Merge pull request #4812 from pi-hole/development

Pi-hole core 5.11.4
Merge pull request #4811 from pi-hole/CAPS
2022-07-10 13:52:38 +01:00 · 2022-07-10 13:43:29 +01:00 · 2022-07-10 14:33:43 +02:00 · 2022-07-10 14:33:24 +02:00 · 2022-07-10 13:25:45 +02:00 · 2022-07-10 11:50:09 +01:00
59 changed files with 1169 additions and 729 deletions
--- a/.codespellignore
+++ b/.codespellignore
@@ -0,0 +1,3 @@
+doubleclick
+wan
+nwe
--- a/.editorconfig
+++ b/.editorconfig
@@ -13,26 +13,8 @@ tab_width = 4
 charset = utf-8
 trim_trailing_whitespace = true

-# Matches multiple files with brace expansion notation
-# Set default charset
-[*.{js,py}]
-charset = utf-8
+[*.yml]
+tab_width = 2

-# 4 space indentation
-[*.py]
-indent_style = space
-indent_size = 4
-
-# Tab indentation (no size specified)
-[Makefile]
-indent_style = tab
-
-# Indentation override for all JS under lib directory
-[scripts/**.js]
-indent_style = space
-indent_size = 2
-
-# Matches the exact files either package.json or .travis.yml
-[{package.json,.travis.yml}]
-indent_style = space
-indent_size = 2
+[*.md]
+tab_width = 2
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,4 +7,6 @@ updates:
    day: saturday
    time: "10:00"
  open-pull-requests-limit: 10
-  target-branch: developement
+  target-branch: development
+  reviewers:
+    - "pi-hole/core-maintainers"
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -25,16 +25,16 @@ jobs:
    steps:
    -
      name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    # Initializes the CodeQL tools for scanning.
    -
      name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
      with:
        languages: 'python'
    -
      name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
    -
      name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -2,7 +2,7 @@ name: Mark stale issues

 on:
  schedule:
-  - cron: '0 * * * *'
+    - cron: '0 8 * * *'
  workflow_dispatch:

 jobs:
@@ -13,13 +13,14 @@ jobs:
      issues: write

    steps:
-    - uses: actions/stale@v4
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        days-before-stale: 30
-        days-before-close: 5
-        stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
-        stale-issue-label: 'stale'
-        exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed'
-        exempt-all-issue-assignees: true
-        operations-per-run: 300
+      - uses: actions/stale@v5
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 30
+          days-before-close: 5
+          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
+          stale-issue-label: 'stale'
+          exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'
+          exempt-all-issue-assignees: true
+          operations-per-run: 300
+          close-issue-reason: 'not_planned'
--- a/.github/workflows/sync-back-to-dev.yml
+++ b/.github/workflows/sync-back-to-dev.yml
@@ -11,7 +11,7 @@ jobs:
    name: Syncing branches
    steps:
      - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Opening pull request
        id: pull
        uses: tretuna/sync-branches@1.4.0
@@ -19,7 +19,6 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          FROM_BRANCH: 'master'
          TO_BRANCH: 'development'
-          CONTENT_COMPARISON: true
      - name: Label the pull request to ignore for release note generation
        uses: actions-ecosystem/action-add-labels@v1
        with:
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,40 +4,54 @@ on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]

+permissions:
+  contents: read
+
 jobs:
-  smoke-test:
+  smoke-tests:
    if: github.event.pull_request.draft == false
    runs-on: ubuntu-latest
    steps:
    -
      name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    -
-      name: Run Smoke Tests
+      name: Check scripts in repository are executable
      run: |
-        # Ensure scripts in repository are executable
        IFS=$'\n';
        for f in $(find . -name '*.sh'); do if [[ ! -x $f ]]; then echo "$f is not executable" && FAIL=1; fi ;done
        unset IFS;
        # If FAIL is 1 then we fail.
-        [[ $FAIL == 1 ]] && exit 1 || echo "Smoke Tests Passed"
+        [[ $FAIL == 1 ]] && exit 1 || echo "Scripts are executable!"
+    -
+      name: Spell-Checking
+      uses: codespell-project/actions-codespell@master
+      with:
+        ignore_words_file: .codespellignore
+    -
+      name: Get editorconfig-checker
+      uses: editorconfig-checker/action-editorconfig-checker@main
+    -
+      name: Run editorconfig-checker
+      run: editorconfig-checker
+

  distro-test:
    if: github.event.pull_request.draft == false
    runs-on: ubuntu-latest
-    needs: smoke-test
+    needs: smoke-tests
    strategy:
      matrix:
-        distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_33, fedora_34]
+        distro: [debian_10, debian_11, ubuntu_18, ubuntu_20, ubuntu_21, ubuntu_22, centos_7, centos_8, fedora_34]
    env:
      DISTRO: ${{matrix.distro}}
    steps:
    -
      name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    -
      name: Set up Python 3.8
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
      with:
        python-version: 3.8
    -
--- a/.stickler.yml
+++ b/.stickler.yml
@@ -1,6 +1,10 @@
+---
 linters:
  shellcheck:
    shell: bash
  phpcs:
  flake8:
    max-line-length: 120
+  yamllint:
+    config: ./.yamllint.conf
+  remarklint:
--- a/.yamllint.conf
+++ b/.yamllint.conf
@@ -0,0 +1,3 @@
+rules:
+  line-length: disable
+  document-start: disable
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -3,5 +3,3 @@
 Please read and understand the contribution guide before creating an issue or pull request.

 The guide can be found here: [https://docs.pi-hole.net/guides/github/contributing/](https://docs.pi-hole.net/guides/github/contributing/)
-
-
--- a/README.md
+++ b/README.md
@@ -3,8 +3,11 @@
 #

 <p align="center">
-    <a href="https://pi-hole.net/">
-        <img src="https://pi-hole.github.io/graphics/Vortex/Vortex_with_Wordmark.svg" width="150" height="260" alt="Pi-hole">
+    <a href="https://pi-hole.net/#gh-light-mode-only">
+        <img src="https://github.com/pi-hole/graphics/blob/master/Vortex/Vortex_Vertical_wordmark_lightmode.png?raw=true)" alt="Pi-hole">
+    </a>
+        <a href="https://pi-hole.net/#gh-dark-mode-only">
+        <img src="https://github.com/pi-hole/graphics/blob/master/Vortex/Vortex_Vertical_wordmark_darkmode.png?raw=true" alt="Pi-hole">
    </a>
    <br>
    <strong>Network-wide ad blocking via your own Linux hardware</strong>
@@ -161,4 +164,4 @@ Some notable features include:
 There are several ways to [access the dashboard](https://discourse.pi-hole.net/t/how-do-i-access-pi-holes-dashboard-admin-interface/3168):

 1. `http://pi.hole/admin/` (when using Pi-hole as your DNS server)
-2. `http://<IP_ADDPRESS_OF_YOUR_PI_HOLE>/admin/`
+2. `http://<IP_ADDRESS_OF_YOUR_PI_HOLE>/admin/`
--- a/advanced/01-pihole.conf
+++ b/advanced/01-pihole.conf
@@ -37,6 +37,6 @@ interface=@INT@
 cache-size=@CACHE_SIZE@

 log-queries
-log-facility=/var/log/pihole.log
+log-facility=/var/log/pihole/pihole.log

 log-async
--- a/advanced/Scripts/COL_TABLE
+++ b/advanced/Scripts/COL_TABLE
@@ -1,5 +1,5 @@
 # Determine if terminal is capable of showing colors
-if [[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]; then
+if ([[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]) || [[ "${WEBCALL}" ]]; then
  # Bold and underline may not show up on all clients
  # If something MUST be emphasized, use both
  COL_BOLD='[1m'
--- a/advanced/Scripts/database_migration/gravity/11_to_12.sql
+++ b/advanced/Scripts/database_migration/gravity/11_to_12.sql
@@ -16,4 +16,4 @@ CREATE TRIGGER tr_group_zero AFTER DELETE ON "group"

 UPDATE info SET value = 12 WHERE property = 'version';

-COMMIT;
+COMMIT;
--- a/advanced/Scripts/database_migration/gravity/12_to_13.sql
+++ b/advanced/Scripts/database_migration/gravity/12_to_13.sql
@@ -15,4 +15,4 @@ CREATE TRIGGER tr_adlist_update AFTER UPDATE OF address,enabled,comment ON adlis

 UPDATE info SET value = 13 WHERE property = 'version';

-COMMIT;
+COMMIT;
--- a/advanced/Scripts/database_migration/gravity/3_to_4.sql
+++ b/advanced/Scripts/database_migration/gravity/3_to_4.sql
@@ -93,4 +93,4 @@ CREATE VIEW vw_regex_blacklist AS SELECT domain, domainlist.id AS id, domainlist

 UPDATE info SET value = 4 WHERE property = 'version';

-COMMIT;
+COMMIT;
--- a/advanced/Scripts/database_migration/gravity/4_to_5.sql
+++ b/advanced/Scripts/database_migration/gravity/4_to_5.sql
@@ -35,4 +35,4 @@ CREATE TABLE client_by_group

 UPDATE info SET value = 5 WHERE property = 'version';

-COMMIT;
+COMMIT;
--- a/advanced/Scripts/list.sh
+++ b/advanced/Scripts/list.sh
@@ -100,21 +100,29 @@ Options:
 ValidateDomain() {
    # Convert to lowercase
    domain="${1,,}"
+    local str validDomain

    # Check validity of domain (don't check for regex entries)
-    if [[ "${#domain}" -le 253 ]]; then
-        if [[ ( "${typeId}" == "${regex_blacklist}" || "${typeId}" == "${regex_whitelist}" ) && "${wildcard}" == false ]]; then
-            validDomain="${domain}"
-        else
+    if [[ ( "${typeId}" == "${regex_blacklist}" || "${typeId}" == "${regex_whitelist}" ) && "${wildcard}" == false ]]; then
+        validDomain="${domain}"
+    else
+        # Check max length
+        if [[ "${#domain}" -le 253 ]]; then
            validDomain=$(grep -P "^((-|_)*[a-z\\d]((-|_)*[a-z\\d])*(-|_)*)(\\.(-|_)*([a-z\\d]((-|_)*[a-z\\d])*))*$" <<< "${domain}") # Valid chars check
            validDomain=$(grep -P "^[^\\.]{1,63}(\\.[^\\.]{1,63})*$" <<< "${validDomain}") # Length of each label
+            # set error string
+            str="is not a valid argument or domain name!"
+        else
+            validDomain=
+            str="is too long!"
+
        fi
    fi

    if [[ -n "${validDomain}" ]]; then
        domList=("${domList[@]}" "${validDomain}")
    else
-        echo -e "  ${CROSS} ${domain} is not a valid argument or domain name!"
+        echo -e "  ${CROSS} ${domain} ${str}"
    fi

    domaincount=$((domaincount+1))
--- a/advanced/Scripts/piholeCheckout.sh
+++ b/advanced/Scripts/piholeCheckout.sh
@@ -9,7 +9,7 @@
 # Please see LICENSE file for your rights under this license.

