", "rss", "xml", "");
-
-// Get extension of current URL
-$currentUrlExt = pathinfo($_SERVER["REQUEST_URI"], PATHINFO_EXTENSION);
-
-// Set mobile friendly viewport
-$viewPort = '<meta name="viewport" content="width=device-width, initial-scale=1">';
-
-// Set response header
-function setHeader($type = "x") {
-    header("X-Pi-hole: A black hole for Internet advertisements.");
-    if (isset($type) && $type === "js") header("Content-Type: application/javascript");
-}
-
 // Determine block page type
 if ($serverName === "pi.hole"
     || (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) {
@@ -58,7 +34,7 @@ if ($serverName === "pi.hole"
     // When directly browsing via IP or authorized hostname
     // Render splash/landing page based off presence of $landPage file
     // Unset variables so as to not be included in $landPage or $splashPage
-    unset($svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt);
+    unset($authorizedHosts);
     // If $landPage file is present
     if (is_file(getcwd()."/$landPage")) {
         unset($serverName, $viewPort); // unset extra variables not to be included in $landpage
@@ -71,347 +47,34 @@ if ($serverName === "pi.hole"
     <html lang='en'>
         <head>
             <meta charset='utf-8'>
-            $viewPort
+            <meta name='viewport' content='width=device-width, initial-scale=1'>
             <title>● $serverName</title>
-            <link rel='stylesheet' href='/pihole/blockingpage.css'>
             <link rel='shortcut icon' href='/admin/img/favicons/favicon.ico' type='image/x-icon'>
+            <style>
+                html, body { height: 100% }
+                body { margin: 0; font: 13pt "Source Sans Pro", "Helvetica Neue", Helvetica, Arial, sans-serif; }
+                body { background: #222; color: rgba(255, 255, 255, 0.7); text-align: center; }
+                p { margin: 0; }
+                a { color: #3c8dbc; text-decoration: none; }
+                a:hover { color: #72afda; text-decoration: underline; }
+                #splashpage { display: flex; align-items: center; justify-content: center; }
+                #splashpage img { margin: 5px; width: 256px; }
+                #splashpage b { color: inherit; }
+            </style>
         </head>
         <body id='splashpage'>
-            <div id="pihole_card">
-              <img src='/admin/img/logo.svg' alt='Pi-hole logo' id="pihole_logo_splash" />
-              <p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
-              <a href='/admin'>Did you mean to go to the admin panel?</a>
+            <div>
+            <img src='/admin/img/logo.svg' alt='Pi-hole logo' width='256' height='377'>
+            <br>
+            <p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
+            <a href='/admin'>Did you mean to go to the admin panel?</a>
             </div>
         </body>
     </html>
 EOT;
     exit($splashPage);
-} elseif ($currentUrlExt === "js") {
-    // Serve Pi-hole JavaScript for blocked domains requesting JS
-    exit(setHeader("js").'var x = "Pi-hole: A black hole for Internet advertisements."');
-} elseif (strpos($_SERVER["REQUEST_URI"], "?") !== FALSE && isset($_SERVER["HTTP_REFERER"])) {
-    // Serve blank image upon receiving REQUEST_URI w/ query string & HTTP_REFERRER
-    // e.g: An iframe of a blocked domain
-    exit(setHeader().'<!doctype html>
-    <html lang="en">
-        <head>
-            <meta charset="utf-8"><script>window.close();</script>
-        </head>
-        <body>
-            <img src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=">
-        </body>
-    </html>');
-} elseif (!in_array($currentUrlExt, $validExtTypes) || substr_count($_SERVER["REQUEST_URI"], "?")) {
-    // Serve SVG upon receiving non $validExtTypes URL extension or query string
-    // e.g: Not an iframe of a blocked domain, such as when browsing to a file/query directly
-    // QoL addition: Allow the SVG to be clicked on in order to quickly show the full Block Page
-    $blockImg = '<a href="/">
-    <svg xmlns="http://www.w3.org/2000/svg" width="110" height="16">
-      <circle cx="8" cy="8" r="7" fill="none" stroke="rgba(152,2,2,.5)" stroke-width="2"/>
-      <path fill="rgba(152,2,2,.5)" d="M11.526 3.04l1.414 1.415-8.485 8.485-1.414-1.414z"/>
-      <text x="19.3" y="12" opacity=".3" style="font:11px Arial">
-        Blocked by Pi-hole
-      </text>
-    </svg>
-    </a>';
-    exit(setHeader()."<!doctype html>
-    <html lang='en'>
-        <head>
-            <meta charset='utf-8'>
-            $viewPort
-        </head>
-        <body>$blockImg</body>
-    </html>");
 }
 
-/* Start processing Block Page from here */
+exit(header("HTTP/1.1 404 Not Found"));
 
