Release 5.12 (#4889 )

Add jq as dependency and remove json_extract (#4878 )
**What does this PR aim to accomplish?:** Adds `jq` as dependency and removes the now obsolete `json_extract` function. `jq` is a small dependency and adds powerfull json abilities. With `FTL v6` we will have a whole new json-based API where `jq` might be needed anyway. Also for `PADD` to interact with `FTL v6`, `jq` will be a requirement: https://github.com/pi-hole/PADD/pull/247 --- **By submitting this pull request, I confirm the following:** 1. I have read and understood the [contributors guide](https://docs.pi-hole.net/guides/github/contributing/), as well as this entire template. I understand which branch to base my commits and Pull Requests against. 2. I have commented my proposed changes within the code and I have tested my changes. 3. I am willing to help maintain this change if there are issues with it later. 4. It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) 5. I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) --- - [x] I have read the above and my PR is ready for review. _Check this box to confirm_
2022-09-02 18:39:03 +01:00 · 2022-08-26 10:09:42 +02:00 · 2022-08-25 09:55:47 +02:00 · 2022-08-25 09:55:42 +02:00 · 2022-08-24 07:21:04 +02:00 · 2022-08-23 19:23:44 +01:00
72 changed files with 1465 additions and 2229 deletions
--- a/.codespellignore
+++ b/.codespellignore
@@ -0,0 +1,3 @@
+doubleclick
+wan
+nwe
--- a/.editorconfig
+++ b/.editorconfig
@@ -13,26 +13,8 @@ tab_width = 4
 charset = utf-8
 trim_trailing_whitespace = true

-# Matches multiple files with brace expansion notation
-# Set default charset
-[*.{js,py}]
-charset = utf-8
+[*.yml]
+tab_width = 2

-# 4 space indentation
-[*.py]
-indent_style = space
-indent_size = 4
-
-# Tab indentation (no size specified)
-[Makefile]
-indent_style = tab
-
-# Indentation override for all JS under lib directory
-[scripts/**.js]
-indent_style = space
-indent_size = 2
-
-# Matches the exact files either package.json or .travis.yml
-[{package.json,.travis.yml}]
-indent_style = space
-indent_size = 2
+[*.md]
+tab_width = 2
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,4 +7,6 @@ updates:
    day: saturday
    time: "10:00"
  open-pull-requests-limit: 10
-  target-branch: developement
+  target-branch: development
+  reviewers:
+    - "pi-hole/core-maintainers"
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -25,16 +25,16 @@ jobs:
    steps:
    -
      name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3.0.2
    # Initializes the CodeQL tools for scanning.
    -
      name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
      with:
        languages: 'python'
    -
      name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
    -
      name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -2,7 +2,7 @@ name: Mark stale issues

 on:
  schedule:
-  - cron: '0 * * * *'
+    - cron: '0 8 * * *'
  workflow_dispatch:

 jobs:
@@ -13,13 +13,14 @@ jobs:
      issues: write

    steps:
-    - uses: actions/stale@v4
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        days-before-stale: 30
-        days-before-close: 5
-        stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
-        stale-issue-label: 'stale'
-        exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed'
-        exempt-all-issue-assignees: true
-        operations-per-run: 300
+      - uses: actions/stale@v5.1.1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 30
+          days-before-close: 5
+          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
+          stale-issue-label: 'stale'
+          exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'
+          exempt-all-issue-assignees: true
+          operations-per-run: 300
+          close-issue-reason: 'not_planned'
--- a/.github/workflows/sync-back-to-dev.yml
+++ b/.github/workflows/sync-back-to-dev.yml
@@ -11,7 +11,7 @@ jobs:
    name: Syncing branches
    steps:
      - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.0.2
      - name: Opening pull request
        id: pull
        uses: tretuna/sync-branches@1.4.0
@@ -19,9 +19,8 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          FROM_BRANCH: 'master'
          TO_BRANCH: 'development'
-          CONTENT_COMPARISON: true
      - name: Label the pull request to ignore for release note generation
-        uses: actions-ecosystem/action-add-labels@v1
+        uses: actions-ecosystem/action-add-labels@v1.1.3
        with:
          labels: internal
          repo: ${{ github.repository }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,40 +4,55 @@ on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]

+permissions:
+  contents: read
+
 jobs:
-  smoke-test:
+  smoke-tests:
    if: github.event.pull_request.draft == false
    runs-on: ubuntu-latest
    steps:
    -
      name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3.0.2
    -
-      name: Run Smoke Tests
+      name: Check scripts in repository are executable
      run: |
-        # Ensure scripts in repository are executable
        IFS=$'\n';
        for f in $(find . -name '*.sh'); do if [[ ! -x $f ]]; then echo "$f is not executable" && FAIL=1; fi ;done
        unset IFS;
        # If FAIL is 1 then we fail.
-        [[ $FAIL == 1 ]] && exit 1 || echo "Smoke Tests Passed"
+        [[ $FAIL == 1 ]] && exit 1 || echo "Scripts are executable!"
+    -
+      name: Spell-Checking
+      uses: codespell-project/actions-codespell@master
+      with:
+        ignore_words_file: .codespellignore
+    -
+      name: Get editorconfig-checker
+      uses: editorconfig-checker/action-editorconfig-checker@main # tag v1.0.0 is really out of date
+    -
+      name: Run editorconfig-checker
+      run: editorconfig-checker
+

  distro-test:
    if: github.event.pull_request.draft == false
    runs-on: ubuntu-latest
-    needs: smoke-test
+    needs: smoke-tests
    strategy:
+      fail-fast: false
      matrix:
-        distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_33, fedora_34]
+        distro: [debian_10, debian_11, ubuntu_18, ubuntu_20, ubuntu_22, centos_8, fedora_34]
    env:
      DISTRO: ${{matrix.distro}}
    steps:
    -
      name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3.0.2
    -
      name: Set up Python 3.8
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4.2.0
      with:
        python-version: 3.8
    -
--- a/.stickler.yml
+++ b/.stickler.yml
@@ -1,6 +1,10 @@
+---
 linters:
  shellcheck:
    shell: bash
  phpcs:
  flake8:
    max-line-length: 120
+  yamllint:
+    config: ./.yamllint.conf
+  remarklint:
--- a/.yamllint.conf
+++ b/.yamllint.conf
@@ -0,0 +1,3 @@
+rules:
+  line-length: disable
+  document-start: disable
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -3,5 +3,3 @@
 Please read and understand the contribution guide before creating an issue or pull request.

 The guide can be found here: [https://docs.pi-hole.net/guides/github/contributing/](https://docs.pi-hole.net/guides/github/contributing/)
-
-
--- a/README.md
+++ b/README.md
@@ -3,12 +3,15 @@
 #

 <p align="center">
-    <a href="https://pi-hole.net/">
-        <img src="https://pi-hole.github.io/graphics/Vortex/Vortex_with_Wordmark.svg" width="150" height="260" alt="Pi-hole">
-    </a>
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_darkmode.png">
+    <source media="(prefers-color-scheme: light)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png">
+    <img src="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png" width="168" height="270" alt="Pi-hole website">
+  </picture>
    <br>
    <strong>Network-wide ad blocking via your own Linux hardware</strong>
 </p>
+
 <!-- markdownlint-enable MD033 -->

 The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content without installing any client-side software.
@@ -19,7 +22,7 @@ The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) th
 - **Lightweight**: runs smoothly with [minimal hardware and software requirements](https://docs.pi-hole.net/main/prerequisites/)
 - **Robust**: a command line interface that is quality assured for interoperability
 - **Insightful**: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
- **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring *all* your devices are protected automatically
+- **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring _all_ your devices are protected automatically
 - **Scalable**: [capable of handling hundreds of millions of queries](https://pi-hole.net/2017/05/24/how-much-traffic-can-pi-hole-handle/) when installed on server-grade hardware
 - **Modern**: blocks ads over both IPv4 and IPv6
 - **Free**: open source software that helps ensure _you_ are the sole person in control of your privacy
@@ -50,7 +53,9 @@ sudo bash basic-install.sh
 wget -O basic-install.sh https://install.pi-hole.net
 sudo bash basic-install.sh
 ```
+
 ### Method 3: Using Docker to deploy Pi-hole
+
 Please refer to the [Pi-hole docker repo](https://github.com/pi-hole/docker-pi-hole) to use the Official Docker Images.

 ## [Post-install: Make your network take advantage of Pi-hole](https://docs.pi-hole.net/main/post-install/)
@@ -112,7 +117,7 @@ While we are primarily reachable on our [Discourse User Forum](https://discourse

 ### [Faster-than-light Engine](https://github.com/pi-hole/ftl)

-[FTLDNS](https://github.com/pi-hole/ftl) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
+[FTLDNS](https://github.com/pi-hole/ftl) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all _very quickly_!

 Some of the statistics you can integrate include:

@@ -139,7 +144,7 @@ Some notable features include:
 - [Updating Ad Lists](https://docs.pi-hole.net/core/pihole-command/#gravity)
 - [Querying Ad Lists for blocked domains](https://docs.pi-hole.net/core/pihole-command/#query)
 - [Enabling and Disabling Pi-hole](https://docs.pi-hole.net/core/pihole-command/#enable-disable)
- ... and *many* more!
+- ... and _many_ more!

 You can read our [Core Feature Breakdown](https://docs.pi-hole.net/core/pihole-command/#pi-hole-core) for more information.

@@ -161,4 +166,4 @@ Some notable features include:
 There are several ways to [access the dashboard](https://discourse.pi-hole.net/t/how-do-i-access-pi-holes-dashboard-admin-interface/3168):

 1. `http://pi.hole/admin/` (when using Pi-hole as your DNS server)
-2. `http://<IP_ADDPRESS_OF_YOUR_PI_HOLE>/admin/`
+2. `http://<IP_ADDRESS_OF_YOUR_PI_HOLE>/admin/`
--- a/advanced/01-pihole.conf
+++ b/advanced/01-pihole.conf
@@ -37,6 +37,6 @@ interface=@INT@
 cache-size=@CACHE_SIZE@

 log-queries
-log-facility=/var/log/pihole.log
+log-facility=/var/log/pihole/pihole.log

 log-async
--- a/advanced/GIFs/25Bytes.gif
+++ b/advanced/GIFs/25Bytes.gif
--- a/advanced/GIFs/26Bytes.gif
+++ b/advanced/GIFs/26Bytes.gif
--- a/advanced/GIFs/37Bytes.gif
+++ b/advanced/GIFs/37Bytes.gif
--- a/advanced/GIFs/43Bytes.gif
+++ b/advanced/GIFs/43Bytes.gif
--- a/advanced/Scripts/COL_TABLE
+++ b/advanced/Scripts/COL_TABLE
@@ -1,5 +1,5 @@
 # Determine if terminal is capable of showing colors
-if [[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]; then
+if ([[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]) || [[ "${WEBCALL}" ]]; then
  # Bold and underline may not show up on all clients
  # If something MUST be emphasized, use both
  COL_BOLD='[1m'
--- a/advanced/Scripts/database_migration/gravity/11_to_12.sql
+++ b/advanced/Scripts/database_migration/gravity/11_to_12.sql
@@ -16,4 +16,4 @@ CREATE TRIGGER tr_group_zero AFTER DELETE ON "group"

 UPDATE info SET value = 12 WHERE property = 'version';

-COMMIT;
+COMMIT;
--- a/advanced/Scripts/database_migration/gravity/12_to_13.sql
+++ b/advanced/Scripts/database_migration/gravity/12_to_13.sql
@@ -15,4 +15,4 @@ CREATE TRIGGER tr_adlist_update AFTER UPDATE OF address,enabled,comment ON adlis

 UPDATE info SET value = 13 WHERE property = 'version';

-COMMIT;
+COMMIT;
--- a/advanced/Scripts/database_migration/gravity/3_to_4.sql
+++ b/advanced/Scripts/database_migration/gravity/3_to_4.sql
@@ -93,4 +93,4 @@ CREATE VIEW vw_regex_blacklist AS SELECT domain, domainlist.id AS id, domainlist

 UPDATE info SET value = 4 WHERE property = 'version';

-COMMIT;
+COMMIT;
--- a/advanced/Scripts/database_migration/gravity/4_to_5.sql
+++ b/advanced/Scripts/database_migration/gravity/4_to_5.sql
@@ -35,4 +35,4 @@ CREATE TABLE client_by_group

 UPDATE info SET value = 5 WHERE property = 'version';

-COMMIT;
+COMMIT;
--- a/advanced/Scripts/list.sh
+++ b/advanced/Scripts/list.sh
@@ -100,21 +100,29 @@ Options:
 ValidateDomain() {
    # Convert to lowercase
    domain="${1,,}"
+    local str validDomain

    # Check validity of domain (don't check for regex entries)
-    if [[ "${#domain}" -le 253 ]]; then
-        if [[ ( "${typeId}" == "${regex_blacklist}" || "${typeId}" == "${regex_whitelist}" ) && "${wildcard}" == false ]]; then
-            validDomain="${domain}"
-        else
+    if [[ ( "${typeId}" == "${regex_blacklist}" || "${typeId}" == "${regex_whitelist}" ) && "${wildcard}" == false ]]; then
+        validDomain="${domain}"
+    else
+        # Check max length
+        if [[ "${#domain}" -le 253 ]]; then
            validDomain=$(grep -P "^((-|_)*[a-z\\d]((-|_)*[a-z\\d])*(-|_)*)(\\.(-|_)*([a-z\\d]((-|_)*[a-z\\d])*))*$" <<< "${domain}") # Valid chars check
            validDomain=$(grep -P "^[^\\.]{1,63}(\\.[^\\.]{1,63})*$" <<< "${validDomain}") # Length of each label
+            # set error string
+            str="is not a valid argument or domain name!"