 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-PH_TEST="true"
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"

 # webInterfaceGitUrl set in basic-install.sh
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@@ -66,8 +66,8 @@ PIHOLE_DIRECTORY="/etc/pihole"
 PIHOLE_SCRIPTS_DIRECTORY="/opt/pihole"
 BIN_DIRECTORY="/usr/local/bin"
 RUN_DIRECTORY="/run"
-LOG_DIRECTORY="/var/log"
-WEB_SERVER_LOG_DIRECTORY="${LOG_DIRECTORY}/lighttpd"
+LOG_DIRECTORY="/var/log/pihole"
+WEB_SERVER_LOG_DIRECTORY="/var/log/lighttpd"
 WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd"
 HTML_DIRECTORY="/var/www/html"
 WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin"
@@ -129,36 +129,17 @@ FTL_PORT="${RUN_DIRECTORY}/pihole-FTL.port"
 PIHOLE_LOG="${LOG_DIRECTORY}/pihole.log"
 PIHOLE_LOG_GZIPS="${LOG_DIRECTORY}/pihole.log.[0-9].*"
 PIHOLE_DEBUG_LOG="${LOG_DIRECTORY}/pihole_debug.log"
-PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log")"
+PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/FTL.log")"

-PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log"
-PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log"
+PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access-pihole.log"
+PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error-pihole.log"

 RESOLVCONF="${ETC}/resolv.conf"
 DNSMASQ_CONF="${ETC}/dnsmasq.conf"

-# An array of operating system "pretty names" that we officially support
-# We can loop through the array at any time to see if it matches a value
-#SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS")
-
 # Store Pi-hole's processes in an array for easy use and parsing
 PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" )

-# Store the required directories in an array so it can be parsed through
-#REQUIRED_DIRECTORIES=("${CORE_GIT_DIRECTORY}"
-#"${CRON_D_DIRECTORY}"
-#"${DNSMASQ_D_DIRECTORY}"
-#"${PIHOLE_DIRECTORY}"
-#"${PIHOLE_SCRIPTS_DIRECTORY}"
-#"${BIN_DIRECTORY}"
-#"${RUN_DIRECTORY}"
-#"${LOG_DIRECTORY}"
-#"${WEB_SERVER_LOG_DIRECTORY}"
-#"${WEB_SERVER_CONFIG_DIRECTORY}"
-#"${HTML_DIRECTORY}"
-#"${WEB_GIT_DIRECTORY}"
-#"${BLOCK_PAGE_DIRECTORY}")
-
 # Store the required directories in an array so it can be parsed through
 REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
 "${WEB_SERVER_CONFIG_FILE}"
@@ -600,10 +581,10 @@ disk_usage() {
    # Some lines of df might contain sensitive information like usernames and passwords.
    # E.g. curlftpfs filesystems (https://www.looklinux.com/mount-ftp-share-on-linux-using-curlftps/)
    # We are not interested in those lines so we collect keyword, to remove them from the output
-    # Additinal keywords can be added, separated by "|"
+    # Additional keywords can be added, separated by "|"
    hide="curlftpfs"

-    # only show those lines not containg a sensitive phrase
+    # only show those lines not containing a sensitive phrase
    for line in "${file_system[@]}"; do
      if [[ ! $line =~ $hide ]]; then
        log_write "   ${line}"
@@ -906,9 +887,11 @@ dig_at() {
    #          Removes all interfaces which are not UP
    #     s/^[0-9]*: //g;
    #          Removes interface index
+    #     s/@.*//g;
+    #          Removes everything after @ (if found)
    #     s/: <.*//g;
    #          Removes everything after the interface name
-    interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")"
+    interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/@.*//g;s/: <.*//g;")"

    while IFS= read -r iface ; do
        # Get addresses of current interface
@@ -1007,7 +990,7 @@ make_array_from_file() {
    else
        # Otherwise, read the file line by line
        while IFS= read -r line;do
-            # Othwerise, strip out comments and blank lines
+            # Otherwise, strip out comments and blank lines
            new_line=$(echo "${line}" | sed -e 's/^\s*#.*$//' -e '/^$/d')
            # If the line still has content (a non-zero value)
            if [[ -n "${new_line}" ]]; then
@@ -1065,7 +1048,7 @@ parse_file() {
 }

 check_name_resolution() {
-    # Check name resolution from localhost, Pi-hole's IP, and Google's name severs
+    # Check name resolution from localhost, Pi-hole's IP, and Google's name servers
    # using the function we created earlier
    dig_at 4
    dig_at 6
@@ -1273,7 +1256,7 @@ show_clients() {
 }

 show_messages() {
-    show_FTL_db_entries "Pi-hole diagnosis messages" "SELECT id,datetime(timestamp,'unixepoch','localtime') timestamp,type,message,blob1,blob2,blob3,blob4,blob5 FROM message;" "4 19 20 60 20 20 20 20 20"
+    show_FTL_db_entries "Pi-hole diagnosis messages" "SELECT count (message) as count, datetime(max(timestamp),'unixepoch','localtime') as 'last timestamp', type, message, blob1, blob2, blob3, blob4, blob5 FROM message GROUP BY type, message, blob1, blob2, blob3, blob4, blob5;" "6 19 20 60 20 20 20 20 20"
 }

 analyze_gravity_list() {
@@ -1326,7 +1309,7 @@ obfuscated_pihole_log() {
          # If the variable does not a value (the current default behavior), so do not obfuscate anything
          if [[ -z ${OBFUSCATE} ]]; then
              log_write "   ${line}"
-          # Othwerise, a flag was passed to this command to obfuscate domains in the log
+          # Otherwise, a flag was passed to this command to obfuscate domains in the log
          else
              # So first check if there are domains in the log that should be obfuscated
              if [[ -n ${line_to_obfuscate} ]]; then
@@ -1392,7 +1375,7 @@ curl_to_tricorder() {
 upload_to_tricorder() {
    local username="pihole"
    # Set the permissions and owner
-    chmod 644 ${PIHOLE_DEBUG_LOG}
+    chmod 640 ${PIHOLE_DEBUG_LOG}
    chown "$USER":"${username}" ${PIHOLE_DEBUG_LOG}

    # Let the user know debugging is complete with something strikingly visual
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -31,7 +31,7 @@ if [ -z "$DBFILE" ]; then
 fi

 if [[ "$@" != *"quiet"* ]]; then
-    echo -ne "  ${INFO} Flushing /var/log/pihole.log ..."
+    echo -ne "  ${INFO} Flushing /var/log/pihole/pihole.log ..."
 fi
 if [[ "$@" == *"once"* ]]; then
    # Nightly logrotation
@@ -44,9 +44,9 @@ if [[ "$@" == *"once"* ]]; then
        # Note that moving the file is not an option, as
        # dnsmasq would happily continue writing into the
        # moved file (it will have the same file handler)
-        cp -p /var/log/pihole.log /var/log/pihole.log.1
-        echo " " > /var/log/pihole.log
-        chmod 644 /var/log/pihole.log
+        cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
+        echo " " > /var/log/pihole/pihole.log
+        chmod 640 /var/log/pihole/pihole.log
    fi
 else
    # Manual flushing
@@ -56,20 +56,20 @@ else
        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
    else
        # Flush both pihole.log and pihole.log.1 (if existing)
-        echo " " > /var/log/pihole.log
-        if [ -f /var/log/pihole.log.1 ]; then
-            echo " " > /var/log/pihole.log.1
-            chmod 644 /var/log/pihole.log.1
+        echo " " > /var/log/pihole/pihole.log
+        if [ -f /var/log/pihole/pihole.log.1 ]; then
+            echo " " > /var/log/pihole/pihole.log.1
+            chmod 640 /var/log/pihole/pihole.log.1
        fi
    fi
    # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
-    deleted=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1")
+    deleted=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")

    # Restart pihole-FTL to force reloading history
    sudo pihole restartdns
 fi

 if [[ "$@" != *"quiet"* ]]; then
-    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole.log"
+    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole/pihole.log"
    echo -e "  ${TICK} Deleted ${deleted} queries from database"
 fi
--- a/advanced/Scripts/query.sh
+++ b/advanced/Scripts/query.sh
@@ -64,8 +64,8 @@ Example: 'pihole -q -exact domain.com'
 Query the adlists for a specified domain

 Options:
-  -exact              Search the block lists for exact domain matches
-  -all                Return all query matches within a block list
+  -exact              Search the adlists for exact domain matches
+  -all                Return all query matches within the adlists
  -h, --help          Show this help dialog"
  exit 0
 fi
@@ -210,7 +210,7 @@ mapfile -t results <<< "$(scanDatabaseTable "${domainQuery}" "gravity")"

 # Handle notices
 if [[ -z "${wbMatch:-}" ]] && [[ -z "${wcMatch:-}" ]] && [[ -z "${results[*]}" ]]; then
-    echo -e "  ${INFO} No ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC} within the block lists"
+    echo -e "  ${INFO} No ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC} within the adlists"
    exit 0
 elif [[ -z "${results[*]}" ]]; then
    # Result found in WL/BL/Wildcards
--- a/advanced/Scripts/setupLCD.sh
+++ b/advanced/Scripts/setupLCD.sh
@@ -49,7 +49,7 @@ echo /usr/local/bin/chronometer.sh >> /home/pi/.bashrc
 # OR
 #$SUDO echo /usr/local/bin/chronometer.sh >> /etc/profile