-// Define admin email address text based off $svEmail presence
-$bpAskAdmin = !empty($svEmail) ? '<a href="mailto:'.$svEmail.'?subject=Site Blocked: '.$serverName.'"></a>' : "<span/>";
-
-// Get possible non-standard location of FTL's database
-$FTLsettings = parse_ini_file("/etc/pihole/pihole-FTL.conf");
-if (isset($FTLsettings["GRAVITYDB"])) {
-    $gravityDBFile = $FTLsettings["GRAVITYDB"];
-} else {
-    $gravityDBFile = "/etc/pihole/gravity.db";
-}
-
-// Connect to gravity.db
-try {
-    $db = new SQLite3($gravityDBFile, SQLITE3_OPEN_READONLY);
-} catch (Exception $exception) {
-    die("[ERROR]: Failed to connect to gravity.db");
-}
-
-// Get all adlist addresses
-$adlistResults = $db->query("SELECT address FROM vw_adlist");
-$adlistsUrls = array();
-while ($row = $adlistResults->fetchArray()) {
-    array_push($adlistsUrls, $row[0]);
-}
-
-if (empty($adlistsUrls))
-    die("[ERROR]: There are no adlists enabled");
-
-// Get total number of blocklists (Including Whitelist, Blacklist & Wildcard lists)
-$adlistsCount = count($adlistsUrls) + 3;
-
-// Set query timeout
-ini_set("default_socket_timeout", 3);
-
-// Logic for querying blocklists
-function queryAds($serverName) {
-    // Determine the time it takes while querying adlists
-    $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
-
-    // Determine which protocol should be used
-    $protocol = "http";
-    if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ||
-        (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] === 'https') ||
-        (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
-    ) {
-        $protocol = "https";
-    }
-
-    // Format the URL
-    $queryAdsURL = sprintf(
-        "%s://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp",
-        $protocol,
-        $_SERVER["SERVER_PORT"],
-        $serverName
-    );
-
-    // Request the file and receive the response
-    $queryAdsFile = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
-
-    // $queryAdsFile must be an array (to avoid PHP 8.0+ error)
-    if (is_array($queryAdsFile)) {
-        $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAdsFile)));
-    } else {
-        // if not an array, return an error message
-        return array("0" => "error", "1" => "<br>(".gettype($queryAdsFile).")<br>".print_r($queryAdsFile, true));
-    }
-
-    $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime);
-
-    // Exception Handling
-    try {
-        // Define Exceptions
-        if (strpos($queryAds[0], "No exact results") !== FALSE) {
-            // Return "none" into $queryAds array
-            return array("0" => "none");
-        } else if ($queryTime >= ini_get("default_socket_timeout")) {
-            // Connection Timeout
-            throw new Exception ("Connection timeout (".ini_get("default_socket_timeout")."s)");
-        } elseif (!strpos($queryAds[0], ".") !== false) {
-            // Unknown $queryAds output
-            throw new Exception ("Unhandled error message (<code>$queryAds[0]</code>)");
-        }
-        return $queryAds;
-    } catch (Exception $e) {
-        // Return exception as array
-        return array("0" => "error", "1" => $e->getMessage());
-    }
-}
-
-// Get results of queryads.php exact search
-$queryAds = queryAds($serverName);
-
-// Pass error through to Block Page
-if ($queryAds[0] === "error")
-    die("[ERROR]: Unable to parse results from <i>queryads.php</i>: <code>".$queryAds[1]."</code>");
-
-// Count total number of matching blocklists
-$featuredTotal = count($queryAds);
-
-// Place results into key => value array
-$queryResults = null;
-foreach ($queryAds as $str) {
-    $value = explode(" ", $str);
-    @$queryResults[$value[0]] .= "$value[1]";
-}
-
-// Determine if domain has been blacklisted, whitelisted, wildcarded or CNAME blocked
-if (strpos($queryAds[0], "blacklist") !== FALSE) {
-    $notableFlagClass = "blacklist";
-    $adlistsUrls = array("π" => substr($queryAds[0], 2));
-} elseif (strpos($queryAds[0], "whitelist") !== FALSE) {
-    $notableFlagClass = "noblock";
-    $adlistsUrls = array("π" => substr($queryAds[0], 2));
-    $wlInfo = "recentwl";
-} elseif (strpos($queryAds[0], "wildcard") !== FALSE) {
-    $notableFlagClass = "wildcard";
-    $adlistsUrls = array("π" => substr($queryAds[0], 2));
-} elseif ($queryAds[0] === "none") {
-    $featuredTotal = "0";
-    $notableFlagClass = "noblock";
-
-    // QoL addition: Determine appropriate info message if CNAME exists
-    // Suggests to the user that $serverName has a CNAME (alias) that may be blocked
-    $dnsRecord = dns_get_record("$serverName")[0];
-    if (array_key_exists("target", $dnsRecord)) {
-        $wlInfo = $dnsRecord['target'];
-    } else {
-        $wlInfo = "unknown";
-    }
-}
-
-// Set #bpOutput notification
-$wlOutputClass = (isset($wlInfo) && $wlInfo === "recentwl") ? $wlInfo : "hidden";
-$wlOutput = (isset($wlInfo) && $wlInfo !== "recentwl") ? "<a href='http://$wlInfo'>$wlInfo</a>" : "";
-
-// Get Pi-hole Core version
-$phVersion = exec("cd /etc/.pihole/ && git describe --long --tags");
-
-// Print $execTime on development branches
-// Testing for - is marginally faster than "git rev-parse --abbrev-ref HEAD"
-if (explode("-", $phVersion)[1] != "0")
-  $execTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
-
-// Please Note: Text is added via CSS to allow an admin to provide a localized
-// language without the need to edit this file
-
-setHeader();
 ?>
-<!doctype html>
-<!-- Pi-hole: A black hole for Internet advertisements
-*  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-*  Network-wide ad blocking via your own hardware.
-*
-*  This file is copyright under the latest version of the EUPL. -->
-<html>
-<head>
-  <meta charset="utf-8">
-  <?=$viewPort ?>
-  <meta name="robots" content="noindex,nofollow">
-  <meta http-equiv="x-dns-prefetch-control" content="off">
-  <link rel="stylesheet" href="pihole/blockingpage.css">
-  <link rel="shortcut icon" href="admin/img/favicons/favicon.ico" type="image/x-icon">
-  <title>● <?=$serverName ?></title>
-  <script src="admin/scripts/vendor/jquery.min.js"></script>
-  <script>
-    window.onload = function () {
-      <?php
-      // Remove href fallback from "Back to safety" button
-      if ($featuredTotal > 0) {
-        echo '$("#bpBack").removeAttr("href");';
-
-        // Enable whitelisting if JS is available
-        echo '$("#bpWhitelist").prop("disabled", false);';
-
-        // Enable password input if necessary
-        if (!empty($svPasswd)) {
-          echo '$("#bpWLPassword").attr("placeholder", "Password");';
-          echo '$("#bpWLPassword").prop("disabled", false);';
-        }
-        // Otherwise hide the input
-        else {
-          echo '$("#bpWLPassword").hide();';
-        }
-      }
-      ?>
-    }
-  </script>
-</head>
-<body id="blockpage"><div id="bpWrapper">
-<header>
-  <h1 id="bpTitle">
-    <a class="title" href="/"><?php //Website Blocked ?></a>
-  </h1>
-  <div class="spc"></div>
-
-  <input id="bpAboutToggle" type="checkbox">
-  <div id="bpAbout">
-    <div class="aboutPH">
-      <div class="aboutImg"></div>
-      <p>Open Source Ad Blocker
-        <small>Designed for Raspberry Pi</small>
-      </p>
-    </div>
-    <div class="aboutLink">
-      <a class="linkPH" href="https://docs.pi-hole.net/"><?php //About PH ?></a>
-      <?php if (!empty($svEmail)) echo '<a class="linkEmail" href="mailto:'.$svEmail.'"></a>'; ?>
-    </div>
-  </div>
-
-  <div id="bpAlt">
-    <label class="altBtn" for="bpAboutToggle"><?php //Why am I here? ?></label>
-  </div>
-</header>
-
-<main>
-  <div id="bpOutput" class="<?=$wlOutputClass ?>"><?=$wlOutput ?></div>
-  <div id="bpBlock">
-    <p class="blockMsg"><?=$serverName ?></p>
-  </div>
-  <?php if(isset($notableFlagClass)) { ?>
-    <div id="bpFlag">
-        <p class="flagMsg <?=$notableFlagClass ?>"></p>
-    </div>
-  <?php } ?>
-  <div id="bpHelpTxt"><?=$bpAskAdmin ?></div>
-  <div id="bpButtons" class="buttons">
-    <a id="bpBack" onclick="javascript:history.back()" href="about:home"></a>
-    <?php if ($featuredTotal > 0) echo '<label id="bpInfo" for="bpMoreToggle"></label>'; ?>
-  </div>
-  <input id="bpMoreToggle" type="checkbox">
-  <div id="bpMoreInfo">
-    <span id="bpFoundIn"><span><?=$featuredTotal ?></span><?=$adlistsCount ?></span>
-    <pre id='bpQueryOutput'><?php if ($featuredTotal > 0) foreach ($queryResults as $num => $value) { echo "<span>[$num]:</span>$adlistsUrls[$num]\n"; } ?></pre>
-
-    <form id="bpWLButtons" class="buttons">
-      <input id="bpWLDomain" type="text" value="<?=$serverName ?>" disabled>
-      <input id="bpWLPassword" type="password" placeholder="JavaScript disabled" disabled>
-      <button id="bpWhitelist" type="button" disabled></button>
-    </form>
-  </div>
-</main>
-
-<footer><span><?=date("l g:i A, F dS"); ?>.</span> Pi-hole <?=$phVersion ?> (<?=gethostname()."/".$_SERVER["SERVER_ADDR"]; if (isset($execTime)) printf("/%.2fs", $execTime); ?>)</footer>
-</div>
-
-<script>
-  function add() {
-    $("#bpOutput").removeClass("hidden error exception");
-    $("#bpOutput").addClass("add");
-    var domain = "<?=$serverName ?>";
-    var pw = $("#bpWLPassword");
-    if(domain.length === 0) {
-      return;
-    }
-    $.ajax({
-      url: "/admin/scripts/pi-hole/php/add.php",
-      method: "post",
-      data: {"domain":domain, "list":"white", "pw":pw.val()},
-      success: function(response) {
-        if(response.indexOf("Pi-hole blocking") !== -1) {
-          setTimeout(function(){window.location.reload(1);}, 10000);
-          $("#bpOutput").removeClass("add");
-          $("#bpOutput").addClass("success");
-          $("#bpOutput").html("");
-        } else {
-          $("#bpOutput").removeClass("add");
-          $("#bpOutput").addClass("error");
-          $("#bpOutput").html(""+response+"");
-        }
-      },
-      error: function(jqXHR, exception) {
-        $("#bpOutput").removeClass("add");
-        $("#bpOutput").addClass("exception");
-        $("#bpOutput").html("");
-      }
-    });
-  }
-  <?php if ($featuredTotal > 0) { ?>
-    $(document).keypress(function(e) {
-        if(e.which === 13 && $("#bpWLPassword").is(":focus")) {
-            add();
-        }
-    });
-    $("#bpWhitelist").on("click", function() {
-        add();
-    });
-  <?php } ?>
-</script>
-</body></html>