+        else
+            validDomain=
+            str="is too long!"
+
        fi
    fi

    if [[ -n "${validDomain}" ]]; then
        domList=("${domList[@]}" "${validDomain}")
    else
-        echo -e "  ${CROSS} ${domain} is not a valid argument or domain name!"
+        echo -e "  ${CROSS} ${domain} ${str}"
    fi

    domaincount=$((domaincount+1))
--- a/advanced/Scripts/piholeCheckout.sh
+++ b/advanced/Scripts/piholeCheckout.sh
@@ -9,7 +9,7 @@
 # Please see LICENSE file for your rights under this license.

 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-PH_TEST="true"
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"

 # webInterfaceGitUrl set in basic-install.sh
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@@ -66,8 +66,8 @@ PIHOLE_DIRECTORY="/etc/pihole"
 PIHOLE_SCRIPTS_DIRECTORY="/opt/pihole"
 BIN_DIRECTORY="/usr/local/bin"
 RUN_DIRECTORY="/run"
-LOG_DIRECTORY="/var/log"
-WEB_SERVER_LOG_DIRECTORY="${LOG_DIRECTORY}/lighttpd"
+LOG_DIRECTORY="/var/log/pihole"
+WEB_SERVER_LOG_DIRECTORY="/var/log/lighttpd"
 WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd"
 HTML_DIRECTORY="/var/www/html"
 WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin"
@@ -129,36 +129,17 @@ FTL_PORT="${RUN_DIRECTORY}/pihole-FTL.port"
 PIHOLE_LOG="${LOG_DIRECTORY}/pihole.log"
 PIHOLE_LOG_GZIPS="${LOG_DIRECTORY}/pihole.log.[0-9].*"
 PIHOLE_DEBUG_LOG="${LOG_DIRECTORY}/pihole_debug.log"
-PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log")"
+PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/FTL.log")"

-PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log"
-PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log"
+PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access-pihole.log"
+PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error-pihole.log"

 RESOLVCONF="${ETC}/resolv.conf"
 DNSMASQ_CONF="${ETC}/dnsmasq.conf"

-# An array of operating system "pretty names" that we officially support
-# We can loop through the array at any time to see if it matches a value
-#SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS")
-
 # Store Pi-hole's processes in an array for easy use and parsing
 PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" )

-# Store the required directories in an array so it can be parsed through
-#REQUIRED_DIRECTORIES=("${CORE_GIT_DIRECTORY}"
-#"${CRON_D_DIRECTORY}"
-#"${DNSMASQ_D_DIRECTORY}"
-#"${PIHOLE_DIRECTORY}"
-#"${PIHOLE_SCRIPTS_DIRECTORY}"
-#"${BIN_DIRECTORY}"
-#"${RUN_DIRECTORY}"
-#"${LOG_DIRECTORY}"
-#"${WEB_SERVER_LOG_DIRECTORY}"
-#"${WEB_SERVER_CONFIG_DIRECTORY}"
-#"${HTML_DIRECTORY}"
-#"${WEB_GIT_DIRECTORY}"
-#"${BLOCK_PAGE_DIRECTORY}")
-
 # Store the required directories in an array so it can be parsed through
 REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
 "${WEB_SERVER_CONFIG_FILE}"
@@ -351,17 +332,34 @@ compare_local_version_to_git_version() {

 check_ftl_version() {
    local ftl_name="FTL"
+    local FTL_VERSION FTL_COMMIT FTL_BRANCH
    echo_current_diagnostic "${ftl_name} version"
    # Use the built in command to check FTL's version
-    FTL_VERSION=$(pihole-FTL version)
+    FTL_VERSION=$(pihole-FTL -vv | grep -m 1 Version | awk '{printf $2}')
+    FTL_BRANCH=$(pihole-FTL -vv | grep -m 1 Branch | awk '{printf $2}')
+    FTL_COMMIT=$(pihole-FTL -vv | grep -m 1 Commit | awk '{printf $2}')
+
    # Compare the current FTL version to the remote version
    if [[ "${FTL_VERSION}" == "$(pihole -v | awk '/FTL/ {print $6}' | cut -d ')' -f1)" ]]; then
        # If they are the same, FTL is up-to-date
        log_write "${TICK} ${ftl_name}: ${COL_GREEN}${FTL_VERSION}${COL_NC}"
    else
        # If not, show it in yellow, signifying there is an update
-        log_write "${TICK} ${ftl_name}: ${COL_YELLOW}${FTL_VERSION}${COL_NC} (${FAQ_UPDATE_PI_HOLE})"
+        log_write "${INFO} ${ftl_name}: ${COL_YELLOW}${FTL_VERSION}${COL_NC} (${FAQ_UPDATE_PI_HOLE})"
    fi
+
+    # If they use the master branch, they are on the stable codebase
+    if [[ "${FTL_BRANCH}" == "master" ]]; then
+        # so the color of the text is green
+        log_write "${INFO} Branch: ${COL_GREEN}${FTL_BRANCH}${COL_NC}"
+        # If it is any other branch, they are in a development branch
+    else
+        # So show that in yellow, signifying it's something to take a look at, but not a critical error
+        log_write "${INFO} Branch: ${COL_YELLOW}${FTL_BRANCH}${COL_NC} (${FAQ_CHECKOUT_COMMAND})"
+    fi
+
+    # echo the current commit
+    log_write "${INFO} Commit: ${FTL_COMMIT}"
 }

 # Checks the core version of the Pi-hole codebase
@@ -600,10 +598,10 @@ disk_usage() {
    # Some lines of df might contain sensitive information like usernames and passwords.
    # E.g. curlftpfs filesystems (https://www.looklinux.com/mount-ftp-share-on-linux-using-curlftps/)
    # We are not interested in those lines so we collect keyword, to remove them from the output
-    # Additinal keywords can be added, separated by "|"
+    # Additional keywords can be added, separated by "|"
    hide="curlftpfs"

-    # only show those lines not containg a sensitive phrase
+    # only show those lines not containing a sensitive phrase
    for line in "${file_system[@]}"; do
      if [[ ! $line =~ $hide ]]; then
        log_write "   ${line}"
@@ -816,29 +814,13 @@ check_x_headers() {
    # server is operating correctly
    echo_current_diagnostic "Dashboard and block page"
    # Use curl -I to get the header and parse out just the X-Pi-hole one
-    local block_page
-    block_page=$(curl -Is localhost | awk '/X-Pi-hole/' | tr -d '\r')
-    # Do it for the dashboard as well, as the header is different than above
+    local full_curl_output_dashboard
    local dashboard
-    dashboard=$(curl -Is localhost/admin/ | awk '/X-Pi-hole/' | tr -d '\r')
+    full_curl_output_dashboard="$(curl -Is localhost/admin/)"
+    dashboard=$(echo "${full_curl_output_dashboard}" | awk '/X-Pi-hole/' | tr -d '\r')
    # Store what the X-Header should be in variables for comparison later
-    local block_page_working
-    block_page_working="X-Pi-hole: A black hole for Internet advertisements."
    local dashboard_working
    dashboard_working="X-Pi-hole: The Pi-hole Web interface is working!"
-    local full_curl_output_block_page
-    full_curl_output_block_page="$(curl -Is localhost)"
-    local full_curl_output_dashboard
-    full_curl_output_dashboard="$(curl -Is localhost/admin/)"
-    # If the X-header found by curl matches what is should be,
-    if [[ $block_page == "$block_page_working" ]]; then
-        # display a success message
-        log_write "$TICK Block page X-Header: ${COL_GREEN}${block_page}${COL_NC}"
-    else
-        # Otherwise, show an error
-        log_write "$CROSS Block page X-Header: ${COL_RED}X-Header does not match or could not be retrieved.${COL_NC}"
-        log_write "${COL_RED}${full_curl_output_block_page}${COL_NC}"
-    fi

    # Same logic applies to the dashboard as above, if the X-Header matches what a working system should have,
    if [[ $dashboard == "$dashboard_working" ]]; then
@@ -847,6 +829,7 @@ check_x_headers() {
    else
        # Otherwise, it's a failure since the X-Headers either don't exist or have been modified in some way
        log_write "$CROSS Web interface X-Header: ${COL_RED}X-Header does not match or could not be retrieved.${COL_NC}"
+
        log_write "${COL_RED}${full_curl_output_dashboard}${COL_NC}"
    fi
 }
@@ -906,9 +889,11 @@ dig_at() {
    #          Removes all interfaces which are not UP
    #     s/^[0-9]*: //g;
    #          Removes interface index
+    #     s/@.*//g;
+    #          Removes everything after @ (if found)
    #     s/: <.*//g;
    #          Removes everything after the interface name
-    interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")"
+    interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/@.*//g;s/: <.*//g;")"

    while IFS= read -r iface ; do
        # Get addresses of current interface
@@ -1007,7 +992,7 @@ make_array_from_file() {
    else
        # Otherwise, read the file line by line
        while IFS= read -r line;do
-            # Othwerise, strip out comments and blank lines
+            # Otherwise, strip out comments and blank lines
            new_line=$(echo "${line}" | sed -e 's/^\s*#.*$//' -e '/^$/d')
            # If the line still has content (a non-zero value)
            if [[ -n "${new_line}" ]]; then
@@ -1065,7 +1050,7 @@ parse_file() {
 }

 check_name_resolution() {
-    # Check name resolution from localhost, Pi-hole's IP, and Google's name severs
+    # Check name resolution from localhost, Pi-hole's IP, and Google's name servers
    # using the function we created earlier
    dig_at 4
    dig_at 6
@@ -1247,7 +1232,7 @@ check_dhcp_servers() {
    OLD_IFS="$IFS"
    IFS=$'\n'
    local entries=()
-    mapfile -t entries < <(pihole-FTL dhcp-discover)
+    mapfile -t entries < <(pihole-FTL dhcp-discover & spinner)

    for line in "${entries[@]}"; do
        log_write "   ${line}"
@@ -1273,15 +1258,24 @@ show_clients() {
 }

 show_messages() {
-    show_FTL_db_entries "Pi-hole diagnosis messages" "SELECT id,datetime(timestamp,'unixepoch','localtime') timestamp,type,message,blob1,blob2,blob3,blob4,blob5 FROM message;" "4 19 20 60 20 20 20 20 20"
+    show_FTL_db_entries "Pi-hole diagnosis messages" "SELECT count (message) as count, datetime(max(timestamp),'unixepoch','localtime') as 'last timestamp', type, message, blob1, blob2, blob3, blob4, blob5 FROM message GROUP BY type, message, blob1, blob2, blob3, blob4, blob5;" "6 19 20 60 20 20 20 20 20"
+}
+
+database_permissions() {
+    local permissions
+    permissions=$(ls -lhd "${1}")
+    log_write "${COL_GREEN}${permissions}${COL_NC}"
 }

 analyze_gravity_list() {
    echo_current_diagnostic "Gravity Database"

-    local gravity_permissions
-    gravity_permissions=$(ls -lhd "${PIHOLE_GRAVITY_DB_FILE}")
-    log_write "${COL_GREEN}${gravity_permissions}${COL_NC}"
+    database_permissions "${PIHOLE_GRAVITY_DB_FILE}"
+
+    # if users want to check database integrity
+    if [[ "${CHECK_DATABASE}" = true ]]; then
+        database_integrity_check "${PIHOLE_FTL_DB_FILE}"
+    fi

    show_db_entries "Info table" "SELECT property,value FROM info" "20 40"
    gravity_updated_raw="$(pihole-FTL sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT value FROM info where property = 'updated'")"
@@ -1303,6 +1297,95 @@ analyze_gravity_list() {
    IFS="$OLD_IFS"
 }

+analyze_ftl_db() {
+    echo_current_diagnostic "Pi-hole FTL Query Database"
+    database_permissions "${PIHOLE_FTL_DB_FILE}"
+    # if users want to check database integrity
+    if [[ "${CHECK_DATABASE}" = true ]]; then
+        database_integrity_check "${PIHOLE_FTL_DB_FILE}"
+    fi
+}
+
+database_integrity_check(){
+    local result
+    local database="${1}"
+
+    log_write "${INFO} Checking integrity of ${database} ... (this can take several minutes)"
+    result="$(pihole-FTL "${database}" "PRAGMA integrity_check" 2>&1 & spinner)"
+    if [[ ${result} = "ok" ]]; then
+      log_write "${TICK} Integrity of ${database} intact"
+
+
+      log_write "${INFO} Checking foreign key constraints of ${database} ... (this can take several minutes)"
+      unset result
+      result="$(pihole-FTL sqlite3 "${database}" -cmd ".headers on" -cmd ".mode column" "PRAGMA foreign_key_check" 2>&1 & spinner)"
+      if [[ -z ${result} ]]; then
+        log_write "${TICK} No foreign key errors in ${database}"
+      else
+        log_write "${CROSS} ${COL_RED}Foreign key errors in ${database} found.${COL_NC}"
+        while IFS= read -r line ; do
+            log_write "    $line"
+        done <<< "$result"
+      fi
+
+    else
+      log_write "${CROSS} ${COL_RED}Integrity errors in ${database} found.\n${COL_NC}"
+      while IFS= read -r line ; do
+        log_write "    $line"
+      done <<< "$result"
+    fi
+
+}
+
+check_database_integrity() {
+    echo_current_diagnostic "Gravity Database"
+    database_permissions "${PIHOLE_GRAVITY_DB_FILE}"
+    database_integrity_check "${PIHOLE_GRAVITY_DB_FILE}"
+
+    echo_current_diagnostic "Pi-hole FTL Query Database"
+    database_permissions "${PIHOLE_FTL_DB_FILE}"
+    database_integrity_check "${PIHOLE_FTL_DB_FILE}"
+}
+
+# Show a text spinner during a long process run
+spinner(){
+    # Show the spinner only if there is a tty
+    if tty -s; then
+        # PID of the most recent background process
+        _PID=$!