-# Set up the LCD screen based on Adafruits instuctions:
+# Set up the LCD screen based on Adafruits instructions:
 # https://learn.adafruit.com/adafruit-pitft-28-inch-resistive-touchscreen-display-raspberry-pi/easy-install
 curl -SLs https://apt.adafruit.com/add-pin | bash
 apt-get -y install raspberrypi-bootloader
--- a/advanced/Scripts/update.sh
+++ b/advanced/Scripts/update.sh
@@ -17,7 +17,7 @@ readonly PI_HOLE_GIT_URL="https://github.com/pi-hole/pi-hole.git"
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"

 # shellcheck disable=SC2034
-PH_TEST=true
+SKIP_INSTALL=true

 # when --check-only is passed to this script, it will not perform the actual update
 CHECK_ONLY=false
--- a/advanced/Scripts/utils.sh
+++ b/advanced/Scripts/utils.sh
@@ -1,4 +1,6 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
+# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions
+
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
@@ -10,26 +12,87 @@

 # Basic Housekeeping rules
 #  - Functions must be self contained
-#  - Functions must be added in alphabetical order
+#  - Functions should be grouped with other similar functions
 #  - Functions must be documented
 #  - New functions must have a test added for them in test/test_any_utils.py

 #######################
-# Takes three arguments key, value, and file.
+# Takes Three arguments: file, key, and value.
+#
 # Checks the target file for the existence of the key
 #   - If it exists, it changes the value
 #   - If it does not exist, it adds the value
 #
 # Example usage:
-# addOrEditKeyValuePair "BLOCKING_ENABLED" "true" "/etc/pihole/setupVars.conf"
+# addOrEditKeyValPair "/etc/pihole/setupVars.conf" "BLOCKING_ENABLED" "true"
 #######################
 addOrEditKeyValPair() {
-  local key="${1}"
-  local value="${2}"
-  local file="${3}"
+  local file="${1}"
+  local key="${2}"
+  local value="${3}"
+
  if grep -q "^${key}=" "${file}"; then
-    sed -i "/^${key}=/c\\${key}=${value}" "${file}"
+      # Key already exists in file, modify the value
+      sed -i "/^${key}=/c\\${key}=${value}" "${file}"
  else
+    # Key does not already exist, add it and it's value
    echo "${key}=${value}" >> "${file}"
  fi
 }
+
+#######################
+# Takes two arguments: file, and key.
+# Adds a key to target file
+#
+# Example usage:
+# addKey "/etc/dnsmasq.d/01-pihole.conf" "log-queries"
+#######################
+addKey(){
+  local file="${1}"
+  local key="${2}"
+
+  if ! grep -q "^${key}" "${file}"; then
+      # Key does not exist, add it.
+      echo "${key}" >> "${file}"
+  fi
+}
+
+#######################
+# Takes two arguments: file, and key.
+# Deletes a key or key/value pair from target file
+#
+# Example usage:
+# removeKey "/etc/pihole/setupVars.conf" "PIHOLE_DNS_1"
+#######################
+removeKey() {
+  local file="${1}"
+  local key="${2}"
+  sed -i "/^${key}/d" "${file}"
+}
+
+#######################
+# returns FTL's current telnet API port
+#######################
+getFTLAPIPort(){
+  local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
+  local DEFAULT_PORT_FILE="/run/pihole-FTL.port"
+  local DEFAULT_FTL_PORT=4711
+  local PORTFILE
+  local ftl_api_port
+
+  if [ -f "$FTLCONFFILE" ]; then
+    # if PORTFILE is not set in pihole-FTL.conf, use the default path
+    PORTFILE="$( (grep "^PORTFILE=" $FTLCONFFILE || echo "$DEFAULT_PORT_FILE") | cut -d"=" -f2-)"
+  fi
+
+  if [ -s "$PORTFILE" ]; then
+    # -s: FILE exists and has a size greater than zero
+    ftl_api_port=$(cat "${PORTFILE}")
+    # Exploit prevention: unset the variable if there is malicious content
+    # Verify that the value read from the file is numeric
+    expr "$ftl_api_port" : "[^[:digit:]]" > /dev/null && unset ftl_api_port
+  fi
+
+  # echo the port found in the portfile or default to the default port
+  echo "${ftl_api_port:=$DEFAULT_FTL_PORT}"
+}
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 # shellcheck disable=SC1090
+# shellcheck disable=SC2154
+

 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
@@ -22,10 +24,13 @@ readonly gravityDBfile="/etc/pihole/gravity.db"

 # Source install script for ${setupVars}, ${PI_HOLE_BIN_DIR} and valid_ip()
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-# shellcheck disable=SC2034  # used in basic-install
-PH_TEST="true"
+# shellcheck disable=SC2034  # used in basic-install to source the script without running it
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"

+utilsfile="/opt/pihole/utils.sh"
+source "${utilsfile}"
+
 coltable="/opt/pihole/COL_TABLE"
 if [[ -f ${coltable} ]]; then
    source ${coltable}
@@ -51,45 +56,39 @@ Options:
 }

 add_setting() {
-    echo "${1}=${2}" >> "${setupVars}"
+    addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
 }

 delete_setting() {
-    sed -i "/^${1}/d" "${setupVars}"
+    removeKey "${setupVars}" "${1}"
 }

 change_setting() {
-    delete_setting "${1}"
-    add_setting "${1}" "${2}"
+    addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
 }

 addFTLsetting() {
-    echo "${1}=${2}" >> "${FTLconf}"
+    addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
 }

 deleteFTLsetting() {
-    sed -i "/^${1}/d" "${FTLconf}"
+    removeKey "${FTLconf}" "${1}"
 }

 changeFTLsetting() {
-    deleteFTLsetting "${1}"
-    addFTLsetting "${1}" "${2}"
+    addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
 }

 add_dnsmasq_setting() {
-    if [[ "${2}" != "" ]]; then
-        echo "${1}=${2}" >> "${dnsmasqconfig}"
-    else
-        echo "${1}" >> "${dnsmasqconfig}"
-    fi
+    addOrEditKeyValPair "${dnsmasqconfig}" "${1}" "${2}"
 }

 delete_dnsmasq_setting() {
-    sed -i "/^${1}/d" "${dnsmasqconfig}"
+    removeKey "${dnsmasqconfig}" "${1}"
 }

 SetTemperatureUnit() {
-    change_setting "TEMPERATUREUNIT" "${unit}"
+    addOrEditKeyValPair "${setupVars}" "TEMPERATUREUNIT" "${unit}"
    echo -e "  ${TICK} Set temperature unit to ${unit}"
 }

@@ -124,7 +123,7 @@ SetWebPassword() {
        echo ""

        if [ "${PASSWORD}" == "" ]; then
-            change_setting "WEBPASSWORD" ""
+            addOrEditKeyValPair "${setupVars}" "WEBPASSWORD" ""
            echo -e "  ${TICK} Password Removed"
            exit 0
        fi
@@ -137,7 +136,7 @@ SetWebPassword() {
        # We do not wrap this in brackets, otherwise BASH will expand any appropriate syntax
        hash=$(HashPassword "$PASSWORD")
        # Save hash to file
-        change_setting "WEBPASSWORD" "${hash}"
+        addOrEditKeyValPair "${setupVars}" "WEBPASSWORD" "${hash}"
        echo -e "  ${TICK} New password set"
    else
        echo -e "  ${CROSS} Passwords don't match. Your password has not been changed"
@@ -148,7 +147,7 @@ SetWebPassword() {
 ProcessDNSSettings() {
    source "${setupVars}"

-    delete_dnsmasq_setting "server"
+    removeKey "${dnsmasqconfig}" "server"

    COUNTER=1
    while true ; do
@@ -156,34 +155,34 @@ ProcessDNSSettings() {
        if [ -z "${!var}" ]; then
            break;
        fi
-        add_dnsmasq_setting "server" "${!var}"
+        addKey "${dnsmasqconfig}" "server=${!var}"
        (( COUNTER++ ))
    done

    # The option LOCAL_DNS_PORT is deprecated
    # We apply it once more, and then convert it into the current format
    if [ -n "${LOCAL_DNS_PORT}" ]; then
-        add_dnsmasq_setting "server" "127.0.0.1#${LOCAL_DNS_PORT}"
-        add_setting "PIHOLE_DNS_${COUNTER}" "127.0.0.1#${LOCAL_DNS_PORT}"
-        delete_setting "LOCAL_DNS_PORT"
+        addOrEditKeyValPair "${dnsmasqconfig}" "server" "127.0.0.1#${LOCAL_DNS_PORT}"
+        addOrEditKeyValPair "${setupVars}" "PIHOLE_DNS_${COUNTER}" "127.0.0.1#${LOCAL_DNS_PORT}"
+        removeKey "${setupVars}" "LOCAL_DNS_PORT"
    fi

-    delete_dnsmasq_setting "domain-needed"
-    delete_dnsmasq_setting "expand-hosts"
+    removeKey "${dnsmasqconfig}" "domain-needed"
+    removeKey "${dnsmasqconfig}" "expand-hosts"

    if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
-        add_dnsmasq_setting "domain-needed"
-        add_dnsmasq_setting "expand-hosts"
+        addKey "${dnsmasqconfig}" "domain-needed"
+        addKey "${dnsmasqconfig}" "expand-hosts"
    fi

-    delete_dnsmasq_setting "bogus-priv"
+    removeKey "${dnsmasqconfig}" "bogus-priv"

    if [[ "${DNS_BOGUS_PRIV}" == true ]]; then
-        add_dnsmasq_setting "bogus-priv"
+        addKey "${dnsmasqconfig}" "bogus-priv"
    fi

-    delete_dnsmasq_setting "dnssec"
-    delete_dnsmasq_setting "trust-anchor="
+    removeKey "${dnsmasqconfig}" "dnssec"
+    removeKey "${dnsmasqconfig}" "trust-anchor"

    if [[ "${DNSSEC}" == true ]]; then
        echo "dnssec
@@ -191,24 +190,24 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
 " >> "${dnsmasqconfig}"
    fi