advanced/lighttpd.conf.debian

@@ -28,12 +28,12 @@ server.modules = (
 server.document-root        = "/var/www/html"
 server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
+server.errorlog             = "/var/log/lighttpd/error-pihole.log"
 server.pid-file             = "/run/lighttpd.pid"
 server.username             = "www-data"
 server.groupname            = "www-data"
 server.port                 = 80
-accesslog.filename          = "/var/log/lighttpd/access.log"
+accesslog.filename          = "/var/log/lighttpd/access-pihole.log"
 accesslog.format            = "%{%s}t|%V|%r|%s|%b"
 
 # Allow streaming response
@@ -78,10 +78,21 @@ include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsen
 
 # If the URL starts with /admin, it is the Web interface
 $HTTP["url"] =~ "^/admin/" {
-    # Create a response header for debugging using curl -I
+    # X-Pi-hole is a response header for debugging using curl -I
+    # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
+    # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input.
+    # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
+    # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
+    # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
+    # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
     setenv.add-response-header = (
         "X-Pi-hole" => "The Pi-hole Web interface is working!",
-        "X-Frame-Options" => "DENY"
+        "X-Frame-Options" => "DENY",
+        "X-XSS-Protection" => "1; mode=block",
+        "X-Content-Type-Options" => "nosniff",
+        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
+        "X-Permitted-Cross-Domain-Policies" => "none",
+        "Referrer-Policy" => "same-origin"
     )
 }
 

advanced/lighttpd.conf.fedora

@@ -29,12 +29,12 @@ server.modules = (
 server.document-root        = "/var/www/html"
 server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
+server.errorlog             = "/var/log/lighttpd/error-pihole.log"
 server.pid-file             = "/run/lighttpd.pid"
 server.username             = "lighttpd"
 server.groupname            = "lighttpd"
 server.port                 = 80
-accesslog.filename          = "/var/log/lighttpd/access.log"
+accesslog.filename          = "/var/log/lighttpd/access-pihole.log"
 accesslog.format            = "%{%s}t|%V|%r|%s|%b"
 
 # Allow streaming response
@@ -86,10 +86,21 @@ fastcgi.server = (
 
 # If the URL starts with /admin, it is the Web interface
 $HTTP["url"] =~ "^/admin/" {
-    # Create a response header for debugging using curl -I
+    # X-Pi-hole is a response header for debugging using curl -I
+    # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
+    # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input.
+    # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
+    # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
+    # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
+    # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
     setenv.add-response-header = (
         "X-Pi-hole" => "The Pi-hole Web interface is working!",
-        "X-Frame-Options" => "DENY"
+        "X-Frame-Options" => "DENY",
+        "X-XSS-Protection" => "1; mode=block",
+        "X-Content-Type-Options" => "nosniff",
+        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
+        "X-Permitted-Cross-Domain-Policies" => "none",
+        "Referrer-Policy" => "same-origin"
     )
 }
 

automated install/uninstall.sh

@@ -36,7 +36,7 @@ else
 fi
 
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-PH_TEST="true"
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 # setupVars set in basic-install.sh
 source "${setupVars}"
@@ -44,8 +44,8 @@ source "${setupVars}"
 # package_manager_detect() sourced from basic-install.sh
 package_manager_detect
 
-# Install packages used by the Pi-hole
-DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}")
+# Uninstall packages used by the Pi-hole
+DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}" "${OS_CHECK_DEPS[@]}")
 if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
     # Install the Web dependencies
     DEPS+=("${PIHOLE_WEB_DEPS[@]}")
@@ -146,6 +146,7 @@ removeNoPurge() {
     ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null
     ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null
     ${SUDO} rm -rf /var/log/*pihole* &> /dev/null
+    ${SUDO} rm -rf /var/log/pihole/*pihole* &> /dev/null
     ${SUDO} rm -rf /etc/pihole/ &> /dev/null
     ${SUDO} rm -rf /etc/.pihole/ &> /dev/null
     ${SUDO} rm -rf /opt/pihole/ &> /dev/null

gravity.sh

@@ -139,9 +139,9 @@ update_gravity_timestamp() {
 # Import domains from file and store them in the specified database table
 database_table_from_file() {
   # Define locals
-  local table source backup_path backup_file tmpFile type
+  local table src backup_path backup_file tmpFile list_type
   table="${1}"
-  source="${2}"
+  src="${2}"
   backup_path="${piholeDir}/migration_backup"
   backup_file="${backup_path}/$(basename "${2}")"
   tmpFile="$(mktemp -p "/tmp" --suffix=".gravity")"
@@ -155,13 +155,13 @@ database_table_from_file() {
 
   # Special handling for domains to be imported into the common domainlist table
   if [[ "${table}" == "whitelist" ]]; then
-    type="0"
+    list_type="0"
     table="domainlist"
   elif [[ "${table}" == "blacklist" ]]; then
-    type="1"
+    list_type="1"
     table="domainlist"
   elif [[ "${table}" == "regex" ]]; then
-    type="3"
+    list_type="3"
     table="domainlist"
   fi
 