+        _spin="/-\|"
+        _start=0
+        _elapsed=0
+        _i=1
+
+        # Start the counter
+        _start=$(date +%s)
+
+        # Hide the cursor
+        tput civis > /dev/tty
+
+        # ensures cursor is visible again, in case of premature exit
+        trap 'tput cnorm > /dev/tty' EXIT
+
+        while [ -d /proc/$_PID ]; do
+            _elapsed=$(( $(date +%s) - _start ))
+            # use hours only if needed
+            if [ "$_elapsed" -lt 3600 ]; then
+                printf "\r${_spin:_i++%${#_spin}:1} %02d:%02d" $((_elapsed/60)) $((_elapsed%60)) >"$(tty)"
+            else
+                printf "\r${_spin:_i++%${#_spin}:1} %02d:%02d:%02d" $((_elapsed/3600)) $(((_elapsed/60)%60)) $((_elapsed%60)) >"$(tty)"
+            fi
+            sleep 0.25
+        done
+
+        # Return to the begin of the line after completion (the spinner will be overwritten)
+        printf "\r" >"$(tty)"
+
+        # Restore cursor visibility
+        tput cnorm > /dev/tty
+    fi
+}
+
 obfuscated_pihole_log() {
  local pihole_log=("$@")
  local line
@@ -1326,7 +1409,7 @@ obfuscated_pihole_log() {
          # If the variable does not a value (the current default behavior), so do not obfuscate anything
          if [[ -z ${OBFUSCATE} ]]; then
              log_write "   ${line}"
-          # Othwerise, a flag was passed to this command to obfuscate domains in the log
+          # Otherwise, a flag was passed to this command to obfuscate domains in the log
          else
              # So first check if there are domains in the log that should be obfuscated
              if [[ -n ${line_to_obfuscate} ]]; then
@@ -1392,7 +1475,7 @@ curl_to_tricorder() {
 upload_to_tricorder() {
    local username="pihole"
    # Set the permissions and owner
-    chmod 644 ${PIHOLE_DEBUG_LOG}
+    chmod 640 ${PIHOLE_DEBUG_LOG}
    chown "$USER":"${username}" ${PIHOLE_DEBUG_LOG}

    # Let the user know debugging is complete with something strikingly visual
@@ -1448,7 +1531,7 @@ upload_to_tricorder() {
        if [[ "${WEBCALL}" ]] && [[ ! "${AUTOMATED}" ]]; then
            :
        else
-            log_write "${CROSS}  ${COL_RED}There was an error uploading your debug log.${COL_NC}"
+            log_write "${CROSS} ${COL_RED}There was an error uploading your debug log.${COL_NC}"
            log_write "   * Please try again or contact the Pi-hole team for assistance."
        fi
    fi
@@ -1477,6 +1560,7 @@ process_status
 ftl_full_status
 parse_setup_vars
 check_x_headers
+analyze_ftl_db
 analyze_gravity_list
 show_groups
 show_domainlist
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -31,7 +31,7 @@ if [ -z "$DBFILE" ]; then
 fi

 if [[ "$@" != *"quiet"* ]]; then
-    echo -ne "  ${INFO} Flushing /var/log/pihole.log ..."
+    echo -ne "  ${INFO} Flushing /var/log/pihole/pihole.log ..."
 fi
 if [[ "$@" == *"once"* ]]; then
    # Nightly logrotation
@@ -44,9 +44,9 @@ if [[ "$@" == *"once"* ]]; then
        # Note that moving the file is not an option, as
        # dnsmasq would happily continue writing into the
        # moved file (it will have the same file handler)
-        cp -p /var/log/pihole.log /var/log/pihole.log.1
-        echo " " > /var/log/pihole.log
-        chmod 644 /var/log/pihole.log
+        cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
+        echo " " > /var/log/pihole/pihole.log
+        chmod 640 /var/log/pihole/pihole.log
    fi
 else
    # Manual flushing
@@ -56,20 +56,20 @@ else
        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
    else
        # Flush both pihole.log and pihole.log.1 (if existing)
-        echo " " > /var/log/pihole.log
-        if [ -f /var/log/pihole.log.1 ]; then
-            echo " " > /var/log/pihole.log.1
-            chmod 644 /var/log/pihole.log.1
+        echo " " > /var/log/pihole/pihole.log
+        if [ -f /var/log/pihole/pihole.log.1 ]; then
+            echo " " > /var/log/pihole/pihole.log.1
+            chmod 640 /var/log/pihole/pihole.log.1
        fi
    fi
    # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
-    deleted=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1")
+    deleted=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")

    # Restart pihole-FTL to force reloading history
    sudo pihole restartdns
 fi

 if [[ "$@" != *"quiet"* ]]; then
-    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole.log"
+    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole/pihole.log"
    echo -e "  ${TICK} Deleted ${deleted} queries from database"
 fi
--- a/advanced/Scripts/query.sh
+++ b/advanced/Scripts/query.sh
@@ -16,7 +16,6 @@ GRAVITYDB="${piholeDir}/gravity.db"
 options="$*"
 all=""
 exact=""
-blockpage=""
 matchType="match"
 # Source pihole-FTL from install script
 pihole_FTL="${piholeDir}/pihole-FTL.conf"
@@ -34,7 +33,7 @@ source "${colfile}"
 # Scan an array of files for matching strings
 scanList(){
    # Escape full stops
-    local domain="${1}" esc_domain="${1//./\\.}" lists="${2}" type="${3:-}"
+    local domain="${1}" esc_domain="${1//./\\.}" lists="${2}" list_type="${3:-}"

    # Prevent grep from printing file path
    cd "$piholeDir" || exit 1
@@ -43,7 +42,7 @@ scanList(){
    export LC_CTYPE=C

    # /dev/null forces filename to be printed when only one list has been generated
-    case "${type}" in
+    case "${list_type}" in
        "exact" ) grep -i -E -l "(^|(?<!#)\\s)${esc_domain}($|\\s|#)" ${lists} /dev/null 2>/dev/null;;
        # Iterate through each regexp and check whether it matches the domainQuery
        # If it does, print the matching regexp and continue looping
@@ -64,25 +63,21 @@ Example: 'pihole -q -exact domain.com'
 Query the adlists for a specified domain

 Options:
-  -exact              Search the block lists for exact domain matches
-  -all                Return all query matches within a block list
+  -exact              Search the adlists for exact domain matches
+  -all                Return all query matches within the adlists
  -h, --help          Show this help dialog"
  exit 0
 fi

 # Handle valid options
-if [[ "${options}" == *"-bp"* ]]; then
-    exact="exact"; blockpage=true
-else
-    [[ "${options}" == *"-all"* ]] && all=true
-    if [[ "${options}" == *"-exact"* ]]; then
-        exact="exact"; matchType="exact ${matchType}"
-    fi
+[[ "${options}" == *"-all"* ]] && all=true
+if [[ "${options}" == *"-exact"* ]]; then
+    exact="exact"; matchType="exact ${matchType}"
 fi

 # Strip valid options, leaving only the domain and invalid options
 # This allows users to place the options before or after the domain
-options=$(sed -E 's/ ?-(bp|adlists?|all|exact) ?//g' <<< "${options}")
+options=$(sed -E 's/ ?-(adlists?|all|exact) ?//g' <<< "${options}")

 # Handle remaining options
 # If $options contain non ASCII characters, convert to punycode
@@ -99,10 +94,10 @@ if [[ -n "${str:-}" ]]; then
 fi

 scanDatabaseTable() {
-    local domain table type querystr result extra
+    local domain table list_type querystr result extra
    domain="$(printf "%q" "${1}")"
    table="${2}"
-    type="${3:-}"
+    list_type="${3:-}"

    # As underscores are legitimate parts of domains, we escape them when using the LIKE operator.
    # Underscores are SQLite wildcards matching exactly one character. We obviously want to suppress this
@@ -115,8 +110,8 @@ scanDatabaseTable() {
        esac
    else
        case "${exact}" in
-            "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain = '${domain}'";;
-            *       ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
+            "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${list_type}' AND domain = '${domain}'";;
+            *       ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${list_type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
        esac
    fi

@@ -136,17 +131,11 @@ scanDatabaseTable() {
    wbMatch=true

    # Print table name
-    if [[ -z "${blockpage}" ]]; then
-        echo " ${matchType^} found in ${COL_BOLD}exact ${table}${COL_NC}"
-    fi
+    echo " ${matchType^} found in ${COL_BOLD}exact ${table}${COL_NC}"

    # Loop over results and print them
    mapfile -t results <<< "${result}"
    for result in "${results[@]}"; do
-        if [[ -n "${blockpage}" ]]; then
-            echo "π ${result}"
-            exit 0
-        fi
        domain="${result/|*}"
        if [[ "${result#*|}" == "0" ]]; then
            extra=" (disabled)"
@@ -158,13 +147,13 @@ scanDatabaseTable() {
 }

 scanRegexDatabaseTable() {
-    local domain list
+    local domain list list_type
    domain="${1}"
    list="${2}"
-    type="${3:-}"
+    list_type="${3:-}"

    # Query all regex from the corresponding database tables
-    mapfile -t regexList < <(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT domain FROM domainlist WHERE type = ${type}" 2> /dev/null)
+    mapfile -t regexList < <(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT domain FROM domainlist WHERE type = ${list_type}" 2> /dev/null)

    # If we have regexps to process
    if [[ "${#regexList[@]}" -ne 0 ]]; then
@@ -181,18 +170,13 @@ scanRegexDatabaseTable() {
            # Form a "results" message
            str_result="${COL_BOLD}${str_regexMatches}${COL_NC}"
            # If we are displaying more than just the source of the block
-            if [[ -z "${blockpage}" ]]; then
-                # Set the wildcard match flag
-                wcMatch=true
-                # Echo the "matched" message, indented by one space
-                echo " ${str_message}"
-                # Echo the "results" message, each line indented by three spaces
-                # shellcheck disable=SC2001
-                echo "${str_result}" | sed 's/^/   /'
-            else
-                echo "π .wildcard"
-                exit 0
-            fi
+            # Set the wildcard match flag
+            wcMatch=true
+            # Echo the "matched" message, indented by one space
+            echo " ${str_message}"
+            # Echo the "results" message, each line indented by three spaces
+            # shellcheck disable=SC2001
+            echo "${str_result}" | sed 's/^/   /'
        fi
    fi
 }
@@ -210,7 +194,7 @@ mapfile -t results <<< "$(scanDatabaseTable "${domainQuery}" "gravity")"

 # Handle notices
 if [[ -z "${wbMatch:-}" ]] && [[ -z "${wcMatch:-}" ]] && [[ -z "${results[*]}" ]]; then
-    echo -e "  ${INFO} No ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC} within the block lists"
+    echo -e "  ${INFO} No ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC} within the adlists"
    exit 0
 elif [[ -z "${results[*]}" ]]; then
    # Result found in WL/BL/Wildcards
@@ -222,7 +206,7 @@ elif [[ -z "${all}" ]] && [[ "${#results[*]}" -ge 100 ]]; then
 fi

 # Print "Exact matches for" title
-if [[ -n "${exact}" ]] && [[ -z "${blockpage}" ]]; then
+if [[ -n "${exact}" ]]; then
    plural=""; [[ "${#results[*]}" -gt 1 ]] && plural="es"
    echo " ${matchType^}${plural} for ${COL_BOLD}${domainQuery}${COL_NC} found in:"
 fi
@@ -238,9 +222,7 @@ for result in "${results[@]}"; do
        extra=""
    fi

-    if [[ -n "${blockpage}" ]]; then
-        echo "0 ${adlistAddress}"
-    elif [[ -n "${exact}" ]]; then
+    if [[ -n "${exact}" ]]; then
        echo "  - ${adlistAddress}${extra}"
    else
        if [[ ! "${adlistAddress}" == "${adlistAddress_prev:-}" ]]; then
--- a/advanced/Scripts/setupLCD.sh
+++ b/advanced/Scripts/setupLCD.sh
@@ -1,74 +0,0 @@
-#!/usr/bin/env bash
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Automatically configures the Pi to use the 2.8 LCD screen to display stats on it (also works over ssh)
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-
-
-############ FUNCTIONS ###########
-
-# Borrowed from adafruit-pitft-helper < borrowed from raspi-config
-# https://github.com/adafruit/Adafruit-PiTFT-Helper/blob/master/adafruit-pitft-helper#L324-L334
-getInitSys() {
-    if command -v systemctl > /dev/null && systemctl | grep -q '\-\.mount'; then
-        SYSTEMD=1
-    elif [ -f /etc/init.d/cron ] && [ ! -h /etc/init.d/cron ]; then
-        SYSTEMD=0
-    else
-        echo "Unrecognized init system"
-        return 1
-    fi
-}
-
-# Borrowed from adafruit-pitft-helper:
-# https://github.com/adafruit/Adafruit-PiTFT-Helper/blob/master/adafruit-pitft-helper#L274-L285
-autoLoginPiToConsole() {
-    if [ -e /etc/init.d/lightdm ]; then
-        if [ ${SYSTEMD} -eq 1 ]; then
-            systemctl set-default multi-user.target
-            ln -fs /etc/systemd/system/autologin@.service /etc/systemd/system/getty.target.wants/getty@tty1.service
-        else
-            update-rc.d lightdm disable 2
-            sed /etc/inittab -i -e "s/1:2345:respawn:\/sbin\/getty --noclear 38400 tty1/1:2345:respawn:\/bin\/login -f pi tty1 <\/dev\/tty1 >\/dev\/tty1 2>&1/"
-        fi
-    fi
-}
-
-######### SCRIPT ###########
-# Set pi to log in automatically
-getInitSys
-autoLoginPiToConsole
-
-# Set chronomter to run automatically when pi logs in
-echo /usr/local/bin/chronometer.sh >> /home/pi/.bashrc
-# OR
-#$SUDO echo /usr/local/bin/chronometer.sh >> /etc/profile
-
-# Set up the LCD screen based on Adafruits instuctions:
-# https://learn.adafruit.com/adafruit-pitft-28-inch-resistive-touchscreen-display-raspberry-pi/easy-install
-curl -SLs https://apt.adafruit.com/add-pin | bash
-apt-get -y install raspberrypi-bootloader
-apt-get -y install adafruit-pitft-helper
-adafruit-pitft-helper -t 28r
-
-# Download the cmdline.txt file that prevents the screen from going blank after a period of time
-mv /boot/cmdline.txt /boot/cmdline.orig
-curl -o /boot/cmdline.txt https://raw.githubusercontent.com/pi-hole/pi-hole/master/advanced/cmdline.txt
-
-# Back up the original file and download the new one
-mv /etc/default/console-setup /etc/default/console-setup.orig
-curl -o /etc/default/console-setup https://raw.githubusercontent.com/pi-hole/pi-hole/master/advanced/console-setup
-
-# Instantly apply the font change to the LCD screen
-setupcon
-
-reboot
-
-# Start showing the stats on the screen by running the command on another tty:
-# https://unix.stackexchange.com/questions/170063/start-a-process-on-a-different-tty
-#setsid sh -c 'exec /usr/local/bin/chronometer.sh <> /dev/tty1 >&0 2>&1'
--- a/advanced/Scripts/update.sh
+++ b/advanced/Scripts/update.sh
@@ -17,7 +17,7 @@ readonly PI_HOLE_GIT_URL="https://github.com/pi-hole/pi-hole.git"
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"

 # shellcheck disable=SC2034
-PH_TEST=true
+SKIP_INSTALL=true

 # when --check-only is passed to this script, it will not perform the actual update
 CHECK_ONLY=false
--- a/advanced/Scripts/updatecheck.sh
+++ b/advanced/Scripts/updatecheck.sh
@@ -8,23 +8,6 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.