-    delete_dnsmasq_setting "host-record"
+    removeKey "${dnsmasqconfig}" "host-record"

    if [ -n "${HOSTRECORD}" ]; then
-        add_dnsmasq_setting "host-record" "${HOSTRECORD}"
+        addOrEditKeyValPair "${dnsmasqconfig}" "host-record" "${HOSTRECORD}"
    fi

    # Setup interface listening behavior of dnsmasq
-    delete_dnsmasq_setting "interface"
-    delete_dnsmasq_setting "local-service"
-    delete_dnsmasq_setting "except-interface"
-    delete_dnsmasq_setting "bind-interfaces"
+    removeKey "${dnsmasqconfig}" "interface"
+    removeKey "${dnsmasqconfig}" "local-service"
+    removeKey "${dnsmasqconfig}" "except-interface"
+    removeKey "${dnsmasqconfig}" "bind-interfaces"

    if [[ "${DNSMASQ_LISTENING}" == "all" ]]; then
        # Listen on all interfaces, permit all origins
-        add_dnsmasq_setting "except-interface" "nonexisting"
+        addOrEditKeyValPair "${dnsmasqconfig}" "except-interface" "nonexisting"
    elif [[ "${DNSMASQ_LISTENING}" == "local" ]]; then
        # Listen only on all interfaces, but only local subnets
-        add_dnsmasq_setting "local-service"
+        addKey "${dnsmasqconfig}" "local-service"
    else
        # Options "bind" and "single"
        # Listen only on one interface
@@ -217,30 +216,30 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
            PIHOLE_INTERFACE="eth0"
        fi

-        add_dnsmasq_setting "interface" "${PIHOLE_INTERFACE}"
+        addOrEditKeyValPair "${dnsmasqconfig}" "interface" "${PIHOLE_INTERFACE}"

        if [[ "${DNSMASQ_LISTENING}" == "bind" ]]; then
            # Really bind to interface
-            add_dnsmasq_setting "bind-interfaces"
+            addKey "${dnsmasqconfig}" "bind-interfaces"
        fi
    fi

    if [[ "${CONDITIONAL_FORWARDING}" == true ]]; then
        # Convert legacy "conditional forwarding" to rev-server configuration
        # Remove any existing REV_SERVER settings
-        delete_setting "REV_SERVER"
-        delete_setting "REV_SERVER_DOMAIN"
-        delete_setting "REV_SERVER_TARGET"
-        delete_setting "REV_SERVER_CIDR"
+        removeKey "${setupVars}" "REV_SERVER"
+        removeKey "${setupVars}" "REV_SERVER_DOMAIN"
+        removeKey "${setupVars}" "REV_SERVER_TARGET"
+        removeKey "${setupVars}" "REV_SERVER_CIDR"

        REV_SERVER=true
-        add_setting "REV_SERVER" "true"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "true"

        REV_SERVER_DOMAIN="${CONDITIONAL_FORWARDING_DOMAIN}"
-        add_setting "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}"

        REV_SERVER_TARGET="${CONDITIONAL_FORWARDING_IP}"
-        add_setting "REV_SERVER_TARGET" "${REV_SERVER_TARGET}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_TARGET" "${REV_SERVER_TARGET}"

        #Convert CONDITIONAL_FORWARDING_REVERSE if necessary e.g:
        #          1.1.168.192.in-addr.arpa to 192.168.1.1/32
@@ -267,28 +266,28 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
            # shellcheck disable=2001
            REV_SERVER_CIDR="$(sed "s+\\.[0-9]*$+\\.0/24+" <<< "${REV_SERVER_TARGET}")"
        fi
-        add_setting "REV_SERVER_CIDR" "${REV_SERVER_CIDR}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_CIDR" "${REV_SERVER_CIDR}"

        # Remove obsolete settings from setupVars.conf
-        delete_setting "CONDITIONAL_FORWARDING"
-        delete_setting "CONDITIONAL_FORWARDING_REVERSE"
-        delete_setting "CONDITIONAL_FORWARDING_DOMAIN"
-        delete_setting "CONDITIONAL_FORWARDING_IP"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_REVERSE"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_DOMAIN"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_IP"
    fi

-    delete_dnsmasq_setting "rev-server"
+    removeKey "${dnsmasqconfig}" "rev-server"

    if [[ "${REV_SERVER}" == true ]]; then
-        add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}"
+        addKey "${dnsmasqconfig}" "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}"
        if [ -n "${REV_SERVER_DOMAIN}" ]; then
            # Forward local domain names to the CF target, too
-            add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}"
+            addKey "${dnsmasqconfig}" "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}"
        fi

        if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then
            # Forward unqualified names to the CF target only when the "never
            # forward non-FQDN" option is unticked
-            add_dnsmasq_setting "server=//${REV_SERVER_TARGET}"
+            addKey "${dnsmasqconfig}" "server=//${REV_SERVER_TARGET}"
        fi

    fi
@@ -297,13 +296,13 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
    # changes in the non-FQDN forwarding. This cannot be done in 01-pihole.conf
    # as we don't want to delete all local=/.../ lines so it's much safer to
    # simply rewrite the entire corresponding config file (which is what the
-    # DHCP settings subroutie is doing)
+    # DHCP settings subroutine is doing)
    ProcessDHCPSettings
 }

 SetDNSServers() {
    # Save setting to file
-    delete_setting "PIHOLE_DNS"
+    removeKey "${setupVars}" "PIHOLE_DNS"
    IFS=',' read -r -a array <<< "${args[2]}"
    for index in "${!array[@]}"
    do
@@ -312,7 +311,7 @@ SetDNSServers() {
        ip="${array[index]//\\#/#}"

        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
-            add_setting "PIHOLE_DNS_$((index+1))" "${ip}"
+            addOrEditKeyValPair "${setupVars}" "PIHOLE_DNS_$((index+1))" "${ip}"
        else
            echo -e "  ${CROSS} Invalid IP has been passed"
            exit 1
@@ -320,30 +319,30 @@ SetDNSServers() {
    done

    if [[ "${args[3]}" == "domain-needed" ]]; then
-        change_setting "DNS_FQDN_REQUIRED" "true"
+        addOrEditKeyValPair "${setupVars}" "DNS_FQDN_REQUIRED" "true"
    else
-        change_setting "DNS_FQDN_REQUIRED" "false"
+        addOrEditKeyValPair "${setupVars}" "DNS_FQDN_REQUIRED" "false"
    fi

    if [[ "${args[4]}" == "bogus-priv" ]]; then
-        change_setting "DNS_BOGUS_PRIV" "true"
+        addOrEditKeyValPair "${setupVars}" "DNS_BOGUS_PRIV" "true"
    else
-        change_setting "DNS_BOGUS_PRIV" "false"
+        addOrEditKeyValPair "${setupVars}" "DNS_BOGUS_PRIV" "false"
    fi

    if [[ "${args[5]}" == "dnssec" ]]; then
-        change_setting "DNSSEC" "true"
+        addOrEditKeyValPair "${setupVars}" "DNSSEC" "true"
    else
-        change_setting "DNSSEC" "false"
+        addOrEditKeyValPair "${setupVars}" "DNSSEC" "false"
    fi

    if [[ "${args[6]}" == "rev-server" ]]; then
-        change_setting "REV_SERVER" "true"
-        change_setting "REV_SERVER_CIDR" "${args[7]}"
-        change_setting "REV_SERVER_TARGET" "${args[8]}"
-        change_setting "REV_SERVER_DOMAIN" "${args[9]}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "true"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_CIDR" "${args[7]}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_TARGET" "${args[8]}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_DOMAIN" "${args[9]}"
    else
-        change_setting "REV_SERVER" "false"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "false"
    fi

    ProcessDNSSettings
@@ -353,11 +352,11 @@ SetDNSServers() {
 }

 SetExcludeDomains() {
-    change_setting "API_EXCLUDE_DOMAINS" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "API_EXCLUDE_DOMAINS" "${args[2]}"
 }

 SetExcludeClients() {
-    change_setting "API_EXCLUDE_CLIENTS" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "API_EXCLUDE_CLIENTS" "${args[2]}"
 }

 Poweroff(){
@@ -373,7 +372,7 @@ RestartDNS() {
 }

 SetQueryLogOptions() {
-    change_setting "API_QUERY_LOG_SHOW" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "API_QUERY_LOG_SHOW" "${args[2]}"
 }

 ProcessDHCPSettings() {
@@ -389,19 +388,19 @@ ProcessDHCPSettings() {

        if [[ "${PIHOLE_DOMAIN}" == "" ]]; then
            PIHOLE_DOMAIN="lan"
-            change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
+            addOrEditKeyValPair "${setupVars}" "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
        fi

        if [[ "${DHCP_LEASETIME}" == "0" ]]; then
            leasetime="infinite"
        elif [[ "${DHCP_LEASETIME}" == "" ]]; then
            leasetime="24"
-            change_setting "DHCP_LEASETIME" "${leasetime}"
+            addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${leasetime}"
        elif [[ "${DHCP_LEASETIME}" == "24h" ]]; then
            #Installation is affected by known bug, introduced in a previous version.
            #This will automatically clean up setupVars.conf and remove the unnecessary "h"
            leasetime="24"
-            change_setting "DHCP_LEASETIME" "${leasetime}"
+            addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${leasetime}"
        else
            leasetime="${DHCP_LEASETIME}h"
        fi
@@ -441,8 +440,8 @@ dhcp-leasefile=/etc/pihole/dhcp.leases
            echo "#quiet-dhcp6
 #enable-ra
 dhcp-option=option6:dns-server,[::]
-dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600
-ra-param=*,0,0
+dhcp-range=::,constructor:${interface},ra-names,ra-stateless,64
+
 " >> "${dhcpconfig}"
        fi

@@ -454,24 +453,24 @@ ra-param=*,0,0
 }

 EnableDHCP() {
-    change_setting "DHCP_ACTIVE" "true"
-    change_setting "DHCP_START" "${args[2]}"
-    change_setting "DHCP_END" "${args[3]}"
-    change_setting "DHCP_ROUTER" "${args[4]}"
-    change_setting "DHCP_LEASETIME" "${args[5]}"
-    change_setting "PIHOLE_DOMAIN" "${args[6]}"
-    change_setting "DHCP_IPv6" "${args[7]}"
-    change_setting "DHCP_rapid_commit" "${args[8]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_ACTIVE" "true"
+    addOrEditKeyValPair "${setupVars}" "DHCP_START" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_END" "${args[3]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_ROUTER" "${args[4]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${args[5]}"
+    addOrEditKeyValPair "${setupVars}" "PIHOLE_DOMAIN" "${args[6]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_IPv6" "${args[7]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_rapid_commit" "${args[8]}"