@@ -174,9 +174,9 @@ database_table_from_file() {
     rowid+=1
   fi
 
-  # Loop over all domains in ${source} file
+  # Loop over all domains in ${src} file
   # Read file line by line
-  grep -v '^ *#' < "${source}" | while IFS= read -r domain
+  grep -v '^ *#' < "${src}" | while IFS= read -r domain
   do
     # Only add non-empty lines
     if [[ -n "${domain}" ]]; then
@@ -185,10 +185,10 @@ database_table_from_file() {
         echo "${rowid},\"${domain}\",${timestamp}" >> "${tmpFile}"
       elif [[ "${table}" == "adlist" ]]; then
         # Adlist table format
-        echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\",,0,0,0" >> "${tmpFile}"
+        echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\",,0,0,0" >> "${tmpFile}"
       else
         # White-, black-, and regexlist table format
-        echo "${rowid},${type},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\"" >> "${tmpFile}"
+        echo "${rowid},${list_type},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\"" >> "${tmpFile}"
       fi
       rowid+=1
     fi
@@ -201,14 +201,14 @@ database_table_from_file() {
   status="$?"
 
   if [[ "${status}" -ne 0 ]]; then
-    echo -e "\\n  ${CROSS} Unable to fill table ${table}${type} in database ${gravityDBfile}\\n  ${output}"
+    echo -e "\\n  ${CROSS} Unable to fill table ${table}${list_type} in database ${gravityDBfile}\\n  ${output}"
     gravity_Cleanup "error"
   fi
 
   # Move source file to backup directory, create directory if not existing
   mkdir -p "${backup_path}"
-  mv "${source}" "${backup_file}" 2> /dev/null || \
-    echo -e "  ${CROSS} Unable to backup ${source} to ${backup_path}"
+  mv "${src}" "${backup_file}" 2> /dev/null || \
+    echo -e "  ${CROSS} Unable to backup ${src} to ${backup_path}"
 
   # Delete tmpFile
   rm "${tmpFile}" > /dev/null 2>&1 || \
@@ -540,7 +540,7 @@ parseList() {
   num_target_lines_new="$(grep -c "^" "${target}")"
   # Number of new correctly added lines
   num_correct_lines="$(( num_target_lines_new-num_target_lines ))"
-  # Upate number of lines in target file
+  # Update number of lines in target file
   num_target_lines="$num_target_lines_new"
   num_invalid="$(( num_source_lines-num_correct_lines ))"
   if [[ "${num_invalid}" -eq 0 ]]; then
@@ -719,10 +719,10 @@ gravity_DownloadBlocklistFromUrl() {
 
 # Parse source files into domains format
 gravity_ParseFileIntoDomains() {
-  local source="${1}" destination="${2}" firstLine
+  local src="${1}" destination="${2}" firstLine
 
   # Determine if we are parsing a consolidated list
-  #if [[ "${source}" == "${piholeDir}/${matterAndLight}" ]]; then
+  #if [[ "${src}" == "${piholeDir}/${matterAndLight}" ]]; then
     # Remove comments and print only the domain name
     # Most of the lists downloaded are already in hosts file format but the spacing/formatting is not contiguous
     # This helps with that and makes it easier to read
@@ -733,7 +733,7 @@ gravity_ParseFileIntoDomains() {
     # 4) Remove lines containing "/"
     # 5) Remove leading tabs, spaces, etc.
     # 6) Delete lines not matching domain names
-    < "${source}" tr -d '\r' | \
+    < "${src}" tr -d '\r' | \
     tr '[:upper:]' '[:lower:]' | \
     sed 's/\s*#.*//g' | \
     sed -r '/(\/).*$/d' | \
@@ -745,16 +745,16 @@ gravity_ParseFileIntoDomains() {
 
   # Individual file parsing: Keep comments, while parsing domains from each line
   # We keep comments to respect the list maintainer's licensing
-  read -r firstLine < "${source}"
+  read -r firstLine < "${src}"
 
   # Determine how to parse individual source file formats
   if [[ "${firstLine,,}" =~ (adblock|ublock|^!) ]]; then
     # Compare $firstLine against lower case words found in Adblock lists
     echo -e "  ${CROSS} Format: Adblock (list type not supported)"
-  elif grep -q "^address=/" "${source}" &> /dev/null; then
+  elif grep -q "^address=/" "${src}" &> /dev/null; then
     # Parse Dnsmasq format lists
     echo -e "  ${CROSS} Format: Dnsmasq (list type not supported)"
-  elif grep -q -E "^https?://" "${source}" &> /dev/null; then
+  elif grep -q -E "^https?://" "${src}" &> /dev/null; then
     # Parse URL list if source file contains "http://" or "https://"
     # Scanning for "^IPv4$" is too slow with large (1M) lists on low-end hardware
     echo -ne "  ${INFO} Format: URL"
@@ -770,13 +770,13 @@ gravity_ParseFileIntoDomains() {
       /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/ { next }
       # Print if nonempty
       length { print }
-    ' "${source}" 2> /dev/null > "${destination}"
+    ' "${src}" 2> /dev/null > "${destination}"
     chmod 644 "${destination}"
 
     echo -e "${OVER}  ${TICK} Format: URL"
   else
     # Default: Keep hosts/domains file in same format as it was downloaded
-    output=$( { mv "${source}" "${destination}"; } 2>&1 )
+    output=$( { mv "${src}" "${destination}"; } 2>&1 )
     chmod 644 "${destination}"
 
     if [[ ! -e "${destination}" ]]; then
@@ -870,15 +870,19 @@ gravity_Cleanup() {
 
 database_recovery() {
   local result
-  local str="Checking integrity of existing gravity database"
+  local str="Checking integrity of existing gravity database (this can take a while)"
   local option="${1}"
   echo -ne "  ${INFO} ${str}..."
-  if result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA integrity_check" 2>&1)"; then
+  result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA integrity_check" 2>&1)"
+
+  if [[ ${result} = "ok" ]]; then
     echo -e "${OVER}  ${TICK} ${str} - no errors found"
 
-    str="Checking foreign keys of existing gravity database"
+    str="Checking foreign keys of existing gravity database (this can take a while)"
     echo -ne "  ${INFO} ${str}..."
-    if result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA foreign_key_check" 2>&1)"; then
+    unset result
+    result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA foreign_key_check" 2>&1)"
+    if [[ -z ${result} ]]; then
       echo -e "${OVER}  ${TICK} ${str} - no errors found"
       if [[ "${option}" != "force" ]]; then
         return

manpages/pihole.8

@@ -11,8 +11,6 @@ Pi-hole : A black-hole for internet advertisements
 .br
 \fBpihole -a\fR (\fB-c|-f|-k\fR)
 .br
-\fBpihole -a -e\fR email
-.br
 \fBpihole -a -i\fR interface
 .br
 \fBpihole -a -l\fR privacylevel
@@ -132,9 +130,6 @@ Available commands and options:
       -f, fahrenheit    Set Fahrenheit as preferred temperature unit
 .br
       -k, kelvin        Set Kelvin as preferred temperature unit
-.br
-      -e, email         Set an administrative contact address for the
-                        Block Page
 .br
       -i, interface     Specify dnsmasq's interface listening behavior
 .br
@@ -187,12 +182,12 @@ Available commands and options:
 