-# Credit: https://stackoverflow.com/a/46324904
-function json_extract() {
-    local key=$1
-    local json=$2
-
-    local string_regex='"([^"\]|\\.)*"'
-    local number_regex='-?(0|[1-9][0-9]*)(\.[0-9]+)?([eE][+-]?[0-9]+)?'
-    local value_regex="${string_regex}|${number_regex}|true|false|null"
-    local pair_regex="\"${key}\"[[:space:]]*:[[:space:]]*(${value_regex})"
-
-    if [[ ${json} =~ ${pair_regex} ]]; then
-        echo $(sed 's/^"\|"$//g' <<< "${BASH_REMATCH[1]}")
-    else
-        return 1
-    fi
-}
-
 function get_local_branch() {
    # Return active branch
    cd "${1}" 2> /dev/null || return 1
@@ -41,54 +24,64 @@ function get_local_version() {
 # shellcheck disable=SC1091
 . /etc/pihole/setupVars.conf

+# Source the utils file
+# shellcheck disable=SC1091
+. /opt/pihole/utils.sh
+
+# Remove the below three legacy files if they exist
+rm -f "/etc/pihole/GitHubVersions"
+rm -f "/etc/pihole/localbranches"
+rm -f "/etc/pihole/localversions"
+
+# Create new versions file if it does not exist
+VERSION_FILE="/etc/pihole/versions"
+touch "${VERSION_FILE}"
+chmod 644 "${VERSION_FILE}"
+
 if [[ "$2" == "remote" ]]; then

    if [[ "$3" == "reboot" ]]; then
        sleep 30
    fi

-    GITHUB_VERSION_FILE="/etc/pihole/GitHubVersions"
-
-    GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
-    echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}"
-    chmod 644 "${GITHUB_VERSION_FILE}"
+    GITHUB_CORE_VERSION="$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null | jq --raw-output .tag_name)"
+    addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_CORE_VERSION" "${GITHUB_CORE_VERSION}"

    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
-        GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
-        echo -n " ${GITHUB_WEB_VERSION}" >> "${GITHUB_VERSION_FILE}"
+        GITHUB_WEB_VERSION="$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null | jq --raw-output .tag_name)"
+        addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_WEB_VERSION" "${GITHUB_WEB_VERSION}"
    fi

-    GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"
-    echo -n " ${GITHUB_FTL_VERSION}" >> "${GITHUB_VERSION_FILE}"
+    GITHUB_FTL_VERSION="$(curl -s 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null | jq --raw-output .tag_name)"
+    addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_FTL_VERSION" "${GITHUB_FTL_VERSION}"
+
+    if [[ "${PIHOLE_DOCKER_TAG}" ]]; then
+        GITHUB_DOCKER_VERSION="$(curl -s 'https://api.github.com/repos/pi-hole/docker-pi-hole/releases/latest' 2> /dev/null | jq --raw-output .tag_name)"
+        addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_DOCKER_VERSION" "${GITHUB_DOCKER_VERSION}"
+    fi

 else

-    LOCAL_BRANCH_FILE="/etc/pihole/localbranches"
-
    CORE_BRANCH="$(get_local_branch /etc/.pihole)"
-    echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}"
-    chmod 644 "${LOCAL_BRANCH_FILE}"
+    addOrEditKeyValPair "${VERSION_FILE}" "CORE_BRANCH" "${CORE_BRANCH}"

    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
        WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
-        echo -n " ${WEB_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
+        addOrEditKeyValPair "${VERSION_FILE}" "WEB_BRANCH" "${WEB_BRANCH}"
    fi

    FTL_BRANCH="$(pihole-FTL branch)"
-    echo -n " ${FTL_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
-
-    LOCAL_VERSION_FILE="/etc/pihole/localversions"
+    addOrEditKeyValPair "${VERSION_FILE}" "FTL_BRANCH" "${FTL_BRANCH}"

    CORE_VERSION="$(get_local_version /etc/.pihole)"
-    echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}"
-    chmod 644 "${LOCAL_VERSION_FILE}"
+    addOrEditKeyValPair "${VERSION_FILE}" "CORE_VERSION" "${CORE_VERSION}"

    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
        WEB_VERSION="$(get_local_version /var/www/html/admin)"
-        echo -n " ${WEB_VERSION}" >> "${LOCAL_VERSION_FILE}"
+        addOrEditKeyValPair "${VERSION_FILE}" "WEB_VERSION" "${WEB_VERSION}"
    fi

    FTL_VERSION="$(pihole-FTL version)"
-    echo -n " ${FTL_VERSION}" >> "${LOCAL_VERSION_FILE}"
+    addOrEditKeyValPair "${VERSION_FILE}" "FTL_VERSION" "${FTL_VERSION}"

 fi
--- a/advanced/Scripts/utils.sh
+++ b/advanced/Scripts/utils.sh
@@ -1,4 +1,6 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
+# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions
+
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
@@ -10,26 +12,146 @@

 # Basic Housekeeping rules
 #  - Functions must be self contained
-#  - Functions must be added in alphabetical order
+#  - Functions should be grouped with other similar functions
 #  - Functions must be documented
 #  - New functions must have a test added for them in test/test_any_utils.py

 #######################
-# Takes three arguments key, value, and file.
+# Takes Three arguments: file, key, and value.
+#
 # Checks the target file for the existence of the key
 #   - If it exists, it changes the value
 #   - If it does not exist, it adds the value
 #
 # Example usage:
-# addOrEditKeyValuePair "BLOCKING_ENABLED" "true" "/etc/pihole/setupVars.conf"
+# addOrEditKeyValPair "/etc/pihole/setupVars.conf" "BLOCKING_ENABLED" "true"
 #######################
 addOrEditKeyValPair() {
-  local key="${1}"
-  local value="${2}"
-  local file="${3}"
+  local file="${1}"
+  local key="${2}"
+  local value="${3}"
+
  if grep -q "^${key}=" "${file}"; then
-    sed -i "/^${key}=/c\\${key}=${value}" "${file}"
+      # Key already exists in file, modify the value
+      sed -i "/^${key}=/c\\${key}=${value}" "${file}"
  else
+    # Key does not already exist, add it and it's value
    echo "${key}=${value}" >> "${file}"
  fi
 }
+
+#######################
+# Takes two arguments: file, and key.
+# Adds a key to target file
+#
+# Example usage:
+# addKey "/etc/dnsmasq.d/01-pihole.conf" "log-queries"
+#######################
+addKey(){
+  local file="${1}"
+  local key="${2}"
+
+  if ! grep -q "^${key}" "${file}"; then
+      # Key does not exist, add it.
+      echo "${key}" >> "${file}"
+  fi
+}
+
+#######################
+# Takes two arguments: file, and key.
+# Deletes a key or key/value pair from target file
+#
+# Example usage:
+# removeKey "/etc/pihole/setupVars.conf" "PIHOLE_DNS_1"
+#######################
+removeKey() {
+  local file="${1}"
+  local key="${2}"
+  sed -i "/^${key}/d" "${file}"
+}
+
+#######################
+# returns path of FTL's port file
+#######################
+getFTLAPIPortFile() {
+    local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
+    local DEFAULT_PORT_FILE="/run/pihole-FTL.port"
+    local FTL_APIPORT_FILE
+
+    if [ -s "${FTLCONFFILE}" ]; then
+        # if PORTFILE is not set in pihole-FTL.conf, use the default path
+        FTL_APIPORT_FILE="$({ grep '^PORTFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PORT_FILE}"; } | cut -d'=' -f2-)"
+    else
+        # if there is no pihole-FTL.conf, use the default path
+        FTL_APIPORT_FILE="${DEFAULT_PORT_FILE}"
+    fi
+
+      echo "${FTL_APIPORT_FILE}"
+}
+
+
+#######################
+# returns FTL's current telnet API port based on the content of the pihole-FTL.port file
+#
+# Takes one argument: path to pihole-FTL.port
+# Example getFTLAPIPort "/run/pihole-FTL.port"
+#######################
+getFTLAPIPort(){
+    local PORTFILE="${1}"
+    local DEFAULT_FTL_PORT=4711
+    local ftl_api_port
+
+    if [ -s "$PORTFILE" ]; then
+        # -s: FILE exists and has a size greater than zero
+        ftl_api_port=$(cat "${PORTFILE}")
+        # Exploit prevention: unset the variable if there is malicious content
+        # Verify that the value read from the file is numeric
+        expr "$ftl_api_port" : "[^[:digit:]]" > /dev/null && unset ftl_api_port
+    fi
+
+    # echo the port found in the portfile or default to the default port
+    echo "${ftl_api_port:=$DEFAULT_FTL_PORT}"
+}
+
+#######################
+# returns path of FTL's PID  file
+#######################
+getFTLPIDFile() {
+  local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
+  local DEFAULT_PID_FILE="/run/pihole-FTL.pid"
+  local FTL_PID_FILE
+
+  if [ -s "${FTLCONFFILE}" ]; then
+    # if PIDFILE is not set in pihole-FTL.conf, use the default path
+    FTL_PID_FILE="$({ grep '^PIDFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PID_FILE}"; } | cut -d'=' -f2-)"
+  else
+    # if there is no pihole-FTL.conf, use the default path
+    FTL_PID_FILE="${DEFAULT_PID_FILE}"
+  fi
+
+  echo "${FTL_PID_FILE}"
+}
+
+#######################
+# returns FTL's PID based on the content of the pihole-FTL.pid file
+#
+# Takes one argument: path to pihole-FTL.pid
+# Example getFTLPID "/run/pihole-FTL.pid"
+#######################
+getFTLPID() {
+    local FTL_PID_FILE="${1}"
+    local FTL_PID
+
+    if [ -s "${FTL_PID_FILE}" ]; then
+        # -s: FILE exists and has a size greater than zero
+        FTL_PID="$(cat "${FTL_PID_FILE}")"
+        # Exploit prevention: unset the variable if there is malicious content
+        # Verify that the value read from the file is numeric
+        expr "${FTL_PID}" : "[^[:digit:]]" > /dev/null && unset FTL_PID
+    fi
+
+    # If FTL is not running, or the PID file contains malicious stuff, substitute
+    # negative PID to signal this
+    FTL_PID=${FTL_PID:=-1}
+    echo  "${FTL_PID}"
+}
--- a/advanced/Scripts/version.sh
+++ b/advanced/Scripts/version.sh
@@ -89,17 +89,18 @@ getRemoteVersion(){
    local daemon="${1}"
    local version
    local cachedVersions
-    local arrCache
-    cachedVersions="/etc/pihole/GitHubVersions"
+    cachedVersions="/etc/pihole/versions"

    #If the above file exists, then we can read from that. Prevents overuse of GitHub API
    if [[ -f "$cachedVersions" ]]; then
-        IFS=' ' read -r -a arrCache < "$cachedVersions"
+
+        # shellcheck disable=SC1090
+        . "$cachedVersions"

        case $daemon in
-            "pi-hole"   )  echo "${arrCache[0]}";;
-            "AdminLTE"  )  [[ "${INSTALL_WEB_INTERFACE}" == true ]] && echo "${arrCache[1]}";;
-            "FTL"       )  [[ "${INSTALL_WEB_INTERFACE}" == true ]] && echo "${arrCache[2]}" || echo "${arrCache[1]}";;
+            "pi-hole"   )  echo "${GITHUB_CORE_VERSION}";;
+            "AdminLTE"  )  [[ "${INSTALL_WEB_INTERFACE}" == true ]] && echo "${GITHUB_WEB_VERSION}";;
+            "FTL"       )  echo "${GITHUB_FTL_VERSION}";;
        esac

        return 0
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 # shellcheck disable=SC1090
+# shellcheck disable=SC2154
+

 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
@@ -22,10 +24,13 @@ readonly gravityDBfile="/etc/pihole/gravity.db"

 # Source install script for ${setupVars}, ${PI_HOLE_BIN_DIR} and valid_ip()
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-# shellcheck disable=SC2034  # used in basic-install
-PH_TEST="true"
+# shellcheck disable=SC2034  # used in basic-install to source the script without running it
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"

+utilsfile="/opt/pihole/utils.sh"
+source "${utilsfile}"
+
 coltable="/opt/pihole/COL_TABLE"
 if [[ -f ${coltable} ]]; then
    source ${coltable}
@@ -41,7 +46,6 @@ Options:
  -c, celsius                     Set Celsius as preferred temperature unit
  -f, fahrenheit                  Set Fahrenheit as preferred temperature unit
  -k, kelvin                      Set Kelvin as preferred temperature unit
-  -e, email                       Set an administrative contact address for the Block Page
  -h, --help                      Show this help dialog
  -i, interface                   Specify dnsmasq's interface listening behavior
  -l, privacylevel                Set privacy level (0 = lowest, 3 = highest)
@@ -51,45 +55,39 @@ Options:
 }

 add_setting() {
-    echo "${1}=${2}" >> "${setupVars}"
+    addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
 }

 delete_setting() {
-    sed -i "/^${1}/d" "${setupVars}"
+    removeKey "${setupVars}" "${1}"
 }

 change_setting() {
-    delete_setting "${1}"
-    add_setting "${1}" "${2}"
+    addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
 }

 addFTLsetting() {
-    echo "${1}=${2}" >> "${FTLconf}"