    # Remove possible old setting from file
-    delete_dnsmasq_setting "dhcp-"
-    delete_dnsmasq_setting "quiet-dhcp"
+    removeKey "${dnsmasqconfig}" "dhcp-"
+    removeKey "${dnsmasqconfig}" "quiet-dhcp"

    # If a DHCP client claims that its name is "wpad", ignore that.
    # This fixes a security hole. see CERT Vulnerability VU#598349
    # We also ignore "localhost" as Windows behaves strangely if a
    # device claims this host name
-    add_dnsmasq_setting "dhcp-name-match=set:hostname-ignore,wpad
+    addKey "${dnsmasqconfig}" "dhcp-name-match=set:hostname-ignore,wpad
 dhcp-name-match=set:hostname-ignore,localhost
 dhcp-ignore-names=tag:hostname-ignore"

@@ -481,11 +480,11 @@ dhcp-ignore-names=tag:hostname-ignore"
 }

 DisableDHCP() {
-    change_setting "DHCP_ACTIVE" "false"
+    addOrEditKeyValPair "${setupVars}" "DHCP_ACTIVE" "false"

    # Remove possible old setting from file
-    delete_dnsmasq_setting "dhcp-"
-    delete_dnsmasq_setting "quiet-dhcp"
+    removeKey "${dnsmasqconfig}" "dhcp-"
+    removeKey "${dnsmasqconfig}" "quiet-dhcp"

    ProcessDHCPSettings

@@ -493,11 +492,11 @@ DisableDHCP() {
 }

 SetWebUILayout() {
-    change_setting "WEBUIBOXEDLAYOUT" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "WEBUIBOXEDLAYOUT" "${args[2]}"
 }

 SetWebUITheme() {
-    change_setting "WEBTHEME" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "WEBTHEME" "${args[2]}"
 }

 CheckUrl(){
@@ -592,10 +591,10 @@ Options:
            exit 0
        fi

-        change_setting "ADMIN_EMAIL" "${args[2]}"
+        addOrEditKeyValPair "${setupVars}" "ADMIN_EMAIL" "${args[2]}"
        echo -e "  ${TICK} Setting admin contact to ${args[2]}"
    else
-        change_setting "ADMIN_EMAIL" ""
+        addOrEditKeyValPair "${setupVars}" "ADMIN_EMAIL" ""
        echo -e "  ${TICK} Removing admin contact"
    fi
 }
@@ -619,16 +618,16 @@ Interfaces:

    if [[ "${args[2]}" == "all" ]]; then
        echo -e "  ${INFO} Listening on all interfaces, permitting all origins. Please use a firewall!"
-        change_setting "DNSMASQ_LISTENING" "all"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "all"
    elif [[ "${args[2]}" == "local" ]]; then
        echo -e "  ${INFO} Listening on all interfaces, permitting origins from one hop away (LAN)"
-        change_setting "DNSMASQ_LISTENING" "local"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "local"
    elif [[ "${args[2]}" == "bind" ]]; then
        echo -e "  ${INFO} Binding on interface ${PIHOLE_INTERFACE}"
-        change_setting "DNSMASQ_LISTENING" "bind"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "bind"
    else
        echo -e "  ${INFO} Listening only on interface ${PIHOLE_INTERFACE}"
-        change_setting "DNSMASQ_LISTENING" "single"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "single"
    fi

    # Don't restart DNS server yet because other settings
@@ -651,7 +650,8 @@ Teleporter() {
        host="${host//./_}"
        filename="pi-hole-${host:-noname}-teleporter_${datetimestamp}.tar.gz"
    fi
-    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "${filename}"
+    # webroot is sourced from basic-install above
+    php "${webroot}/admin/scripts/pi-hole/php/teleporter.php" > "${filename}"
 }

 checkDomain()
@@ -698,7 +698,7 @@ clearAudit()
 SetPrivacyLevel() {
    # Set privacy level. Minimum is 0, maximum is 3
    if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then
-        changeFTLsetting "PRIVACYLEVEL" "${args[2]}"
+        addOrEditKeyValPair "${FTLconf}" "PRIVACYLEVEL" "${args[2]}"
        pihole restartdns reload-lists
    fi
 }
@@ -808,6 +808,23 @@ RemoveCustomCNAMERecord() {
    fi
 }

+SetRateLimit() {
+    local rate_limit_count rate_limit_interval reload
+    rate_limit_count="${args[2]}"
+    rate_limit_interval="${args[3]}"
+    reload="${args[4]}"
+
+    # Set rate-limit setting inf valid
+    if [ "${rate_limit_count}" -ge 0 ] && [ "${rate_limit_interval}" -ge 0 ]; then
+        addOrEditKeyValPair "${FTLconf}" "RATE_LIMIT" "${rate_limit_count}/${rate_limit_interval}"
+    fi
+
+    # Restart FTL to update rate-limit settings only if $reload not false
+    if [[ ! $reload == "false" ]]; then
+        RestartDNS
+    fi
+}
+
 main() {
    args=("$@")

@@ -841,6 +858,7 @@ main() {
        "removecustomdns"     ) RemoveCustomDNSAddress;;
        "addcustomcname"      ) AddCustomCNAMERecord;;
        "removecustomcname"   ) RemoveCustomCNAMERecord;;
+        "ratelimit"           ) SetRateLimit;;
        *                     ) helpFunc;;
    esac

--- a/advanced/Templates/logrotate
+++ b/advanced/Templates/logrotate
@@ -1,4 +1,4 @@
-/var/log/pihole.log {
+/var/log/pihole/pihole.log {
 	# su #
 	daily
 	copytruncate
@@ -9,7 +9,7 @@
 	nomail
 }

-/var/log/pihole-FTL.log {
+/var/log/pihole/FTL.log {
 	# su #
 	weekly
 	copytruncate
--- a/advanced/Templates/pihole-FTL.service
+++ b/advanced/Templates/pihole-FTL.service
@@ -9,8 +9,55 @@
 # Description:       Enable service provided by pihole-FTL daemon
 ### END INIT INFO

+# Global variables
+FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
+DEFAULT_PID_FILE="/run/pihole-FTL.pid"
+DEFAULT_PORT_FILE="/run/pihole-FTL.port"
+FTL_PID=''
+
+# Get the file path of the pihole-FTL.pid file
+getFTLPIDFile() {
+  if [ -s "${FTLCONFFILE}" ]; then
+    # if PIDFILE is not set in pihole-FTL.conf, use the default path
+    FTL_PID_FILE="$({ grep '^PIDFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PID_FILE}"; } | cut -d'=' -f2-)"
+  else
+    # if there is no pihole-FTL.conf, use the default path
+    FTL_PID_FILE="${DEFAULT_PID_FILE}"
+  fi
+}
+
+# Get the PID of the FTL process based on the content of the pihole-FTL.pid file
+getFTLPID() {
+  if [ -s "${FTL_PID_FILE}" ]; then
+    # -s: FILE exists and has a size greater than zero
+    FTL_PID="$(cat "${FTL_PID_FILE}")"
+    # Exploit prevention: unset the variable if there is malicious content
+    # Verify that the value read from the file is numeric
+    expr "${FTL_PID}" : "[^[:digit:]]" > /dev/null && unset FTL_PID
+  fi
+
+  # If FTL is not running, or the PID file contains malicious stuff, substitute
+  # negative PID to signal this
+  FTL_PID=${FTL_PID:=-1}
+}
+
+# Get the file path of the pihole-FTL.port file
+getFTLPortFile() {
+  if [ -s "${FTLCONFFILE}" ]; then
+    # if PORTFILE is not set in pihole-FTL.conf, use the default path
+    FTL_PORT_FILE="$({ grep '^PORTFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PORT_FILE}"; } | cut -d'=' -f2-)"
+  else
+    # if there is no pihole-FTL.conf, use the default path
+    FTL_PORT_FILE="${DEFAULT_PORT_FILE}"
+fi
+}
+
+
 is_running() {
-  pgrep -xo "pihole-FTL" > /dev/null
+  if [ -d "/proc/${FTL_PID}" ]; then
+    return 0
+  fi
+  return 1
 }


@@ -20,17 +67,34 @@ start() {
    echo "pihole-FTL is already running"
  else
    # Touch files to ensure they exist (create if non-existing, preserve if existing)
-    mkdir -pm 0755 /run/pihole
-    touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
+    mkdir -pm 0755 /run/pihole /var/log/pihole
+    [ ! -f "${FTL_PID_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
+    [ ! -f "${FTL_PORT_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}"
+    [ ! -f /var/log/pihole/FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
+    [ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
+    [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
    # Ensure that permissions are set so that pihole-FTL can edit all necessary files
-    chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole
-    chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
+    chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
    # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
-    chmod -f 0644 /etc/pihole/macvendor.db
+    chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/FTL.log
+    chmod -f 0640 /var/log/pihole/pihole.log
    # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
    chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
    # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
    chmod -f 0664 /etc/pihole/pihole-FTL.db
+
+    # Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/
+    # Should be removed with Pi-hole v6.0
+    if [ ! -f /var/log/pihole.log ]; then
+        ln -s /var/log/pihole/pihole.log /var/log/pihole.log
+        chown -h pihole:pihole /var/log/pihole.log
+
+    fi
+    if [ ! -f /var/log/pihole-FTL.log ]; then
+        ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log
+        chown -h pihole:pihole /var/log/pihole-FTL.log
+    fi
+
    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
      su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
    else
@@ -44,7 +108,7 @@ start() {
 # Stop the service
 stop() {
  if is_running; then
-    pkill -xo "pihole-FTL"
+    kill "${FTL_PID}"
    for i in 1 2 3 4 5; do
      if ! is_running; then
        break
@@ -57,8 +121,7 @@ stop() {

    if is_running; then
      echo "Not stopped; may still be shutting down or shutdown may have failed, killing now"
-      pkill -xo -9 "pihole-FTL"
-      exit 1
+      kill -9 "${FTL_PID}"
    else
      echo "Stopped"
    fi
@@ -66,7 +129,7 @@ stop() {
    echo "Not running"
  fi
  # Cleanup
-  rm -f /run/pihole/FTL.sock /dev/shm/FTL-*
+  rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}" "${FTL_PORT_FILE}"
  echo
 }