 	(Logging options):
 .br
-      on                Enable the Pi-hole log at /var/log/pihole.log
+      on                Enable the Pi-hole log at /var/log/pihole/pihole.log
 .br
       off               Disable and flush the Pi-hole log at
-                        /var/log/pihole.log
+                        /var/log/pihole/pihole.log
 .br
-      off noflush       Disable the Pi-hole log at /var/log/pihole.log
+      off noflush       Disable the Pi-hole log at /var/log/pihole/pihole.log
 .br
 
 \fB-up, updatePihole\fR [--check-only]

pihole

@@ -16,7 +16,6 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
 # error due to modifying a readonly variable.
 setupVars="/etc/pihole/setupVars.conf"
 PI_HOLE_BIN_DIR="/usr/local/bin"
-readonly FTL_PID_FILE="/run/pihole-FTL.pid"
 
 readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
 source "${colfile}"
@@ -36,19 +35,20 @@ listFunc() {
 }
 
 debugFunc() {
-  local automated
-  local web
+    local automated
+    local web
+    local check_database_integrity
+    # Pull off the `debug` leaving passed call augmentation flags in $1
+    shift
 
-  # Pull off the `debug` leaving passed call augmentation flags in $1
-  shift
-  if [[ "$@" == *"-a"* ]]; then
-    automated="true"
-  fi
-  if [[ "$@" == *"-w"* ]]; then
-    web="true"
-  fi
+    for value in "$@"; do
+        [[ "$value"  == *"-a"* ]] && automated="true"
+        [[ "$value"  == *"-w"* ]] && web="true"
+        [[ "$value"  == *"-c"* ]] && check_database_integrity="true"
+        [[ "$value" == *"--check_database"* ]] && check_database_integrity="true"
+    done
 
-  AUTOMATED=${automated:-} WEBCALL=${web:-} "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
+  AUTOMATED=${automated:-} WEBCALL=${web:-} CHECK_DATABASE=${check_database_integrity:-} "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
   exit 0
 }
 
@@ -100,34 +100,21 @@ versionFunc() {
   exec "${PI_HOLE_SCRIPT_DIR}"/version.sh "$@"
 }
 
-# Get PID of main pihole-FTL process
-getFTLPID() {
-  local pid
-
-  if [ -s "${FTL_PID_FILE}" ]; then
-    # -s: FILE exists and has a size greater than zero
-    pid="$(<"$FTL_PID_FILE")"
-    # Exploit prevention: unset the variable if there is malicious content
-    # Verify that the value read from the file is numeric
-    [[ "$pid" =~ [^[:digit:]] ]] && unset pid
-  fi
-
-  # If FTL is not running, or the PID file contains malicious stuff, substitute
-  # negative PID to signal this to the caller
-  echo "${pid:=-1}"
-}
-
 restartDNS() {
-  local svcOption svc str output status pid icon
+  local svcOption svc str output status pid icon FTL_PID_FILE
   svcOption="${1:-restart}"
 
+  # get the current path to the pihole-FTL.pid
+  FTL_PID_FILE="$(getFTLPIDFile)"
+
   # Determine if we should reload or restart
   if [[ "${svcOption}" =~ "reload-lists" ]]; then
     # Reloading of the lists has been requested
     # Note 1: This will NOT re-read any *.conf files
     # Note 2: We cannot use killall here as it does
     #         not know about real-time signals
-    pid="$(getFTLPID)"
+
+    pid="$(getFTLPID ${FTL_PID_FILE})"
     if [[ "$pid" -eq "-1" ]]; then
       svc="true"
       str="FTL is not running"
@@ -140,7 +127,7 @@ restartDNS() {
   elif [[ "${svcOption}" =~ "reload" ]]; then
     # Reloading of the DNS cache has been requested
     # Note: This will NOT re-read any *.conf files
-    pid="$(getFTLPID)"
+    pid="$(getFTLPID ${FTL_PID_FILE})"
     if [[ "$pid" -eq "-1" ]]; then
       svc="true"
       str="FTL is not running"
@@ -254,9 +241,9 @@ Example: 'pihole logging on'
 Specify whether the Pi-hole log should be used
 
 Options:
-  on                  Enable the Pi-hole log at /var/log/pihole.log
-  off                 Disable and flush the Pi-hole log at /var/log/pihole.log
-  off noflush         Disable the Pi-hole log at /var/log/pihole.log"
+  on                  Enable the Pi-hole log at /var/log/pihole/pihole.log
+  off                 Disable and flush the Pi-hole log at /var/log/pihole/pihole.log
+  off noflush         Disable the Pi-hole log at /var/log/pihole/pihole.log"
     exit 0
   elif [[ "${1}" == "off" ]]; then
     # Disable logging
@@ -315,33 +302,37 @@ analyze_ports() {
 }
 
 statusFunc() {
-  # Determine if there is pihole-FTL service is listening
-  local pid port ftl_api_port
+    # Determine if there is pihole-FTL service is listening
+    local pid port ftl_api_port ftl_pid_file ftl_apiport_file
 
-  pid="$(getFTLPID)"
-  ftl_api_port="$(getFTLAPIPort)"
-  if [[ "$pid" -eq "-1" ]]; then
-    case "${1}" in
-      "web") echo "-1";;
-      *) echo -e "  ${CROSS} DNS service is NOT running";;
-    esac
-    return 0
-  else
-    #get the DNS port pihole-FTL is listening on by using FTL's telnet API
-    port="$(echo ">dns-port >quit" | nc 127.0.0.1 "$ftl_api_port")"
-    if [[ "${port}" == "0" ]]; then
-      case "${1}" in
-        "web") echo "-1";;
-        *) echo -e "  ${CROSS} DNS service is NOT listening";;
-      esac
-      return 0
+    ftl_pid_file="$(getFTLPIDFile)"
+
+    pid="$(getFTLPID ${ftl_pid_file})"
+
+    ftl_apiport_file="${getFTLAPIPortFile}"
+    ftl_api_port="$(getFTLAPIPort ${ftl_apiport_file})"
+    if [[ "$pid" -eq "-1" ]]; then
+        case "${1}" in
+            "web") echo "-1";;
+            *) echo -e "  ${CROSS} DNS service is NOT running";;
+        esac
+        return 0
     else
-      if [[ "${1}" != "web" ]]; then
-        echo -e "  ${TICK} FTL is listening on port ${port}"
-        analyze_ports "${port}"
-      fi
+        #get the DNS port pihole-FTL is listening on by using FTL's telnet API
+        port="$(echo ">dns-port >quit" | nc 127.0.0.1 "$ftl_api_port")"
+        if [[ "${port}" == "0" ]]; then
+            case "${1}" in
+                "web") echo "-1";;
+                *) echo -e "  ${CROSS} DNS service is NOT listening";;
+            esac
+            return 0
+        else
+            if [[ "${1}" != "web" ]]; then
+                echo -e "  ${TICK} FTL is listening on port ${port}"
+                analyze_ports "${port}"
+            fi
+        fi
     fi
-  fi
 