+    addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
 }

 deleteFTLsetting() {
-    sed -i "/^${1}/d" "${FTLconf}"
+    removeKey "${FTLconf}" "${1}"
 }

 changeFTLsetting() {
-    deleteFTLsetting "${1}"
-    addFTLsetting "${1}" "${2}"
+    addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
 }

 add_dnsmasq_setting() {
-    if [[ "${2}" != "" ]]; then
-        echo "${1}=${2}" >> "${dnsmasqconfig}"
-    else
-        echo "${1}" >> "${dnsmasqconfig}"
-    fi
+    addOrEditKeyValPair "${dnsmasqconfig}" "${1}" "${2}"
 }

 delete_dnsmasq_setting() {
-    sed -i "/^${1}/d" "${dnsmasqconfig}"
+    removeKey "${dnsmasqconfig}" "${1}"
 }

 SetTemperatureUnit() {
-    change_setting "TEMPERATUREUNIT" "${unit}"
+    addOrEditKeyValPair "${setupVars}" "TEMPERATUREUNIT" "${unit}"
    echo -e "  ${TICK} Set temperature unit to ${unit}"
 }

@@ -124,7 +122,7 @@ SetWebPassword() {
        echo ""

        if [ "${PASSWORD}" == "" ]; then
-            change_setting "WEBPASSWORD" ""
+            addOrEditKeyValPair "${setupVars}" "WEBPASSWORD" ""
            echo -e "  ${TICK} Password Removed"
            exit 0
        fi
@@ -137,7 +135,7 @@ SetWebPassword() {
        # We do not wrap this in brackets, otherwise BASH will expand any appropriate syntax
        hash=$(HashPassword "$PASSWORD")
        # Save hash to file
-        change_setting "WEBPASSWORD" "${hash}"
+        addOrEditKeyValPair "${setupVars}" "WEBPASSWORD" "${hash}"
        echo -e "  ${TICK} New password set"
    else
        echo -e "  ${CROSS} Passwords don't match. Your password has not been changed"
@@ -148,7 +146,7 @@ SetWebPassword() {
 ProcessDNSSettings() {
    source "${setupVars}"

-    delete_dnsmasq_setting "server"
+    removeKey "${dnsmasqconfig}" "server"

    COUNTER=1
    while true ; do
@@ -156,34 +154,34 @@ ProcessDNSSettings() {
        if [ -z "${!var}" ]; then
            break;
        fi
-        add_dnsmasq_setting "server" "${!var}"
+        addKey "${dnsmasqconfig}" "server=${!var}"
        (( COUNTER++ ))
    done

    # The option LOCAL_DNS_PORT is deprecated
    # We apply it once more, and then convert it into the current format
    if [ -n "${LOCAL_DNS_PORT}" ]; then
-        add_dnsmasq_setting "server" "127.0.0.1#${LOCAL_DNS_PORT}"
-        add_setting "PIHOLE_DNS_${COUNTER}" "127.0.0.1#${LOCAL_DNS_PORT}"
-        delete_setting "LOCAL_DNS_PORT"
+        addOrEditKeyValPair "${dnsmasqconfig}" "server" "127.0.0.1#${LOCAL_DNS_PORT}"
+        addOrEditKeyValPair "${setupVars}" "PIHOLE_DNS_${COUNTER}" "127.0.0.1#${LOCAL_DNS_PORT}"
+        removeKey "${setupVars}" "LOCAL_DNS_PORT"
    fi

-    delete_dnsmasq_setting "domain-needed"
-    delete_dnsmasq_setting "expand-hosts"
+    removeKey "${dnsmasqconfig}" "domain-needed"
+    removeKey "${dnsmasqconfig}" "expand-hosts"

    if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
-        add_dnsmasq_setting "domain-needed"
-        add_dnsmasq_setting "expand-hosts"
+        addKey "${dnsmasqconfig}" "domain-needed"
+        addKey "${dnsmasqconfig}" "expand-hosts"
    fi

-    delete_dnsmasq_setting "bogus-priv"
+    removeKey "${dnsmasqconfig}" "bogus-priv"

    if [[ "${DNS_BOGUS_PRIV}" == true ]]; then
-        add_dnsmasq_setting "bogus-priv"
+        addKey "${dnsmasqconfig}" "bogus-priv"
    fi

-    delete_dnsmasq_setting "dnssec"
-    delete_dnsmasq_setting "trust-anchor="
+    removeKey "${dnsmasqconfig}" "dnssec"
+    removeKey "${dnsmasqconfig}" "trust-anchor"

    if [[ "${DNSSEC}" == true ]]; then
        echo "dnssec
@@ -191,24 +189,24 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
 " >> "${dnsmasqconfig}"
    fi

-    delete_dnsmasq_setting "host-record"
+    removeKey "${dnsmasqconfig}" "host-record"

    if [ -n "${HOSTRECORD}" ]; then
-        add_dnsmasq_setting "host-record" "${HOSTRECORD}"
+        addOrEditKeyValPair "${dnsmasqconfig}" "host-record" "${HOSTRECORD}"
    fi

    # Setup interface listening behavior of dnsmasq
-    delete_dnsmasq_setting "interface"
-    delete_dnsmasq_setting "local-service"
-    delete_dnsmasq_setting "except-interface"
-    delete_dnsmasq_setting "bind-interfaces"
+    removeKey "${dnsmasqconfig}" "interface"
+    removeKey "${dnsmasqconfig}" "local-service"
+    removeKey "${dnsmasqconfig}" "except-interface"
+    removeKey "${dnsmasqconfig}" "bind-interfaces"

    if [[ "${DNSMASQ_LISTENING}" == "all" ]]; then
        # Listen on all interfaces, permit all origins
-        add_dnsmasq_setting "except-interface" "nonexisting"
+        addOrEditKeyValPair "${dnsmasqconfig}" "except-interface" "nonexisting"
    elif [[ "${DNSMASQ_LISTENING}" == "local" ]]; then
        # Listen only on all interfaces, but only local subnets
-        add_dnsmasq_setting "local-service"
+        addKey "${dnsmasqconfig}" "local-service"
    else
        # Options "bind" and "single"
        # Listen only on one interface
@@ -217,30 +215,30 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
            PIHOLE_INTERFACE="eth0"
        fi

-        add_dnsmasq_setting "interface" "${PIHOLE_INTERFACE}"
+        addOrEditKeyValPair "${dnsmasqconfig}" "interface" "${PIHOLE_INTERFACE}"

        if [[ "${DNSMASQ_LISTENING}" == "bind" ]]; then
            # Really bind to interface
-            add_dnsmasq_setting "bind-interfaces"
+            addKey "${dnsmasqconfig}" "bind-interfaces"
        fi
    fi

    if [[ "${CONDITIONAL_FORWARDING}" == true ]]; then
        # Convert legacy "conditional forwarding" to rev-server configuration
        # Remove any existing REV_SERVER settings
-        delete_setting "REV_SERVER"
-        delete_setting "REV_SERVER_DOMAIN"
-        delete_setting "REV_SERVER_TARGET"
-        delete_setting "REV_SERVER_CIDR"
+        removeKey "${setupVars}" "REV_SERVER"
+        removeKey "${setupVars}" "REV_SERVER_DOMAIN"
+        removeKey "${setupVars}" "REV_SERVER_TARGET"
+        removeKey "${setupVars}" "REV_SERVER_CIDR"

        REV_SERVER=true
-        add_setting "REV_SERVER" "true"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "true"

        REV_SERVER_DOMAIN="${CONDITIONAL_FORWARDING_DOMAIN}"
-        add_setting "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}"

        REV_SERVER_TARGET="${CONDITIONAL_FORWARDING_IP}"
-        add_setting "REV_SERVER_TARGET" "${REV_SERVER_TARGET}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_TARGET" "${REV_SERVER_TARGET}"

        #Convert CONDITIONAL_FORWARDING_REVERSE if necessary e.g:
        #          1.1.168.192.in-addr.arpa to 192.168.1.1/32
@@ -267,28 +265,28 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
            # shellcheck disable=2001
            REV_SERVER_CIDR="$(sed "s+\\.[0-9]*$+\\.0/24+" <<< "${REV_SERVER_TARGET}")"
        fi
-        add_setting "REV_SERVER_CIDR" "${REV_SERVER_CIDR}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_CIDR" "${REV_SERVER_CIDR}"

        # Remove obsolete settings from setupVars.conf
-        delete_setting "CONDITIONAL_FORWARDING"
-        delete_setting "CONDITIONAL_FORWARDING_REVERSE"
-        delete_setting "CONDITIONAL_FORWARDING_DOMAIN"
-        delete_setting "CONDITIONAL_FORWARDING_IP"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_REVERSE"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_DOMAIN"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_IP"
    fi

-    delete_dnsmasq_setting "rev-server"
+    removeKey "${dnsmasqconfig}" "rev-server"

    if [[ "${REV_SERVER}" == true ]]; then
-        add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}"
+        addKey "${dnsmasqconfig}" "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}"
        if [ -n "${REV_SERVER_DOMAIN}" ]; then
            # Forward local domain names to the CF target, too
-            add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}"
+            addKey "${dnsmasqconfig}" "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}"
        fi

        if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then
            # Forward unqualified names to the CF target only when the "never
            # forward non-FQDN" option is unticked
-            add_dnsmasq_setting "server=//${REV_SERVER_TARGET}"
+            addKey "${dnsmasqconfig}" "server=//${REV_SERVER_TARGET}"
        fi

    fi
@@ -297,13 +295,13 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
    # changes in the non-FQDN forwarding. This cannot be done in 01-pihole.conf
    # as we don't want to delete all local=/.../ lines so it's much safer to
    # simply rewrite the entire corresponding config file (which is what the
-    # DHCP settings subroutie is doing)
+    # DHCP settings subroutine is doing)
    ProcessDHCPSettings
 }

 SetDNSServers() {
    # Save setting to file
-    delete_setting "PIHOLE_DNS"
+    removeKey "${setupVars}" "PIHOLE_DNS"
    IFS=',' read -r -a array <<< "${args[2]}"
    for index in "${!array[@]}"
    do
@@ -312,7 +310,7 @@ SetDNSServers() {
        ip="${array[index]//\\#/#}"

        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
-            add_setting "PIHOLE_DNS_$((index+1))" "${ip}"
+            addOrEditKeyValPair "${setupVars}" "PIHOLE_DNS_$((index+1))" "${ip}"
        else
            echo -e "  ${CROSS} Invalid IP has been passed"
            exit 1
@@ -320,30 +318,30 @@ SetDNSServers() {
    done

    if [[ "${args[3]}" == "domain-needed" ]]; then
-        change_setting "DNS_FQDN_REQUIRED" "true"
+        addOrEditKeyValPair "${setupVars}" "DNS_FQDN_REQUIRED" "true"
    else
-        change_setting "DNS_FQDN_REQUIRED" "false"
+        addOrEditKeyValPair "${setupVars}" "DNS_FQDN_REQUIRED" "false"
    fi

    if [[ "${args[4]}" == "bogus-priv" ]]; then
-        change_setting "DNS_BOGUS_PRIV" "true"
+        addOrEditKeyValPair "${setupVars}" "DNS_BOGUS_PRIV" "true"
    else
-        change_setting "DNS_BOGUS_PRIV" "false"
+        addOrEditKeyValPair "${setupVars}" "DNS_BOGUS_PRIV" "false"
    fi

    if [[ "${args[5]}" == "dnssec" ]]; then
-        change_setting "DNSSEC" "true"
+        addOrEditKeyValPair "${setupVars}" "DNSSEC" "true"
    else
-        change_setting "DNSSEC" "false"
+        addOrEditKeyValPair "${setupVars}" "DNSSEC" "false"
    fi

    if [[ "${args[6]}" == "rev-server" ]]; then
-        change_setting "REV_SERVER" "true"
-        change_setting "REV_SERVER_CIDR" "${args[7]}"
-        change_setting "REV_SERVER_TARGET" "${args[8]}"
-        change_setting "REV_SERVER_DOMAIN" "${args[9]}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "true"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_CIDR" "${args[7]}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_TARGET" "${args[8]}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_DOMAIN" "${args[9]}"
    else
-        change_setting "REV_SERVER" "false"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "false"
    fi

    ProcessDNSSettings
@@ -353,11 +351,11 @@ SetDNSServers() {
 }

 SetExcludeDomains() {
-    change_setting "API_EXCLUDE_DOMAINS" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "API_EXCLUDE_DOMAINS" "${args[2]}"
 }

 SetExcludeClients() {
-    change_setting "API_EXCLUDE_CLIENTS" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "API_EXCLUDE_CLIENTS" "${args[2]}"
 }

 Poweroff(){
@@ -373,7 +371,7 @@ RestartDNS() {
 }

 SetQueryLogOptions() {
-    change_setting "API_QUERY_LOG_SHOW" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "API_QUERY_LOG_SHOW" "${args[2]}"
 }

 ProcessDHCPSettings() {
@@ -389,19 +387,19 @@ ProcessDHCPSettings() {

        if [[ "${PIHOLE_DOMAIN}" == "" ]]; then
            PIHOLE_DOMAIN="lan"
-            change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
+            addOrEditKeyValPair "${setupVars}" "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
        fi

        if [[ "${DHCP_LEASETIME}" == "0" ]]; then
            leasetime="infinite"
        elif [[ "${DHCP_LEASETIME}" == "" ]]; then
            leasetime="24"
-            change_setting "DHCP_LEASETIME" "${leasetime}"
+            addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${leasetime}"
        elif [[ "${DHCP_LEASETIME}" == "24h" ]]; then
            #Installation is affected by known bug, introduced in a previous version.