@@ -83,6 +146,14 @@ status() {


 ### main logic ###
+
+# Get file paths
+getFTLPIDFile
+getFTLPortFile
+
+# Get FTL's current PID
+getFTLPID
+
 case "$1" in
  stop)
        stop
--- a/advanced/Templates/pihole.cron
+++ b/advanced/Templates/pihole.cron
@@ -18,7 +18,7 @@
 #          early morning. Download any updates from the adlists
 #          Squash output to log, then splat the log to stdout on error to allow for
 #          standard crontab job error handling.
-59 1    * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
+59 1    * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole/pihole_updateGravity.log || cat /var/log/pihole/pihole_updateGravity.log

 # Pi-hole: Flush the log daily at 00:00
 #          The flush script will use logrotate if available
--- a/advanced/dnsmasq.conf.original
+++ b/advanced/dnsmasq.conf.original
@@ -507,7 +507,7 @@
 # (using /etc/hosts) then that name can be specified as the
 # tftp_servername (the third option to dhcp-boot) and in that
 # case dnsmasq resolves this name and returns the resultant IP
-# addresses in round robin fasion. This facility can be used to
+# addresses in round robin fashion. This facility can be used to
 # load balance the tftp load among a set of servers.
 #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name

--- a/advanced/index.php
+++ b/advanced/index.php
@@ -164,13 +164,35 @@ ini_set("default_socket_timeout", 3);
 function queryAds($serverName) {
    // Determine the time it takes while querying adlists
    $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
+
+    // Determine which protocol should be used
+    $protocol = "http";
+    if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ||
+        (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] === 'https') ||
+        (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+    ) {
+        $protocol = "https";
+    }
+
+    // Format the URL
    $queryAdsURL = sprintf(
-        "http://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp",
+        "%s://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp",
+        $protocol,
        $_SERVER["SERVER_PORT"],
        $serverName
    );
-    $queryAds = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
-    $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds)));
+
+    // Request the file and receive the response
+    $queryAdsFile = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
+
+    // $queryAdsFile must be an array (to avoid PHP 8.0+ error)
+    if (is_array($queryAdsFile)) {
+        $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAdsFile)));
+    } else {
+        // if not an array, return an error message
+        return array("0" => "error", "1" => "<br>(".gettype($queryAdsFile).")<br>".print_r($queryAdsFile, true));
+    }
+
    $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime);

    // Exception Handling
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -28,14 +28,19 @@ server.modules = (
 server.document-root        = "/var/www/html"
 server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
+server.errorlog             = "/var/log/lighttpd/error-pihole.log"
 server.pid-file             = "/run/lighttpd.pid"
 server.username             = "www-data"
 server.groupname            = "www-data"
 server.port                 = 80
-accesslog.filename          = "/var/log/lighttpd/access.log"
+accesslog.filename          = "/var/log/lighttpd/access-pihole.log"
 accesslog.format            = "%{%s}t|%V|%r|%s|%b"

+# Allow streaming response
+# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
+server.stream-response-body = 1
+#ssl.read-ahead              = "disable"
+
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
 url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -29,14 +29,19 @@ server.modules = (
 server.document-root        = "/var/www/html"
 server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
+server.errorlog             = "/var/log/lighttpd/error-pihole.log"
 server.pid-file             = "/run/lighttpd.pid"
 server.username             = "lighttpd"
 server.groupname            = "lighttpd"
 server.port                 = 80
-accesslog.filename          = "/var/log/lighttpd/access.log"
+accesslog.filename          = "/var/log/lighttpd/access-pihole.log"
 accesslog.format            = "%{%s}t|%V|%r|%s|%b"

+# Allow streaming response
+# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
+server.stream-response-body = 1
+#ssl.read-ahead              = "disable"
+
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
 url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
--- a/install/basic-install.sh
+++ b/install/basic-install.sh
--- a/install/uninstall.sh
+++ b/install/uninstall.sh
@@ -11,10 +11,9 @@
 source "/opt/pihole/COL_TABLE"

 while true; do
-    read -rp "  ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " yn
-    case ${yn} in
+    read -rp "  ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " answer
+    case ${answer} in
        [Yy]* ) break;;
-        [Nn]* ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
        * ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
    esac
 done
@@ -37,7 +36,7 @@ else
 fi

 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-PH_TEST="true"
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 # setupVars set in basic-install.sh
 source "${setupVars}"
@@ -76,8 +75,8 @@ removeAndPurge() {
    for i in "${DEPS[@]}"; do
        if package_check "${i}" > /dev/null; then
            while true; do
-                read -rp "  ${QST} Do you wish to remove ${COL_WHITE}${i}${COL_NC} from your system? [Y/N] " yn
-                case ${yn} in
+                read -rp "  ${QST} Do you wish to remove ${COL_WHITE}${i}${COL_NC} from your system? [Y/N] " answer
+                case ${answer} in
                    [Yy]* )
                        echo -ne "  ${INFO} Removing ${i}...";
                        ${SUDO} "${PKG_REMOVE[@]}" "${i}" &> /dev/null;
@@ -147,6 +146,7 @@ removeNoPurge() {
    ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null
    ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null
    ${SUDO} rm -rf /var/log/*pihole* &> /dev/null
+    ${SUDO} rm -rf /var/log/pihole/*pihole* &> /dev/null
    ${SUDO} rm -rf /etc/pihole/ &> /dev/null
    ${SUDO} rm -rf /etc/.pihole/ &> /dev/null
    ${SUDO} rm -rf /opt/pihole/ &> /dev/null
@@ -215,8 +215,8 @@ while true; do
        echo -n "${i} "
    done
    echo "${COL_NC}"
-    read -rp "  ${QST} Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] " yn
-    case ${yn} in
+    read -rp "  ${QST} Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] " answer
+    case ${answer} in
        [Yy]* ) removeAndPurge; break;;
        [Nn]* ) removeNoPurge; break;;
        * ) removeAndPurge; break;;
--- a/gravity.sh
+++ b/gravity.sh
@@ -527,8 +527,9 @@ parseList() {
  # This sed does the following things:
  # 1. Remove all domains containing invalid characters. Valid are: a-z, A-Z, 0-9, dot (.), minus (-), underscore (_)
  # 2. Append ,adlistID to every line
-  # 3. Ensures there is a newline on the last line
-  sed -e "/[^a-zA-Z0-9.\_-]/d;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}"
+  # 3. Remove trailing period (see https://github.com/pi-hole/pi-hole/issues/4701)
+  # 4. Ensures there is a newline on the last line
+  sed -e "/[^a-zA-Z0-9.\_-]/d;s/\.$//;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}"
  # Find (up to) five domains containing invalid characters (see above)
  incorrect_lines="$(sed -e "/[^a-zA-Z0-9.\_-]/!d" "${src}" | head -n 5)"

@@ -539,7 +540,7 @@ parseList() {
  num_target_lines_new="$(grep -c "^" "${target}")"
  # Number of new correctly added lines
  num_correct_lines="$(( num_target_lines_new-num_target_lines ))"
-  # Upate number of lines in target file
+  # Update number of lines in target file
  num_target_lines="$num_target_lines_new"
  num_invalid="$(( num_source_lines-num_correct_lines ))"
  if [[ "${num_invalid}" -eq 0 ]]; then
--- a/manpages/pihole.8
+++ b/manpages/pihole.8
@@ -187,12 +187,12 @@ Available commands and options:

 	(Logging options):
 .br
-      on                Enable the Pi-hole log at /var/log/pihole.log
+      on                Enable the Pi-hole log at /var/log/pihole/pihole.log
 .br
      off               Disable and flush the Pi-hole log at
-                        /var/log/pihole.log
+                        /var/log/pihole/pihole.log
 .br
-      off noflush       Disable the Pi-hole log at /var/log/pihole.log
+      off noflush       Disable the Pi-hole log at /var/log/pihole/pihole.log
 .br

 \fB-up, updatePihole\fR [--check-only]
--- a/71
+++ b/71
@@ -21,7 +21,7 @@ readonly FTL_PID_FILE="/run/pihole-FTL.pid"
 readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
 source "${colfile}"

-readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 source "${utilsfile}"

 webpageFunc() {
@@ -226,7 +226,7 @@ Time:
      fi

      local str="Pi-hole Disabled"
-      addOrEditKeyValPair "BLOCKING_ENABLED" "false" "${setupVars}"
+      addOrEditKeyValPair "${setupVars}" "BLOCKING_ENABLED" "false"
    fi
  else
    # Enable Pi-hole
@@ -238,7 +238,7 @@ Time:
    echo -e "  ${INFO} Enabling blocking"
    local str="Pi-hole Enabled"

-    addOrEditKeyValPair "BLOCKING_ENABLED" "true" "${setupVars}"
+    addOrEditKeyValPair "${setupVars}" "BLOCKING_ENABLED" "true"
  fi

  restartDNS reload-lists
@@ -254,14 +254,14 @@ Example: 'pihole logging on'
 Specify whether the Pi-hole log should be used