   # Determine if Pi-hole's blocking is enabled
   if grep -q "BLOCKING_ENABLED=false" /etc/pihole/setupVars.conf; then
@@ -382,7 +373,7 @@ tailFunc() {
   # Color blocklist/blacklist/wildcard entries as red
   # Color A/AAAA/DHCP strings as white
   # Color everything else as gray
-  tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \
+  tail -f /var/log/pihole/pihole.log | grep --line-buffered "${1}" | sed -E \
     -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
     -e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \
     -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
@@ -455,6 +446,7 @@ Whitelist/Blacklist Options:
 
 Debugging Options:
   -d, debug           Start a debugging session
+                        Add '-c' or '--check-database' to include a Pi-hole database integrity check
                         Add '-a' to automatically upload the log to tricorder.pi-hole.net
   -f, flush           Flush the Pi-hole log
   -r, reconfigure     Reconfigure or Repair Pi-hole subsystems
@@ -503,7 +495,7 @@ case "${1}" in
   "-c" | "chronometer"          ) chronometerFunc "$@";;
   "-q" | "query"                ) queryFunc "$@";;
   "status"                      ) statusFunc "$2";;
-  "-t" | "tail"                 ) tailFunc "$2";;
+
   "tricorder"                   ) tricorderFunc;;
 
   # we need to add all arguments that require sudo power to not trigger the * argument
@@ -527,6 +519,7 @@ case "${1}" in
   "checkout"                    ) ;;
   "updatechecker"               ) ;;
   "arpflush"                    ) ;;
+  "-t" | "tail"                 ) ;;
   *                             ) helpFunc;;
 esac
 
@@ -563,4 +556,5 @@ case "${1}" in
   "checkout"                    ) piholeCheckoutFunc "$@";;
   "updatechecker"               ) updateCheckFunc "$@";;
   "arpflush"                    ) arpFunc "$@";;
+  "-t" | "tail"                 ) tailFunc "$2";;
 esac

test/_centos_7.Dockerfile

@@ -1,18 +0,0 @@
-FROM centos:7
-RUN yum install -y git
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_centos_8.Dockerfile

@@ -12,7 +12,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_debian_10.Dockerfile

@@ -11,7 +11,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_debian_11.Dockerfile

@@ -11,7 +11,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_debian_9.Dockerfile

@@ -1,17 +0,0 @@
-FROM buildpack-deps:stretch-scm
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_fedora_33.Dockerfile

@@ -1,18 +0,0 @@
-FROM fedora:33
-RUN dnf install -y git
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_fedora_34.Dockerfile

@@ -12,7 +12,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_16.Dockerfile

@@ -1,17 +0,0 @@
-FROM buildpack-deps:xenial-scm
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_18.Dockerfile

@@ -1,17 +0,0 @@
-FROM buildpack-deps:bionic-scm
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_20.Dockerfile

@@ -12,7 +12,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_22.Dockerfile

@@ -1,4 +1,4 @@
-FROM buildpack-deps:impish-scm
+FROM buildpack-deps:jammy-scm
 
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -12,7 +12,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/test_any_automated_install.py

@@ -116,9 +116,9 @@ def test_installPiholeWeb_fresh_install_no_errors(host):
     source /opt/pihole/basic-install.sh
     installPiholeWeb
     ''')
-    expected_stdout = info_box + ' Installing blocking page...'
+    expected_stdout = info_box + ' Installing 404 page...'
     assert expected_stdout in installWeb.stdout
-    expected_stdout = tick_box + (' Creating directory for blocking page, '
+    expected_stdout = tick_box + (' Creating directory for 404 page, '
                                   'and copying files')
     assert expected_stdout in installWeb.stdout
     expected_stdout = info_box + ' Backing up index.lighttpd.html'
@@ -130,7 +130,6 @@ def test_installPiholeWeb_fresh_install_no_errors(host):
     assert expected_stdout in installWeb.stdout
     web_directory = host.run('ls -r /var/www/html/pihole').stdout
     assert 'index.php' in web_directory
-    assert 'blockingpage.css' in web_directory
 
 
 def get_directories_recursive(host, directory):
@@ -150,10 +149,10 @@ def get_directories_recursive(host, directory):
 
 def test_installPihole_fresh_install_readableFiles(host):
     '''
-    confirms all neccessary files are readable by pihole user
+    confirms all necessary files are readable by pihole user
     '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # dialog returns Cancel for user prompt
+    mock_command('dialog', {'*': ('', '0')}, host)
     # mock git pull
     mock_command_passthrough('git', {'pull': ('', '0')}, host)
     # mock systemctl to not start lighttpd and FTL
@@ -240,24 +239,14 @@ def test_installPihole_fresh_install_readableFiles(host):
         'r', '/etc/pihole/dns-servers.conf', piholeuser)
     actual_rc = host.run(check_servers).rc
     assert exit_status_success == actual_rc
-    # readable GitHubVersions
-    check_version = test_cmd.format(
-        'r', '/etc/pihole/GitHubVersions', piholeuser)
-    actual_rc = host.run(check_version).rc
-    assert exit_status_success == actual_rc
     # readable install.log
     check_install = test_cmd.format(
         'r', '/etc/pihole/install.log', piholeuser)
     actual_rc = host.run(check_install).rc
     assert exit_status_success == actual_rc
-    # readable localbranches
-    check_localbranch = test_cmd.format(
-        'r', '/etc/pihole/localbranches', piholeuser)
-    actual_rc = host.run(check_localbranch).rc
-    assert exit_status_success == actual_rc
-    # readable localversions
+    # readable versions
     check_localversion = test_cmd.format(
-        'r', '/etc/pihole/localversions', piholeuser)
+        'r', '/etc/pihole/versions', piholeuser)
     actual_rc = host.run(check_localversion).rc
     assert exit_status_success == actual_rc
     # readable logrotate
@@ -393,8 +382,8 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
         "127.0.0.1",
         # "pi.hole"
     ]
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # dialog returns Cancel for user prompt
+    mock_command('dialog', {'*': ('', '0')}, host)
 