            #This will automatically clean up setupVars.conf and remove the unnecessary "h"
            leasetime="24"
-            change_setting "DHCP_LEASETIME" "${leasetime}"
+            addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${leasetime}"
        else
            leasetime="${DHCP_LEASETIME}h"
        fi
@@ -441,8 +439,8 @@ dhcp-leasefile=/etc/pihole/dhcp.leases
            echo "#quiet-dhcp6
 #enable-ra
 dhcp-option=option6:dns-server,[::]
-dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600
-ra-param=*,0,0
+dhcp-range=::,constructor:${interface},ra-names,ra-stateless,64
+
 " >> "${dhcpconfig}"
        fi

@@ -454,24 +452,24 @@ ra-param=*,0,0
 }

 EnableDHCP() {
-    change_setting "DHCP_ACTIVE" "true"
-    change_setting "DHCP_START" "${args[2]}"
-    change_setting "DHCP_END" "${args[3]}"
-    change_setting "DHCP_ROUTER" "${args[4]}"
-    change_setting "DHCP_LEASETIME" "${args[5]}"
-    change_setting "PIHOLE_DOMAIN" "${args[6]}"
-    change_setting "DHCP_IPv6" "${args[7]}"
-    change_setting "DHCP_rapid_commit" "${args[8]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_ACTIVE" "true"
+    addOrEditKeyValPair "${setupVars}" "DHCP_START" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_END" "${args[3]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_ROUTER" "${args[4]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${args[5]}"
+    addOrEditKeyValPair "${setupVars}" "PIHOLE_DOMAIN" "${args[6]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_IPv6" "${args[7]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_rapid_commit" "${args[8]}"

    # Remove possible old setting from file
-    delete_dnsmasq_setting "dhcp-"
-    delete_dnsmasq_setting "quiet-dhcp"
+    removeKey "${dnsmasqconfig}" "dhcp-"
+    removeKey "${dnsmasqconfig}" "quiet-dhcp"

    # If a DHCP client claims that its name is "wpad", ignore that.
    # This fixes a security hole. see CERT Vulnerability VU#598349
    # We also ignore "localhost" as Windows behaves strangely if a
    # device claims this host name
-    add_dnsmasq_setting "dhcp-name-match=set:hostname-ignore,wpad
+    addKey "${dnsmasqconfig}" "dhcp-name-match=set:hostname-ignore,wpad
 dhcp-name-match=set:hostname-ignore,localhost
 dhcp-ignore-names=tag:hostname-ignore"

@@ -481,11 +479,11 @@ dhcp-ignore-names=tag:hostname-ignore"
 }

 DisableDHCP() {
-    change_setting "DHCP_ACTIVE" "false"
+    addOrEditKeyValPair "${setupVars}" "DHCP_ACTIVE" "false"

    # Remove possible old setting from file
-    delete_dnsmasq_setting "dhcp-"
-    delete_dnsmasq_setting "quiet-dhcp"
+    removeKey "${dnsmasqconfig}" "dhcp-"
+    removeKey "${dnsmasqconfig}" "quiet-dhcp"

    ProcessDHCPSettings

@@ -493,11 +491,11 @@ DisableDHCP() {
 }

 SetWebUILayout() {
-    change_setting "WEBUIBOXEDLAYOUT" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "WEBUIBOXEDLAYOUT" "${args[2]}"
 }

 SetWebUITheme() {
-    change_setting "WEBTHEME" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "WEBTHEME" "${args[2]}"
 }

 CheckUrl(){
@@ -569,37 +567,6 @@ RemoveDHCPStaticAddress() {

 }

-SetAdminEmail() {
-    if [[ "${1}" == "-h" ]] || [[ "${1}" == "--help" ]]; then
-        echo "Usage: pihole -a email <address>
-Example: 'pihole -a email admin@address.com'
-Set an administrative contact address for the Block Page
-
-Options:
-  \"\"                  Empty: Remove admin contact
-  -h, --help          Show this help dialog"
-        exit 0
-    fi
-
-    if [[ -n "${args[2]}" ]]; then
-
-        # Sanitize email address in case of security issues
-        # Regex from https://stackoverflow.com/a/2138832/4065967
-        local regex
-        regex="^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\$"
-        if [[ ! "${args[2]}" =~ ${regex} ]]; then
-            echo -e "  ${CROSS} Invalid email address"
-            exit 0
-        fi
-
-        change_setting "ADMIN_EMAIL" "${args[2]}"
-        echo -e "  ${TICK} Setting admin contact to ${args[2]}"
-    else
-        change_setting "ADMIN_EMAIL" ""
-        echo -e "  ${TICK} Removing admin contact"
-    fi
-}
-
 SetListeningMode() {
    source "${setupVars}"

@@ -619,16 +586,16 @@ Interfaces:

    if [[ "${args[2]}" == "all" ]]; then
        echo -e "  ${INFO} Listening on all interfaces, permitting all origins. Please use a firewall!"
-        change_setting "DNSMASQ_LISTENING" "all"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "all"
    elif [[ "${args[2]}" == "local" ]]; then
        echo -e "  ${INFO} Listening on all interfaces, permitting origins from one hop away (LAN)"
-        change_setting "DNSMASQ_LISTENING" "local"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "local"
    elif [[ "${args[2]}" == "bind" ]]; then
        echo -e "  ${INFO} Binding on interface ${PIHOLE_INTERFACE}"
-        change_setting "DNSMASQ_LISTENING" "bind"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "bind"
    else
        echo -e "  ${INFO} Listening only on interface ${PIHOLE_INTERFACE}"
-        change_setting "DNSMASQ_LISTENING" "single"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "single"
    fi

    # Don't restart DNS server yet because other settings
@@ -651,7 +618,8 @@ Teleporter() {
        host="${host//./_}"
        filename="pi-hole-${host:-noname}-teleporter_${datetimestamp}.tar.gz"
    fi
-    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "${filename}"
+    # webroot is sourced from basic-install above
+    php "${webroot}/admin/scripts/pi-hole/php/teleporter.php" > "${filename}"
 }

 checkDomain()
@@ -698,7 +666,7 @@ clearAudit()
 SetPrivacyLevel() {
    # Set privacy level. Minimum is 0, maximum is 3
    if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then
-        changeFTLsetting "PRIVACYLEVEL" "${args[2]}"
+        addOrEditKeyValPair "${FTLconf}" "PRIVACYLEVEL" "${args[2]}"
        pihole restartdns reload-lists
    fi
 }
@@ -808,6 +776,23 @@ RemoveCustomCNAMERecord() {
    fi
 }

+SetRateLimit() {
+    local rate_limit_count rate_limit_interval reload
+    rate_limit_count="${args[2]}"
+    rate_limit_interval="${args[3]}"
+    reload="${args[4]}"
+
+    # Set rate-limit setting inf valid
+    if [ "${rate_limit_count}" -ge 0 ] && [ "${rate_limit_interval}" -ge 0 ]; then
+        addOrEditKeyValPair "${FTLconf}" "RATE_LIMIT" "${rate_limit_count}/${rate_limit_interval}"
+    fi
+
+    # Restart FTL to update rate-limit settings only if $reload not false
+    if [[ ! $reload == "false" ]]; then
+        RestartDNS
+    fi
+}
+
 main() {
    args=("$@")

@@ -830,7 +815,6 @@ main() {
        "-h" | "--help"       ) helpFunc;;
        "addstaticdhcp"       ) AddDHCPStaticAddress;;
        "removestaticdhcp"    ) RemoveDHCPStaticAddress;;
-        "-e" | "email"        ) SetAdminEmail "$3";;
        "-i" | "interface"    ) SetListeningMode "$@";;
        "-t" | "teleporter"   ) Teleporter;;
        "adlist"              ) CustomizeAdLists;;
@@ -841,6 +825,7 @@ main() {
        "removecustomdns"     ) RemoveCustomDNSAddress;;
        "addcustomcname"      ) AddCustomCNAMERecord;;
        "removecustomcname"   ) RemoveCustomCNAMERecord;;
+        "ratelimit"           ) SetRateLimit;;
        *                     ) helpFunc;;
    esac

--- a/advanced/Templates/logrotate
+++ b/advanced/Templates/logrotate
@@ -1,4 +1,4 @@
-/var/log/pihole.log {
+/var/log/pihole/pihole.log {
 	# su #
 	daily
 	copytruncate
@@ -9,7 +9,7 @@
 	nomail
 }

-/var/log/pihole-FTL.log {
+/var/log/pihole/FTL.log {
 	# su #
 	weekly
 	copytruncate
--- a/advanced/Templates/pihole-FTL.service
+++ b/advanced/Templates/pihole-FTL.service
@@ -9,8 +9,17 @@
 # Description:       Enable service provided by pihole-FTL daemon
 ### END INIT INFO

+#source utils.sh for getFTLPIDFile(), getFTLPID (), getFTLAPIPortFile()
+PI_HOLE_SCRIPT_DIR="/opt/pihole"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+. "${utilsfile}"
+
+
 is_running() {
-  pgrep -xo "pihole-FTL" > /dev/null
+  if [ -d "/proc/${FTL_PID}" ]; then
+    return 0
+  fi
+  return 1
 }


@@ -20,22 +29,39 @@ start() {
    echo "pihole-FTL is already running"
  else
    # Touch files to ensure they exist (create if non-existing, preserve if existing)
-    mkdir -pm 0755 /run/pihole
-    touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
+    mkdir -pm 0755 /run/pihole /var/log/pihole
+    [ ! -f "${FTL_PID_FILE}" ] && install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
+    [ ! -f "${FTL_PORT_FILE}" ] && install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}"
+    [ ! -f /var/log/pihole/FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
+    [ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
+    [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
    # Ensure that permissions are set so that pihole-FTL can edit all necessary files
-    chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole
-    chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
+    chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
    # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
-    chmod -f 0644 /etc/pihole/macvendor.db
+    chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/FTL.log
+    chmod -f 0640 /var/log/pihole/pihole.log
    # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
    chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
    # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
    chmod -f 0664 /etc/pihole/pihole-FTL.db
+
+    # Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/
+    # Should be removed with Pi-hole v6.0
+    if [ ! -f /var/log/pihole.log ]; then
+        ln -s /var/log/pihole/pihole.log /var/log/pihole.log
+        chown -h pihole:pihole /var/log/pihole.log
+
+    fi
+    if [ ! -f /var/log/pihole-FTL.log ]; then
+        ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log
+        chown -h pihole:pihole /var/log/pihole-FTL.log
+    fi
+
    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
-      su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
+      su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole || exit $?
    else
      echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
-      /usr/bin/pihole-FTL
+      /usr/bin/pihole-FTL || exit $?
    fi
    echo
  fi
@@ -44,7 +70,7 @@ start() {
 # Stop the service
 stop() {
  if is_running; then
-    pkill -xo "pihole-FTL"
+    kill "${FTL_PID}"
    for i in 1 2 3 4 5; do
      if ! is_running; then
        break
@@ -57,8 +83,7 @@ stop() {

    if is_running; then
      echo "Not stopped; may still be shutting down or shutdown may have failed, killing now"
-      pkill -xo -9 "pihole-FTL"
-      exit 1
+      kill -9 "${FTL_PID}"
    else
      echo "Stopped"
    fi
@@ -66,7 +91,7 @@ stop() {
    echo "Not running"
  fi
  # Cleanup
-  rm -f /run/pihole/FTL.sock /dev/shm/FTL-*
+  rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}" "${FTL_PORT_FILE}"
  echo
 }

@@ -83,6 +108,14 @@ status() {


 ### main logic ###
+
+# Get file paths
+FTL_PID_FILE="$(getFTLPIDFile)"
+FTL_PORT_FILE="$(getFTLAPIPortFile)"
+
+# Get FTL's current PID
+FTL_PID="$(getFTLPID ${FTL_PID_FILE})"
+
 case "$1" in
  stop)
        stop
--- a/advanced/Templates/pihole.cron
+++ b/advanced/Templates/pihole.cron
@@ -18,7 +18,7 @@
 #          early morning. Download any updates from the adlists
 #          Squash output to log, then splat the log to stdout on error to allow for
 #          standard crontab job error handling.
-59 1    * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
+59 1    * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole/pihole_updateGravity.log || cat /var/log/pihole/pihole_updateGravity.log

 # Pi-hole: Flush the log daily at 00:00
 #          The flush script will use logrotate if available
--- a/advanced/bash-completion/pihole
+++ b/advanced/bash-completion/pihole
@@ -15,7 +15,7 @@ _pihole() {
 			COMPREPLY=( $(compgen -W "${opts_lists}" -- ${cur}) )
 		;;
 		"admin")
-			opts_admin="celsius email fahrenheit interface kelvin password privacylevel"
+			opts_admin="celsius fahrenheit interface kelvin password privacylevel"
 			COMPREPLY=( $(compgen -W "${opts_admin}" -- ${cur}) )
 		;;
 		"checkout")
--- a/advanced/blockingpage.css
+++ b/advanced/blockingpage.css
@@ -1,455 +0,0 @@
-/* Pi-hole: A black hole for Internet advertisements
-*  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-*  Network-wide ad blocking via your own hardware.