 Options:
-  on                  Enable the Pi-hole log at /var/log/pihole.log
-  off                 Disable and flush the Pi-hole log at /var/log/pihole.log
-  off noflush         Disable the Pi-hole log at /var/log/pihole.log"
+  on                  Enable the Pi-hole log at /var/log/pihole/pihole.log
+  off                 Disable and flush the Pi-hole log at /var/log/pihole/pihole.log
+  off noflush         Disable the Pi-hole log at /var/log/pihole/pihole.log"
    exit 0
  elif [[ "${1}" == "off" ]]; then
    # Disable logging
-    sed -i 's/^log-queries/#log-queries/' /etc/dnsmasq.d/01-pihole.conf
-    addOrEditKeyValPair "QUERY_LOGGING" "false" "${setupVars}"
+    removeKey /etc/dnsmasq.d/01-pihole.conf "log-queries"
+    addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "false"
    if [[ "${2}" != "noflush" ]]; then
      # Flush logs
      "${PI_HOLE_BIN_DIR}"/pihole -f
@@ -270,8 +270,8 @@ Options:
    local str="Logging has been disabled!"
  elif [[ "${1}" == "on" ]]; then
    # Enable logging
-    sed -i 's/^#log-queries/log-queries/' /etc/dnsmasq.d/01-pihole.conf
-    addOrEditKeyValPair "QUERY_LOGGING" "true" "${setupVars}"
+    addKey /etc/dnsmasq.d/01-pihole.conf "log-queries"
+    addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "true"
    echo -e "  ${INFO} Enabling logging..."
    local str="Logging has been enabled!"
  else
@@ -316,9 +316,10 @@ analyze_ports() {

 statusFunc() {
  # Determine if there is pihole-FTL service is listening
-  local listening pid port
+  local pid port ftl_api_port

  pid="$(getFTLPID)"
+  ftl_api_port="$(getFTLAPIPort)"
  if [[ "$pid" -eq "-1" ]]; then
    case "${1}" in
      "web") echo "-1";;
@@ -326,8 +327,8 @@ statusFunc() {
    esac
    return 0
  else
-    #get the port pihole-FTL is listening on by using FTL's telnet API
-    port="$(echo ">dns-port >quit" | nc 127.0.0.1 4711)"
+    #get the DNS port pihole-FTL is listening on by using FTL's telnet API
+    port="$(echo ">dns-port >quit" | nc 127.0.0.1 "$ftl_api_port")"
    if [[ "${port}" == "0" ]]; then
      case "${1}" in
        "web") echo "-1";;
@@ -364,7 +365,7 @@ statusFunc() {
    # Enable blocking
    "${PI_HOLE_BIN_DIR}"/pihole enable
  fi
-
+exit 0
 }

 tailFunc() {
@@ -381,7 +382,7 @@ tailFunc() {
  # Color blocklist/blacklist/wildcard entries as red
  # Color A/AAAA/DHCP strings as white
  # Color everything else as gray
-  tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \
+  tail -f /var/log/pihole/pihole.log | grep --line-buffered "${1}" | sed -E \
    -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
    -e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \
    -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
@@ -495,8 +496,39 @@ if [[ $# = 0 ]]; then
  helpFunc
 fi

+# functions that do not require sudo power
 case "${1}" in
  "-h" | "help" | "--help"      ) helpFunc;;
+  "-v" | "version"              ) versionFunc "$@";;
+  "-c" | "chronometer"          ) chronometerFunc "$@";;
+  "-q" | "query"                ) queryFunc "$@";;
+  "status"                      ) statusFunc "$2";;
+
+  "tricorder"                   ) tricorderFunc;;
+
+  # we need to add all arguments that require sudo power to not trigger the * argument
+  "-w" | "whitelist"            ) ;;
+  "-b" | "blacklist"            ) ;;
+  "--wild" | "wildcard"         ) ;;
+  "--regex" | "regex"           ) ;;
+  "--white-regex" | "white-regex" ) ;;
+  "--white-wild" | "white-wild"   ) ;;
+  "-f" | "flush"                ) ;;
+  "-up" | "updatePihole"        ) ;;
+  "-r"  | "reconfigure"         ) ;;
+  "-g" | "updateGravity"        ) ;;
+  "-l" | "logging"              ) ;;
+  "uninstall"                   ) ;;
+  "enable"                      ) ;;
+  "disable"                     ) ;;
+  "-d" | "debug"                ) ;;
+  "restartdns"                  ) ;;
+  "-a" | "admin"                ) ;;
+  "checkout"                    ) ;;
+  "updatechecker"               ) ;;
+  "arpflush"                    ) ;;
+  "-t" | "tail"                 ) ;;
+  *                             ) helpFunc;;
 esac

 # Must be root to use this tool
@@ -523,21 +555,14 @@ case "${1}" in
  "-up" | "updatePihole"        ) updatePiholeFunc "$@";;
  "-r"  | "reconfigure"         ) reconfigurePiholeFunc;;
  "-g" | "updateGravity"        ) updateGravityFunc "$@";;
-  "-c" | "chronometer"          ) chronometerFunc "$@";;
-  "-h" | "help"                 ) helpFunc;;
-  "-v" | "version"              ) versionFunc "$@";;
-  "-q" | "query"                ) queryFunc "$@";;
  "-l" | "logging"              ) piholeLogging "$@";;
  "uninstall"                   ) uninstallFunc;;
  "enable"                      ) piholeEnable 1;;
  "disable"                     ) piholeEnable 0 "$2";;
-  "status"                      ) statusFunc "$2";;
  "restartdns"                  ) restartDNS "$2";;
  "-a" | "admin"                ) webpageFunc "$@";;
-  "-t" | "tail"                 ) tailFunc "$2";;
  "checkout"                    ) piholeCheckoutFunc "$@";;
-  "tricorder"                   ) tricorderFunc;;
  "updatechecker"               ) updateCheckFunc "$@";;
  "arpflush"                    ) arpFunc "$@";;
-  *                             ) helpFunc;;
+  "-t" | "tail"                 ) tailFunc "$2";;
 esac
--- a/test/_centos_7.Dockerfile
+++ b/test/_centos_7.Dockerfile
@@ -1,5 +1,5 @@
 FROM centos:7
-RUN yum install -y git
+RUN yum install -y dialog git python3

 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -9,10 +9,11 @@ ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR

+ADD test/centos7.epel.override /etc/yum/pluginconf.d/fastestmirror.conf
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_centos_8.Dockerfile
+++ b/test/_centos_8.Dockerfile
@@ -12,7 +12,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_debian_10.Dockerfile
+++ b/test/_debian_10.Dockerfile
@@ -11,7 +11,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_debian_11.Dockerfile
+++ b/test/_debian_11.Dockerfile
@@ -11,7 +11,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_fedora_33.Dockerfile
+++ b/test/_fedora_33.Dockerfile
@@ -1,18 +0,0 @@
-FROM fedora:33
-RUN dnf install -y git
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_fedora_34.Dockerfile
+++ b/test/_fedora_34.Dockerfile
@@ -12,7 +12,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_16.Dockerfile
+++ b/test/_ubuntu_16.Dockerfile
@@ -1,17 +0,0 @@
-FROM buildpack-deps:xenial-scm
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_18.Dockerfile
+++ b/test/_ubuntu_18.Dockerfile
@@ -11,7 +11,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_20.Dockerfile
+++ b/test/_ubuntu_20.Dockerfile
@@ -12,7 +12,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_21.Dockerfile
+++ b/test/_ubuntu_21.Dockerfile
@@ -1,4 +1,4 @@
-FROM buildpack-deps:hirsute-scm
+FROM buildpack-deps:impish-scm

 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -12,7 +12,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_22.Dockerfile
+++ b/test/_ubuntu_22.Dockerfile
@@ -1,4 +1,4 @@
-FROM buildpack-deps:stretch-scm
+FROM buildpack-deps:jammy-scm

 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -7,11 +7,12 @@ RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+ENV DEBIAN_FRONTEND=noninteractive

 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/centos7.epel.override
+++ b/test/centos7.epel.override
@@ -0,0 +1,7 @@
+[main]
+verbose = 0
+socket_timeout = 3
+enabled = 1
+hostfilepath = /var/cache/yum/timedhosts.txt
+maxhostfileage = 1
+exclude=.edu
--- a/test/test_any_automated_install.py
+++ b/test/test_any_automated_install.py
@@ -150,10 +150,10 @@ def get_directories_recursive(host, directory):

 def test_installPihole_fresh_install_readableFiles(host):
    '''
-    confirms all neccessary files are readable by pihole user
+    confirms all necessary files are readable by pihole user
    '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # dialog returns Cancel for user prompt
+    mock_command('dialog', {'*': ('', '0')}, host)
    # mock git pull
    mock_command_passthrough('git', {'pull': ('', '0')}, host)
    # mock systemctl to not start lighttpd and FTL
@@ -393,8 +393,8 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
        "127.0.0.1",
        # "pi.hole"
    ]
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # dialog returns Cancel for user prompt
+    mock_command('dialog', {'*': ('', '0')}, host)

    # mock git pull
    mock_command_passthrough('git', {'pull': ('', '0')}, host)
@@ -483,7 +483,6 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
        setup_var_file += "{}={}\n".format(k, v)
    setup_var_file += "INSTALL_WEB_SERVER=true\n"
    setup_var_file += "INSTALL_WEB_INTERFACE=true\n"
-    setup_var_file += "IPV4_ADDRESS=127.0.0.1\n"
    setup_var_file += "EOF\n"
    host.run(setup_var_file)
    installWeb = host.run('''
@@ -675,17 +674,10 @@ def test_FTL_detect_aarch64_no_errors(host):
    '''
    # mock uname to return aarch64 platform
    mock_command('uname', {'-m': ('aarch64', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
    # mock ldd to respond with aarch64 shared library
-    mock_command(
-        'ldd',
-        {
-            '/bin/ls': (
-                '/lib/ld-linux-aarch64.so.1',
-                '0'
-            )
-        },
-        host
-    )
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-aarch64.so.1', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -708,8 +700,10 @@ def test_FTL_detect_armv4t_no_errors(host):
    '''
    # mock uname to return armv4t platform
    mock_command('uname', {'-m': ('armv4t', '0')}, host)
-    # mock ldd to respond with ld-linux shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
+    # mock ldd to respond with armv4t shared library
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux.so.3', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -732,8 +726,10 @@ def test_FTL_detect_armv5te_no_errors(host):
    '''
    # mock uname to return armv5te platform
    mock_command('uname', {'-m': ('armv5te', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
    # mock ldd to respond with ld-linux shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, host)
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux.so.3', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -757,7 +753,9 @@ def test_FTL_detect_armv6l_no_errors(host):
    # mock uname to return armv6l platform
    mock_command('uname', {'-m': ('armv6l', '0')}, host)
    # mock ldd to respond with ld-linux-armhf shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-armhf.so.3', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -782,7 +780,9 @@ def test_FTL_detect_armv7l_no_errors(host):
    # mock uname to return armv7l platform
    mock_command('uname', {'-m': ('armv7l', '0')}, host)
    # mock ldd to respond with ld-linux-armhf shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-armhf.so.3', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -806,8 +806,10 @@ def test_FTL_detect_armv8a_no_errors(host):
    '''
    # mock uname to return armv8a platform
    mock_command('uname', {'-m': ('armv8a', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
    # mock ldd to respond with ld-linux-armhf shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host)
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-armhf.so.3', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -828,6 +830,8 @@ def test_FTL_detect_x86_64_no_errors(host):
    '''
    confirms only x86_64 package is downloaded for FTL engine
    '''
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -848,6 +852,8 @@ def test_FTL_detect_unknown_no_errors(host):
    ''' confirms only generic package is downloaded for FTL engine '''
    # mock uname to return generic platform
    mock_command('uname', {'-m': ('mips', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -864,8 +870,8 @@ def test_FTL_download_aarch64_no_errors(host):
    '''
    confirms only aarch64 package is downloaded for FTL engine
    '''
-    # mock whiptail answers and ensure installer dependencies
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # mock dialog answers and ensure installer dependencies
+    mock_command('dialog', {'*': ('', '0')}, host)
    host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
@@ -898,23 +904,6 @@ def test_FTL_binary_installed_and_responsive_no_errors(host):
    assert expected_stdout in installed_binary.stdout