     # mock git pull
     mock_command_passthrough('git', {'pull': ('', '0')}, host)
@@ -483,7 +472,6 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
         setup_var_file += "{}={}\n".format(k, v)
     setup_var_file += "INSTALL_WEB_SERVER=true\n"
     setup_var_file += "INSTALL_WEB_INTERFACE=true\n"
-    setup_var_file += "IPV4_ADDRESS=127.0.0.1\n"
     setup_var_file += "EOF\n"
     host.run(setup_var_file)
     installWeb = host.run('''
@@ -606,10 +594,6 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
             'r', webroot + '/pihole/index.php', webuser)
         actual_rc = host.run(check_index).rc
         assert exit_status_success == actual_rc
-        check_blockpage = test_cmd.format(
-            'r', webroot + '/pihole/blockingpage.css', webuser)
-        actual_rc = host.run(check_blockpage).rc
-        assert exit_status_success == actual_rc
         if test_webpage is True:
             # check webpage for unreadable files
             noPHPfopen = re.compile(
@@ -871,8 +855,8 @@ def test_FTL_download_aarch64_no_errors(host):
     '''
     confirms only aarch64 package is downloaded for FTL engine
     '''
-    # mock whiptail answers and ensure installer dependencies
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # mock dialog answers and ensure installer dependencies
+    mock_command('dialog', {'*': ('', '0')}, host)
     host.run('''
     source /opt/pihole/basic-install.sh
     package_manager_detect
@@ -896,30 +880,17 @@ def test_FTL_binary_installed_and_responsive_no_errors(host):
     source /opt/pihole/basic-install.sh
     create_pihole_user
     funcOutput=$(get_binary_name)
+    echo "development" > /etc/pihole/ftlbranch
     binary="pihole-FTL${funcOutput##*pihole-FTL}"
     theRest="${funcOutput%pihole-FTL*}"
     FTLdetect "${binary}" "${theRest}"
-    pihole-FTL version
+    ''')
+    version_check = host.run('''
+    VERSION=$(pihole-FTL version)
+    echo ${VERSION:0:1}
     ''')
     expected_stdout = 'v'
-    assert expected_stdout in installed_binary.stdout
-
-
-# def test_FTL_support_files_installed(host):
-#     '''
-#     confirms FTL support files are installed
-#     '''
-#     support_files = host.run('''
-#     source /opt/pihole/basic-install.sh
-#     FTLdetect
-#     stat -c '%a %n' /var/log/pihole-FTL.log
-#     stat -c '%a %n' /run/pihole-FTL.port
-#     stat -c '%a %n' /run/pihole-FTL.pid
-#     ls -lac /run
-#     ''')
-#     assert '644 /run/pihole-FTL.port' in support_files.stdout
-#     assert '644 /run/pihole-FTL.pid' in support_files.stdout
-#     assert '644 /var/log/pihole-FTL.log' in support_files.stdout
+    assert expected_stdout in version_check.stdout
 
 
 def test_IPv6_only_link_local(host):
@@ -1118,40 +1089,38 @@ def test_os_check_passes(host):
 
 def test_package_manager_has_installer_deps(host):
     ''' Confirms OS is able to install the required packages for the installer'''
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    mock_command('dialog', {'*': ('', '0')}, host)
     output = host.run('''
     source /opt/pihole/basic-install.sh
     package_manager_detect
     install_dependent_packages ${INSTALLER_DEPS[@]}
     ''')
 
-    assert 'No package' not in output.stdout  # centos7 still exits 0...
+    assert 'No package' not in output.stdout
     assert output.rc == 0
 
 
 def test_package_manager_has_pihole_deps(host):
     ''' Confirms OS is able to install the required packages for Pi-hole '''
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    mock_command('dialog', {'*': ('', '0')}, host)
     output = host.run('''
     source /opt/pihole/basic-install.sh
     package_manager_detect
-    select_rpm_php
     install_dependent_packages ${PIHOLE_DEPS[@]}
     ''')
 
-    assert 'No package' not in output.stdout  # centos7 still exits 0...
+    assert 'No package' not in output.stdout
     assert output.rc == 0
 
 
 def test_package_manager_has_web_deps(host):
     ''' Confirms OS is able to install the required packages for web '''
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    mock_command('dialog', {'*': ('', '0')}, host)
     output = host.run('''
     source /opt/pihole/basic-install.sh
     package_manager_detect
-    select_rpm_php
     install_dependent_packages ${PIHOLE_WEB_DEPS[@]}
     ''')
 
-    assert 'No package' not in output.stdout  # centos7 still exits 0...
+    assert 'No package' not in output.stdout
     assert output.rc == 0

test/test_any_utils.py

@@ -50,25 +50,73 @@ def test_key_removal_works(host):
     assert expected_stdout == output.stdout
 
 
+def test_getFTLAPIPortFile_default(host):
+    ''' Confirms getFTLAPIPortFile returns the default API port file path '''
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    getFTLAPIPortFile
+    ''')
+    expected_stdout = '/run/pihole-FTL.port\n'
+    assert expected_stdout == output.stdout
+
+
 def test_getFTLAPIPort_default(host):
     ''' Confirms getFTLAPIPort returns the default API port '''
     output = host.run('''
     source /opt/pihole/utils.sh
-    getFTLAPIPort
+    getFTLAPIPort "/run/pihole-FTL.port"
     ''')
     expected_stdout = '4711\n'
     assert expected_stdout == output.stdout
 
 
-def test_getFTLAPIPort_custom(host):
+def test_getFTLAPIPortFile_and_getFTLAPIPort_custom(host):
     ''' Confirms getFTLAPIPort returns a custom API port in a custom PORTFILE location '''
     host.run('''
-    echo "PORTFILE=/tmp/port.file" > /etc/pihole/pihole-FTL.conf
-    echo "1234" > /tmp/port.file
+    tmpfile=$(mktemp)
+    echo "PORTFILE=${tmpfile}" > /etc/pihole/pihole-FTL.conf
+    echo "1234" > ${tmpfile}
     ''')
     output = host.run('''
     source /opt/pihole/utils.sh
-    getFTLAPIPort
+    FTL_API_PORT_FILE=$(getFTLAPIPortFile)
+    getFTLAPIPort "${FTL_API_PORT_FILE}"
+    ''')
+    expected_stdout = '1234\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLPIDFile_default(host):
+    ''' Confirms getFTLPIDFile returns the default PID file path '''
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    getFTLPIDFile
+    ''')
+    expected_stdout = '/run/pihole-FTL.pid\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLPID_default(host):
+    ''' Confirms getFTLPID returns the default value if FTL is not running '''
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    getFTLPID
+    ''')
+    expected_stdout = '-1\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLPIDFile_and_getFTLPID_custom(host):
+    ''' Confirms getFTLPIDFile returns a custom PID file path '''
+    host.run('''
+    tmpfile=$(mktemp)
+    echo "PIDFILE=${tmpfile}" > /etc/pihole/pihole-FTL.conf
+    echo "1234" > ${tmpfile}
+    ''')
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    FTL_PID_FILE=$(getFTLPIDFile)
+    getFTLPID "${FTL_PID_FILE}"
     ''')
     expected_stdout = '1234\n'
     assert expected_stdout == output.stdout

test/test_centos_7_support.py

@@ -1,63 +0,0 @@
-from .conftest import (
-    tick_box,
-    info_box,
-    mock_command,
-)
-
-
-def test_php_upgrade_default_optout_centos_eq_7(host):
-    '''
-    confirms the default behavior to opt-out of installing PHP7 from REMI
-    '''
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optout_centos_eq_7(host):
-    '''
-    confirms installer behavior when user opt-out of installing PHP7 from REMI
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optin_centos_eq_7(host):
-    '''
-    confirms installer behavior when user opt-in to installing PHP7 from REMI
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    assert 'opt-out' not in package_manager_detect.stdout
-    expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
-                                  '(https://rpms.remirepo.net)')
-    assert expected_stdout in package_manager_detect.stdout
-    expected_stdout = tick_box + (' Remi\'s RPM repository has '
-                                  'been enabled for PHP7')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert remi_package.is_installed