-*
-*  This file is copyright under the latest version of the EUPL.
-*  Please see LICENSE file for your rights under this license. */
-
-/* Text Customisation Options ======> */
-.title::before { content: "Website Blocked"; }
-.altBtn::before { content: "Why am I here?"; }
-.linkPH::before { content: "About Pi-hole"; }
-.linkEmail::before { content: "Contact Admin"; }
-
-#bpOutput.add::before { content: "Info"; }
-#bpOutput.add::after { content: "The domain is being whitelisted..."; }
-#bpOutput.error::before, .unhandled::before { content: "Error"; }
-#bpOutput.unhandled::after { content: "An unhandled exception occurred. This may happen when your browser is unable to load jQuery, or when the webserver is denying access to the Pi-hole API."; }
-#bpOutput.success::before { content: "Success"; }
-#bpOutput.success::after { content: "Website has been whitelisted! You may need to flush your DNS cache"; }
-
-.recentwl::before { content: "This site has been whitelisted. Please flush your DNS cache and/or restart your browser."; }
-.unknown::before { content: "This website is not found in any of Pi-hole's blacklists. The reason you have arrived here is unknown."; }
-.cname::before { content: "This site is an alias for "; } /* <a href="http://cname.com">cname.com</a> */
-.cname::after { content: ", which may be blocked by Pi-hole."; }
-
-.blacklist::before { content: "Manually Blacklisted"; }
-.wildcard::before { content: "Manually Blacklisted by Wildcard"; }
-.noblock::before { content: "Not found on any Blacklist"; }
-
-#bpBlock::before { content: "Access to the following website has been denied:"; }
-#bpFlag::before { content: "This is primarily due to being flagged as:"; }
-
-#bpHelpTxt::before { content: "If you have an ongoing use for this website, please "; }
-#bpHelpTxt a::before, #bpHelpTxt span::before { content: "ask the administrator"; }
-#bpHelpTxt::after{ content: " of the Pi-hole on this network to have it whitelisted"; }
-
-#bpBack::before { content: "Back to safety"; }
-#bpInfo::before { content: "Technical Info"; }
-#bpFoundIn::before { content: "This site is found in "; }
-#bpFoundIn span::after { content: " of "; }
-#bpFoundIn::after { content: " lists:"; }
-#bpWhitelist::before { content: "Whitelist"; }
-
-footer span::before { content: "Page generated on "; }
-
-/* Hide whitelisting form entirely */
-/* #bpWLButtons { display: none; } */
-
-/* Text Customisation Options <=============================== */
-
-/* http://necolas.github.io/normalize.css ======> */
-html { font-family: sans-serif; line-height: 1.15; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; }
-body { margin: 0; }
-article, aside, footer, header, nav, section { display: block; }
-h1 { font-size: 2em; margin: 0.67em 0; }
-figcaption, figure, main { display: block; }
-figure { margin: 1em 40px; }
-hr { box-sizing: content-box; height: 0; overflow: visible; }
-pre { font-family: monospace, monospace; font-size: 1em; }
-a { background-color: transparent; -webkit-text-decoration-skip: objects; }
-a:active, a:hover { outline-width: 0; }
-abbr[title] { border-bottom: none; text-decoration: underline; text-decoration: underline dotted; }
-b, strong { font-weight: inherit; }
-b, strong { font-weight: bolder; }
-code, kbd, samp { font-family: monospace, monospace; font-size: 1em; }
-dfn { font-style: italic; }
-mark { background-color: #ff0; color: #000; }
-small { font-size: 80%; }
-sub, sup { font-size: 75%; line-height: 0; position: relative; vertical-align: baseline; }
-sub { bottom: -0.25em; }
-sup { top: -0.5em; }
-audio, video { display: inline-block; }
-audio:not([controls]) { display: none; height: 0; }
-img { border-style: none; }
-svg:not(:root) { overflow: hidden; }
-button, input, optgroup, select, textarea { font-family: sans-serif; font-size: 100%; line-height: 1.15; margin: 0; }
-button, input { overflow: visible; }
-button, select { text-transform: none; }
-button, html [type="button"], [type="reset"], [type="submit"] { -webkit-appearance: button; }
-button::-moz-focus-inner, [type="button"]::-moz-focus-inner, [type="reset"]::-moz-focus-inner, [type="submit"]::-moz-focus-inner { border-style: none; padding: 0; }
-button:-moz-focusring, [type="button"]:-moz-focusring, [type="reset"]:-moz-focusring, [type="submit"]:-moz-focusring { outline: 1px dotted ButtonText; }
-fieldset { border: 1px solid #c0c0c0; margin: 0 2px; padding: 0.35em 0.625em 0.75em; }
-legend { box-sizing: border-box; color: inherit; display: table; max-width: 100%; padding: 0; white-space: normal; }
-progress { display: inline-block; vertical-align: baseline; }
-textarea { overflow: auto; }
-[type="checkbox"], [type="radio"] { box-sizing: border-box; padding: 0; }
-[type="number"]::-webkit-inner-spin-button, [type="number"]::-webkit-outer-spin-button { height: auto; }
-[type="search"] { -webkit-appearance: textfield; outline-offset: -2px; }
-[type="search"]::-webkit-search-cancel-button, [type="search"]::-webkit-search-decoration { -webkit-appearance: none; }
-::-webkit-file-upload-button { -webkit-appearance: button; font: inherit; }
-details, menu { display: block; }
-summary { display: list-item; }
-canvas { display: inline-block; }
-template { display: none; }
-[hidden] { display: none; }
-/* Normalize.css <=============================== */
-
-html { font-size: 62.5%; }
-
-a { color: #3c8dbc; text-decoration: none; }
-a:hover { color: #72afda; text-decoration: underline; }
-b { color: rgb(68, 68, 68); }
-p { margin: 0; }
-
-label, .buttons a {
-  -webkit-user-select: none;
-  -moz-user-select: none;
-  -ms-user-select: none;
-  user-select: none;
-}
-
-label, .buttons *:not([disabled]) { cursor: pointer; }
-
-/* Touch device dark tap highlight */
-header h1 a, label, .buttons * { -webkit-tap-highlight-color: transparent; }
-
-/* Webkit Focus Glow */
-textarea, input, button { outline: none; }
-
-@font-face {
-  font-family: "Source Sans Pro";
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local("Source Sans Pro Regular"), local("SourceSansPro-Regular"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff2") format("woff2"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff") format("woff");
-}
-
-@font-face {
-  font-family: "Source Sans Pro";
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local("Source Sans Pro Bold"), local("SourceSansPro-Bold"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff2") format("woff2"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff") format("woff");
-}
-
-body {
-  background: #dbdbdb url("/admin/img/boxed-bg.jpg") repeat fixed;
-  color: #333;
-  font: 1.4rem "Source Sans Pro", "Helvetica Neue", Helvetica, Arial, sans-serif;
-  line-height: 2.2rem;
-}
-
-/* User is greeted with a splash page when browsing to Pi-hole IP address */
-#splashpage {
-  background: #222;
-  color: rgba(255, 255, 255, 0.7);
-  text-align: center;
-  width: 100%;
-  height: 100%;
-  display: flex;
-  align-items: center;
-  justify-content: center;
-}
-
-#splashpage img { margin: 5px; width: 256px; }
-#splashpage b { color: inherit; }
-
-#bpWrapper {
-  margin: 0 auto;
-  max-width: 1250px;
-  box-shadow: 0 0 8px rgba(0, 0, 0, 0.5);
-}
-
-header {
-  background: #3c8dbc;
-  display: table;
-  position: relative;
-  width: 100%;
-}
-
-header h1, header h1 a, header .spc, header #bpAlt label {
-  display: table-cell;
-  color: #fff;
-  white-space: nowrap;
-  vertical-align: middle;
-  height: 50px; /* Must match #bpAbout top value */
-}
-
-h1 a {
-  background-color: rgba(0, 0, 0, 0.1);
-  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
-  font-size: 2rem;
-  font-weight: 400;
-  min-width: 230px;
-  text-align: center;
-}
-
-h1 a:hover, header #bpAlt:hover { background-color: rgba(0, 0, 0, 0.12); color: inherit; text-decoration: none; }
-
-header .spc { width: 100%; }
-
-header #bpAlt label {
-  background: url("/admin/img/logo.svg") no-repeat center left 15px;
-  background-size: 15px 23px;
-  padding: 0 15px;
-  text-indent: 30px;
-}
-
-[type="checkbox"][id$="Toggle"] { display: none; }
-[type="checkbox"][id$="Toggle"]:checked ~ #bpAbout,
-[type="checkbox"][id$="Toggle"]:checked ~ #bpMoreInfo {
-  display: block;
-}
-
-html, body {
-    height: 100%;
-}
-
-#pihole_card {
-    width: 400px;
-    height: auto;
-    max-width: 400px;
-}
-
-    #pihole_card p, #pihole_card a {
-        font-size: 13pt;
-        text-align: center;
-    }
-
-#pihole_logo_splash {
-    height: auto;
-    width: 100%;
-}
-
-/* Click anywhere else on screen to hide #bpAbout */
-#bpAboutToggle:checked {
-  display: block;
-  height: 300px; /* VH Fallback */
-  height: 100vh;
-  left: 0;
-  top: 0;
-  opacity: 0;
-  position: absolute;
-  width: 100%;
-}
-
-#bpAbout {
-  background: #3c8dbc;
-  border-bottom-left-radius: 5px;
-  border: 1px solid #fff;
-  border-right-width: 0;
-  box-shadow: -1px 1px 1px rgba(0, 0, 0, 0.12);
-  box-sizing: border-box;
-  display: none;
-  font-size: 1.7rem;
-  top: 50px;
-  position: absolute;
-  right: 0;
-  width: 280px;
-  z-index: 1;
-}
-
-.aboutPH {
-  box-sizing: border-box;
-  color: rgba(255, 255, 255, 0.8);
-  display: block;
-  padding: 10px;
-  width: 100%;
-  text-align: center;
-}
-
-.aboutImg {
-  background: url("/admin/img/logo.svg") no-repeat center;
-  background-size: 90px 90px;
-  height: 90px;
-  margin: 0 auto;
-  padding: 2px;
-  width: 90px;
-}
-
-.aboutPH p { margin: 10px 0; }
-.aboutPH small { display: block; font-size: 1.2rem; }
-
-.aboutLink {
-  background: #fff;
-  border-top: 1px solid #ddd;
-  display: table;
-  font-size: 1.4rem;
-  text-align: center;
-  width: 100%;
-}
-
-.aboutLink a {
-  display: table-cell;
-  padding: 14px;
-  min-width: 50%;
-}
-
-main {
-  background: #ecf0f5;
-  font-size: 1.65rem;
-  padding: 10px;
-}
-
-#bpOutput {
-  background: #00c0ef;
-  border-radius: 3px;
-  border: 1px solid rgba(0, 0, 0, 0.1);
-  color: #fff;
-  font-size: 1.4rem;
-  margin-bottom: 10px;
-  margin-top: 5px;
-  padding: 15px;
-}
-
-#bpOutput::before {
-  background: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='7' height='14' viewBox='0 0 7 14'%3E%3Cpath fill='%23fff' d='M6 11a1.371 1.371 0 011 1v1a1.371 1.371 0 01-1 1H1a1.371 1.371 0 01-1-1v-1a1.371 1.371 0 011-1h1V8H1a1.371 1.371 0 01-1-1V6a1.371 1.371 0 011-1h3a1.371 1.371 0 011 1v5h1zM3.5 0A1.5 1.5 0 112 1.5 1.5 1.5 0 013.5 0z'/%3E%3C/svg%3E") no-repeat center left;
-  display: block;
-  font-size: 1.8rem;
-  text-indent: 15px;
-}
-
-#bpOutput.hidden { display: none; }
-#bpOutput.success { background: #00a65a; }
-#bpOutput.error { background: #dd4b39; }
-
-.blockMsg, .flagMsg {
-  font: 700 1.8rem Consolas, Courier, monospace;
-  padding: 5px 10px 10px;
-  text-indent: 15px;
-}
-
-#bpHelpTxt { padding-bottom: 10px; }
-
-.buttons {
-  border-spacing: 5px 0;
-  display: table;
-  width: 100%;
-}
-
-.buttons * {
-  -moz-appearance: none;
-  -webkit-appearance: none;
-  border-radius: 3px;
-  border: 1px solid rgba(0, 0, 0, 0.1);
-  box-sizing: content-box;
-  display: table-cell;
-  font-size: 1.65rem;
-  margin-right: 5px;
-  min-height: 20px;
-  padding: 6px 12px;
-  position: relative;
-  text-align: center;
-  vertical-align: top;
-  white-space: nowrap;
-  width: auto;
-}
-
-.buttons a:hover { text-decoration: none; }
-
-/* Button hover dark overlay */
-.buttons *:not(input):not([disabled]):hover {
-  background-image: linear-gradient(to bottom, rgba(0, 0, 0, 0.1), rgba(0, 0, 0, 0.1));
-  color: #fff;
-}
-
-/* Button active shadow inset */
-.buttons *:not([disabled]):not(input):active {
-  box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125);
-}
-
-/* Input border color */
-.buttons *:not([disabled]):hover, .buttons input:focus {
-  border-color: rgba(0, 0, 0, 0.25);
-}
-
-#bpButtons *  { width: 50%; color: #fff; }
-#bpBack       { background-color: #00a65a; }
-#bpInfo       { background-color: #3c8dbc; }
-#bpWhitelist  { background-color: #dd4b39; }
-
-#blockpage .buttons [type="password"][disabled] { color: rgba(0, 0, 0, 1); }
-#blockpage .buttons [disabled] { color: rgba(0, 0, 0, 0.55); background-color: #e3e3e3; }
-#blockpage .buttons [type="password"]:-ms-input-placeholder { color: rgba(51, 51, 51, 0.8); }
-
-input[type="password"] { font-size: 1.5rem; }
-
-@-webkit-keyframes slidein { from { max-height: 0; opacity: 0; } to { max-height: 300px; opacity: 1; } }
-
-@keyframes slidein { from { max-height: 0; opacity: 0; } to { max-height: 300px; opacity: 1; } }
-#bpMoreToggle:checked ~ #bpMoreInfo { display: block; margin-top: 8px; -webkit-animation: slidein 0.05s linear; animation: slidein 0.05s linear; }
-#bpMoreInfo { display: none; margin-top: 10px; }
-
-#bpQueryOutput {
-  font-size: 1.2rem;
-  line-height: 1.65rem;
-  margin: 5px 0 0;
-  overflow: auto;
-  padding: 0 5px;
-  -webkit-overflow-scrolling: touch;
-}
-
-#bpQueryOutput span { margin-right: 4px; }
-
-#bpWLButtons { width: auto; margin-top: 10px; }
-#bpWLButtons * { display: inline-block; }
-#bpWLDomain { display: none; }
-#bpWLPassword { width: 160px; }
-#bpWhitelist { color: #fff; }
-
-footer {
-  background: #fff;
-  border-top: 1px solid #d2d6de;
-  color: #444;
-  font: 1.2rem Consolas, Courier, monospace;
-  padding: 8px;
-}
-
-/* Responsive Content */
-@media only screen and (max-width: 500px) {
-  h1 a {
-        font-size: 1.8rem;
-        min-width: 170px;
-    }
-
-    footer span::before {
-        content: "Generated ";
-    }
-
-    footer span {
-        display: block;
-    }
-}
-
-@media only screen and (min-width: 1251px) {
-  #bpWrapper, footer {
-        border-radius: 0 0 5px 5px;
-    }
-
-    #bpAbout {
-        border-right-width: 1px;
-    }
-}
-
-@media only screen and (max-width: 400px) {
-    #pihole_card {
-        width: 100%;
-        height: auto;
-    }
-
-        #pihole_card p, #pihole_card a {
-            font-size: 100%;
-        }
-}
-
-@media only screen and (max-width: 256px) {
-    #pihole_logo_splash {
-        width: 90% !important;
-        height: auto;
-    }
-}
--- a/advanced/cmdline.txt
+++ b/advanced/cmdline.txt
@@ -1 +0,0 @@
-dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fbcon=map:10 fbcon=font:VGA8x8 consoleblank=0
--- a/advanced/console-setup
+++ b/advanced/console-setup
@@ -1,17 +0,0 @@
-# CONFIGURATION FILE FOR SETUPCON
-
-# Consult the console-setup(5) manual page.