-# def test_FTL_support_files_installed(host):
-#     '''
-#     confirms FTL support files are installed
-#     '''
-#     support_files = host.run('''
-#     source /opt/pihole/basic-install.sh
-#     FTLdetect
-#     stat -c '%a %n' /var/log/pihole-FTL.log
-#     stat -c '%a %n' /run/pihole-FTL.port
-#     stat -c '%a %n' /run/pihole-FTL.pid
-#     ls -lac /run
-#     ''')
-#     assert '644 /run/pihole-FTL.port' in support_files.stdout
-#     assert '644 /run/pihole-FTL.pid' in support_files.stdout
-#     assert '644 /var/log/pihole-FTL.log' in support_files.stdout
-
-
 def test_IPv6_only_link_local(host):
    '''
    confirms IPv6 blocking is disabled for Link-local address
@@ -1111,7 +1100,7 @@ def test_os_check_passes(host):

 def test_package_manager_has_installer_deps(host):
    ''' Confirms OS is able to install the required packages for the installer'''
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    mock_command('dialog', {'*': ('', '0')}, host)
    output = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
@@ -1124,7 +1113,7 @@ def test_package_manager_has_installer_deps(host):

 def test_package_manager_has_pihole_deps(host):
    ''' Confirms OS is able to install the required packages for Pi-hole '''
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    mock_command('dialog', {'*': ('', '0')}, host)
    output = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
@@ -1138,7 +1127,7 @@ def test_package_manager_has_pihole_deps(host):

 def test_package_manager_has_web_deps(host):
    ''' Confirms OS is able to install the required packages for web '''
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    mock_command('dialog', {'*': ('', '0')}, host)
    output = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
--- a/test/test_any_utils.py
+++ b/test/test_any_utils.py
@@ -1,16 +1,74 @@
 def test_key_val_replacement_works(host):
-    ''' Confirms addOrEditKeyValPair provides the expected output '''
+    ''' Confirms addOrEditKeyValPair either adds or replaces a key value pair in a given file '''
    host.run('''
-    setupvars=./testoutput
    source /opt/pihole/utils.sh
-    addOrEditKeyValPair "KEY_ONE" "value1" "./testoutput"
-    addOrEditKeyValPair "KEY_TWO" "value2" "./testoutput"
-    addOrEditKeyValPair "KEY_ONE" "value3" "./testoutput"
-    addOrEditKeyValPair "KEY_FOUR" "value4" "./testoutput"
-    cat ./testoutput
+    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
+    addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
+    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value3"
+    addOrEditKeyValPair "./testoutput" "KEY_FOUR" "value4"
    ''')
    output = host.run('''
    cat ./testoutput
    ''')
    expected_stdout = 'KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\n'
    assert expected_stdout == output.stdout
+
+
+def test_key_addition_works(host):
+    ''' Confirms addKey adds a key (no value) to a file without duplicating it '''
+    host.run('''
+    source /opt/pihole/utils.sh
+    addKey "./testoutput" "KEY_ONE"
+    addKey "./testoutput" "KEY_ONE"
+    addKey "./testoutput" "KEY_TWO"
+    addKey "./testoutput" "KEY_TWO"
+    addKey "./testoutput" "KEY_THREE"
+    addKey "./testoutput" "KEY_THREE"
+    ''')
+    output = host.run('''
+    cat ./testoutput
+    ''')
+    expected_stdout = 'KEY_ONE\nKEY_TWO\nKEY_THREE\n'
+    assert expected_stdout == output.stdout
+
+
+def test_key_removal_works(host):
+    ''' Confirms removeKey removes a key or key/value pair '''
+    host.run('''
+    source /opt/pihole/utils.sh
+    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
+    addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
+    addOrEditKeyValPair "./testoutput" "KEY_THREE" "value3"
+    addKey "./testoutput" "KEY_FOUR"
+    removeKey "./testoutput" "KEY_TWO"
+    removeKey "./testoutput" "KEY_FOUR"
+    ''')
+    output = host.run('''
+    cat ./testoutput
+    ''')
+    expected_stdout = 'KEY_ONE=value1\nKEY_THREE=value3\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLAPIPort_default(host):
+    ''' Confirms getFTLAPIPort returns the default API port '''
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    getFTLAPIPort
+    ''')
+    expected_stdout = '4711\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLAPIPort_custom(host):
+    ''' Confirms getFTLAPIPort returns a custom API port in a custom PORTFILE location '''
+    host.run('''
+    echo "PORTFILE=/tmp/port.file" > /etc/pihole/pihole-FTL.conf
+    echo "1234" > /tmp/port.file
+    ''')
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    getFTLAPIPort
+    ''')
+    expected_stdout = '1234\n'
+    assert expected_stdout == output.stdout
--- a/test/test_centos_7_support.py
+++ b/test/test_centos_7_support.py
@@ -26,8 +26,8 @@ def test_php_upgrade_user_optout_centos_eq_7(host):
    confirms installer behavior when user opt-out of installing PHP7 from REMI
    (php not currently installed)
    '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, host)
+    # dialog returns Cancel for user prompt
+    mock_command('dialog', {'*': ('', '1')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
@@ -45,8 +45,8 @@ def test_php_upgrade_user_optin_centos_eq_7(host):
    confirms installer behavior when user opt-in to installing PHP7 from REMI
    (php not currently installed)
    '''
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # dialog returns Continue for user prompt
+    mock_command('dialog', {'*': ('', '0')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
--- a/test/test_centos_8_support.py
+++ b/test/test_centos_8_support.py
@@ -29,8 +29,8 @@ def test_php_upgrade_user_optout_skipped_centos_gte_8(host):
    latest CentOS (should trigger on CentOS7 only)
    (php not currently installed)
    '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, host)
+    # dialog dialog returns Cancel for user prompt
+    mock_command('dialog', {'*': ('', '1')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
@@ -50,8 +50,8 @@ def test_php_upgrade_user_optin_skipped_centos_gte_8(host):
    latest CentOS (should trigger on CentOS7 only)
    (php not currently installed)
    '''
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # dialog dialog returns Continue for user prompt
+    mock_command('dialog', {'*': ('', '0')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
--- a/test/test_centos_common_support.py
+++ b/test/test_centos_common_support.py
@@ -36,7 +36,7 @@ def test_enable_epel_repository_centos(host):
    expected_stdout = info_box + (' Enabling EPEL package repository '
                                  '(https://fedoraproject.org/wiki/EPEL)')
    assert expected_stdout in package_manager_detect.stdout
-    expected_stdout = tick_box + ' Installed epel-release'
+    expected_stdout = tick_box + ' Installed'
    assert expected_stdout in package_manager_detect.stdout
    epel_package = host.package('epel-release')
    assert epel_package.is_installed
@@ -76,8 +76,8 @@ def test_php_version_lt_7_detected_upgrade_user_optout_centos(host):
    default_centos_php_version = php_package.version.split('.')[0]
    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, host)
+    # dialog returns Cancel for user prompt
+    mock_command('dialog', {'*': ('', '1')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
@@ -101,8 +101,8 @@ def test_php_version_lt_7_detected_upgrade_user_optin_centos(host):
    default_centos_php_version = php_package.version.split('.')[0]
    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # dialog returns Continue for user prompt
+    mock_command('dialog', {'*': ('', '0')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
--- a/test/test_centos_fedora_common_support.py
+++ b/test/test_centos_fedora_common_support.py
@@ -30,7 +30,7 @@ def test_selinux_enforcing_exit(host):
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
-    expected_stdout = cross_box + ' Current SELinux: Enforcing'
+    expected_stdout = cross_box + ' Current SELinux: enforcing'
    assert expected_stdout in check_selinux.stdout
    expected_stdout = 'SELinux Enforcing detected, exiting installer'
    assert expected_stdout in check_selinux.stdout
@@ -46,7 +46,7 @@ def test_selinux_permissive(host):
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
-    expected_stdout = tick_box + ' Current SELinux: Permissive'
+    expected_stdout = tick_box + ' Current SELinux: permissive'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 0

@@ -60,6 +60,6 @@ def test_selinux_disabled(host):
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
-    expected_stdout = tick_box + ' Current SELinux: Disabled'
+    expected_stdout = tick_box + ' Current SELinux: disabled'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 0
--- a/test/tox.debian_9.ini
+++ b/test/tox.debian_9.ini
@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _debian_9.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
--- a/test/tox.fedora_33.ini
+++ b/test/tox.fedora_33.ini
@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _fedora_33.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_fedora_support.py
--- a/test/tox.ubuntu_22.ini
+++ b/test/tox.ubuntu_22.ini
@@ -4,5 +4,5 @@ envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
-commands = docker build -f _ubuntu_16.Dockerfile -t pytest_pihole:test_container ../
+commands = docker build -f _ubuntu_22.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py