test/test_centos_8_support.py

@@ -1,68 +0,0 @@
-from .conftest import (
-    tick_box,
-    info_box,
-    mock_command,
-)
-
-
-def test_php_upgrade_default_continue_centos_gte_8(host):
-    '''
-    confirms the latest version of CentOS continues / does not optout
-    (should trigger on CentOS7 only)
-    '''
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
-                                    ' Deprecated PHP may be in use.')
-    assert unexpected_stdout not in package_manager_detect.stdout
-    # ensure remi was not installed on latest CentOS
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optout_skipped_centos_gte_8(host):
-    '''
-    confirms installer skips user opt-out of installing PHP7 from REMI on
-    latest CentOS (should trigger on CentOS7 only)
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
-                                    ' Deprecated PHP may be in use.')
-    assert unexpected_stdout not in package_manager_detect.stdout
-    # ensure remi was not installed on latest CentOS
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optin_skipped_centos_gte_8(host):
-    '''
-    confirms installer skips user opt-in to installing PHP7 from REMI on
-    latest CentOS (should trigger on CentOS7 only)
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    assert 'opt-out' not in package_manager_detect.stdout
-    unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository '
-                                    '(https://rpms.remirepo.net)')
-    assert unexpected_stdout not in package_manager_detect.stdout
-    unexpected_stdout = tick_box + (' Remi\'s RPM repository has '
-                                    'been enabled for PHP7')
-    assert unexpected_stdout not in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed

test/test_centos_common_support.py

@@ -7,23 +7,6 @@ from .conftest import (
 )
 
 
-def test_release_supported_version_check_centos(host):
-    '''
-    confirms installer exits on unsupported releases of CentOS
-    '''
-    # modify /etc/redhat-release to mock an unsupported CentOS release
-    host.run('echo "CentOS Linux release 6.9" > /etc/redhat-release')
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    expected_stdout = cross_box + (' CentOS 6 is not supported.')
-    assert expected_stdout in package_manager_detect.stdout
-    expected_stdout = 'Please update to CentOS release 7 or later'
-    assert expected_stdout in package_manager_detect.stdout
-
-
 def test_enable_epel_repository_centos(host):
     '''
     confirms the EPEL package repository is enabled when installed on CentOS
@@ -31,95 +14,11 @@ def test_enable_epel_repository_centos(host):
     package_manager_detect = host.run('''
     source /opt/pihole/basic-install.sh
     package_manager_detect
-    select_rpm_php
     ''')
     expected_stdout = info_box + (' Enabling EPEL package repository '
                                   '(https://fedoraproject.org/wiki/EPEL)')
     assert expected_stdout in package_manager_detect.stdout
-    expected_stdout = tick_box + ' Installed epel-release'
+    expected_stdout = tick_box + ' Installed'
     assert expected_stdout in package_manager_detect.stdout
     epel_package = host.package('epel-release')
     assert epel_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_default_optout_centos(host):
-    '''
-    confirms the default behavior to opt-out of upgrading to PHP7 from REMI
-    '''
-    # first we will install the default php version to test installer behavior
-    php_install = host.run('yum install -y php')
-    assert php_install.rc == 0
-    php_package = host.package('php')
-    default_centos_php_version = php_package.version.split('.')[0]
-    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
-        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_user_optout_centos(host):
-    '''
-    confirms installer behavior when user opt-out to upgrade to PHP7 via REMI
-    '''
-    # first we will install the default php version to test installer behavior
-    php_install = host.run('yum install -y php')
-    assert php_install.rc == 0
-    php_package = host.package('php')
-    default_centos_php_version = php_package.version.split('.')[0]
-    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
-        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_user_optin_centos(host):
-    '''
-    confirms installer behavior when user opt-in to upgrade to PHP7 via REMI
-    '''
-    # first we will install the default php version to test installer behavior
-    php_install = host.run('yum install -y php')
-    assert php_install.rc == 0
-    php_package = host.package('php')
-    default_centos_php_version = php_package.version.split('.')[0]
-    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
-        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    install_dependent_packages PIHOLE_WEB_DEPS[@]
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout not in package_manager_detect.stdout
-    expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
-                                  '(https://rpms.remirepo.net)')
-    assert expected_stdout in package_manager_detect.stdout
-    expected_stdout = tick_box + (' Remi\'s RPM repository has '
-                                  'been enabled for PHP7')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert remi_package.is_installed
-    updated_php_package = host.package('php')
-    updated_php_version = updated_php_package.version.split('.')[0]
-    assert int(updated_php_version) == 7

test/test_centos_fedora_common_support.py

@@ -30,7 +30,7 @@ def test_selinux_enforcing_exit(host):
     source /opt/pihole/basic-install.sh
     checkSelinux
     ''')
-    expected_stdout = cross_box + ' Current SELinux: Enforcing'
+    expected_stdout = cross_box + ' Current SELinux: enforcing'
     assert expected_stdout in check_selinux.stdout
     expected_stdout = 'SELinux Enforcing detected, exiting installer'
     assert expected_stdout in check_selinux.stdout
@@ -46,7 +46,7 @@ def test_selinux_permissive(host):
     source /opt/pihole/basic-install.sh
     checkSelinux
     ''')
-    expected_stdout = tick_box + ' Current SELinux: Permissive'
+    expected_stdout = tick_box + ' Current SELinux: permissive'
     assert expected_stdout in check_selinux.stdout
     assert check_selinux.rc == 0
 
@@ -60,6 +60,6 @@ def test_selinux_disabled(host):
     source /opt/pihole/basic-install.sh
     checkSelinux
     ''')
-    expected_stdout = tick_box + ' Current SELinux: Disabled'
+    expected_stdout = tick_box + ' Current SELinux: disabled'
     assert expected_stdout in check_selinux.stdout
     assert check_selinux.rc == 0

test/test_fedora_support.py

@@ -6,11 +6,8 @@ def test_epel_and_remi_not_installed_fedora(host):
     package_manager_detect = host.run('''
     source /opt/pihole/basic-install.sh
     package_manager_detect
-    select_rpm_php
     ''')
     assert package_manager_detect.stdout == ''
 
     epel_package = host.package('epel-release')
     assert not epel_package.is_installed
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed

test/tox.centos_7.ini

@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _centos_7.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py ./test_centos_7_support.py

test/tox.centos_8.ini

@@ -5,4 +5,4 @@ envlist = py38
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _centos_8.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py ./test_centos_8_support.py
+           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py

test/tox.debian_9.ini

@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _debian_9.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py

test/tox.fedora_33.ini

@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _fedora_33.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_fedora_support.py

test/tox.ubuntu_18.ini

@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _ubuntu_18.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py

test/tox.ubuntu_21.ini

@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _ubuntu_21.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py

test/tox.ubuntu_22.ini

@@ -4,5 +4,5 @@ envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
-commands = docker build -f _ubuntu_16.Dockerfile -t pytest_pihole:test_container ../
+commands = docker build -f _ubuntu_22.Dockerfile -t pytest_pihole:test_container ../
            pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py