-
-ACTIVE_CONSOLES="/dev/tty[1-6]"
-
-CHARMAP="UTF-8"
-
-# For best results with the Adafruit 2.8 LCD and Pi-hole's chronometer
-CODESET="guess"
-FONTFACE="Terminus"
-FONTSIZE="10x20"
-
-VIDEOMODE=
-
-# The following is an example how to use a braille font
-# FONT='lat9w-08.psf.gz brl-8x8.psf'
--- a/advanced/dnsmasq.conf.original
+++ b/advanced/dnsmasq.conf.original
@@ -507,7 +507,7 @@
 # (using /etc/hosts) then that name can be specified as the
 # tftp_servername (the third option to dhcp-boot) and in that
 # case dnsmasq resolves this name and returns the resultant IP
-# addresses in round robin fasion. This facility can be used to
+# addresses in round robin fashion. This facility can be used to
 # load balance the tftp load among a set of servers.
 #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name

--- a/advanced/index.php
+++ b/advanced/index.php
@@ -11,15 +11,6 @@ $serverName = htmlspecialchars($_SERVER["SERVER_NAME"]);
 // Remove external ipv6 brackets if any
 $serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);

-if (!is_file("/etc/pihole/setupVars.conf"))
-  die("[ERROR] File not found: <code>/etc/pihole/setupVars.conf</code>");
-
-// Get values from setupVars.conf
-$setupVars = parse_ini_file("/etc/pihole/setupVars.conf");
-$svPasswd = !empty($setupVars["WEBPASSWORD"]);
-$svEmail = (!empty($setupVars["ADMIN_EMAIL"]) && filter_var($setupVars["ADMIN_EMAIL"], FILTER_VALIDATE_EMAIL)) ? $setupVars["ADMIN_EMAIL"] : "";
-unset($setupVars);
-
 // Set landing page location, found within /var/www/html/
 $landPage = "../landing.php";

@@ -34,21 +25,6 @@ if (!empty($_SERVER["FQDN"])) {
    array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]);
 }

-// Set which extension types render as Block Page (Including "" for index.ext)
-$validExtTypes = array("asp", "htm", "html", "php", "rss", "xml", "");
-
-// Get extension of current URL
-$currentUrlExt = pathinfo($_SERVER["REQUEST_URI"], PATHINFO_EXTENSION);
-
-// Set mobile friendly viewport
-$viewPort = '<meta name="viewport" content="width=device-width, initial-scale=1">';
-
-// Set response header
-function setHeader($type = "x") {
-    header("X-Pi-hole: A black hole for Internet advertisements.");
-    if (isset($type) && $type === "js") header("Content-Type: application/javascript");
-}
-
 // Determine block page type
 if ($serverName === "pi.hole"
    || (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) {
@@ -58,7 +34,7 @@ if ($serverName === "pi.hole"
    // When directly browsing via IP or authorized hostname
    // Render splash/landing page based off presence of $landPage file
    // Unset variables so as to not be included in $landPage or $splashPage
-    unset($svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt);
+    unset($authorizedHosts);
    // If $landPage file is present
    if (is_file(getcwd()."/$landPage")) {
        unset($serverName, $viewPort); // unset extra variables not to be included in $landpage
@@ -71,325 +47,34 @@ if ($serverName === "pi.hole"
    <html lang='en'>
        <head>
            <meta charset='utf-8'>
-            $viewPort
+            <meta name='viewport' content='width=device-width, initial-scale=1'>
            <title>● $serverName</title>
-            <link rel='stylesheet' href='/pihole/blockingpage.css'>
            <link rel='shortcut icon' href='/admin/img/favicons/favicon.ico' type='image/x-icon'>
+            <style>
+                html, body { height: 100% }
+                body { margin: 0; font: 13pt "Source Sans Pro", "Helvetica Neue", Helvetica, Arial, sans-serif; }
+                body { background: #222; color: rgba(255, 255, 255, 0.7); text-align: center; }
+                p { margin: 0; }
+                a { color: #3c8dbc; text-decoration: none; }
+                a:hover { color: #72afda; text-decoration: underline; }
+                #splashpage { display: flex; align-items: center; justify-content: center; }
+                #splashpage img { margin: 5px; width: 256px; }
+                #splashpage b { color: inherit; }
+            </style>
        </head>
        <body id='splashpage'>
-            <div id="pihole_card">
-              <img src='/admin/img/logo.svg' alt='Pi-hole logo' id="pihole_logo_splash" />
-              <p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
-              <a href='/admin'>Did you mean to go to the admin panel?</a>
+            <div>
+            <img src='/admin/img/logo.svg' alt='Pi-hole logo' width='256' height='377'>
+            <br>
+            <p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
+            <a href='/admin'>Did you mean to go to the admin panel?</a>
            </div>
        </body>
    </html>
 EOT;
    exit($splashPage);
-} elseif ($currentUrlExt === "js") {
-    // Serve Pi-hole JavaScript for blocked domains requesting JS
-    exit(setHeader("js").'var x = "Pi-hole: A black hole for Internet advertisements."');
-} elseif (strpos($_SERVER["REQUEST_URI"], "?") !== FALSE && isset($_SERVER["HTTP_REFERER"])) {
-    // Serve blank image upon receiving REQUEST_URI w/ query string & HTTP_REFERRER
-    // e.g: An iframe of a blocked domain
-    exit(setHeader().'<!doctype html>
-    <html lang="en">
-        <head>
-            <meta charset="utf-8"><script>window.close();</script>
-        </head>
-        <body>
-            <img src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=">
-        </body>
-    </html>');
-} elseif (!in_array($currentUrlExt, $validExtTypes) || substr_count($_SERVER["REQUEST_URI"], "?")) {
-    // Serve SVG upon receiving non $validExtTypes URL extension or query string
-    // e.g: Not an iframe of a blocked domain, such as when browsing to a file/query directly
-    // QoL addition: Allow the SVG to be clicked on in order to quickly show the full Block Page
-    $blockImg = '<a href="/">
-    <svg xmlns="http://www.w3.org/2000/svg" width="110" height="16">
-      <circle cx="8" cy="8" r="7" fill="none" stroke="rgba(152,2,2,.5)" stroke-width="2"/>
-      <path fill="rgba(152,2,2,.5)" d="M11.526 3.04l1.414 1.415-8.485 8.485-1.414-1.414z"/>
-      <text x="19.3" y="12" opacity=".3" style="font:11px Arial">
-        Blocked by Pi-hole
-      </text>
-    </svg>
-    </a>';
-    exit(setHeader()."<!doctype html>
-    <html lang='en'>
-        <head>
-            <meta charset='utf-8'>
-            $viewPort
-        </head>
-        <body>$blockImg</body>
-    </html>");
 }

-/* Start processing Block Page from here */
+exit(header("HTTP/1.1 404 Not Found"));

-// Define admin email address text based off $svEmail presence
-$bpAskAdmin = !empty($svEmail) ? '<a href="mailto:'.$svEmail.'?subject=Site Blocked: '.$serverName.'"></a>' : "<span/>";
-
-// Get possible non-standard location of FTL's database
-$FTLsettings = parse_ini_file("/etc/pihole/pihole-FTL.conf");
-if (isset($FTLsettings["GRAVITYDB"])) {
-    $gravityDBFile = $FTLsettings["GRAVITYDB"];
-} else {
-    $gravityDBFile = "/etc/pihole/gravity.db";
-}
-
-// Connect to gravity.db
-try {
-    $db = new SQLite3($gravityDBFile, SQLITE3_OPEN_READONLY);
-} catch (Exception $exception) {
-    die("[ERROR]: Failed to connect to gravity.db");
-}
-
-// Get all adlist addresses
-$adlistResults = $db->query("SELECT address FROM vw_adlist");
-$adlistsUrls = array();
-while ($row = $adlistResults->fetchArray()) {
-    array_push($adlistsUrls, $row[0]);
-}
-
-if (empty($adlistsUrls))
-    die("[ERROR]: There are no adlists enabled");
-
-// Get total number of blocklists (Including Whitelist, Blacklist & Wildcard lists)
-$adlistsCount = count($adlistsUrls) + 3;
-
-// Set query timeout
-ini_set("default_socket_timeout", 3);
-
-// Logic for querying blocklists
-function queryAds($serverName) {
-    // Determine the time it takes while querying adlists
-    $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
-    $queryAdsURL = sprintf(
-        "http://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp",
-        $_SERVER["SERVER_PORT"],
-        $serverName
-    );
-    $queryAds = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
-    $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds)));
-    $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime);
-
-    // Exception Handling
-    try {
-        // Define Exceptions
-        if (strpos($queryAds[0], "No exact results") !== FALSE) {
-            // Return "none" into $queryAds array
-            return array("0" => "none");
-        } else if ($queryTime >= ini_get("default_socket_timeout")) {
-            // Connection Timeout
-            throw new Exception ("Connection timeout (".ini_get("default_socket_timeout")."s)");
-        } elseif (!strpos($queryAds[0], ".") !== false) {
-            // Unknown $queryAds output
-            throw new Exception ("Unhandled error message (<code>$queryAds[0]</code>)");
-        }
-        return $queryAds;
-    } catch (Exception $e) {
-        // Return exception as array
-        return array("0" => "error", "1" => $e->getMessage());
-    }
-}
-
-// Get results of queryads.php exact search
-$queryAds = queryAds($serverName);
-
-// Pass error through to Block Page
-if ($queryAds[0] === "error")
-    die("[ERROR]: Unable to parse results from <i>queryads.php</i>: <code>".$queryAds[1]."</code>");
-
-// Count total number of matching blocklists
-$featuredTotal = count($queryAds);
-
-// Place results into key => value array
-$queryResults = null;
-foreach ($queryAds as $str) {
-    $value = explode(" ", $str);
-    @$queryResults[$value[0]] .= "$value[1]";
-}
-
-// Determine if domain has been blacklisted, whitelisted, wildcarded or CNAME blocked
-if (strpos($queryAds[0], "blacklist") !== FALSE) {
-    $notableFlagClass = "blacklist";
-    $adlistsUrls = array("π" => substr($queryAds[0], 2));
-} elseif (strpos($queryAds[0], "whitelist") !== FALSE) {
-    $notableFlagClass = "noblock";
-    $adlistsUrls = array("π" => substr($queryAds[0], 2));
-    $wlInfo = "recentwl";
-} elseif (strpos($queryAds[0], "wildcard") !== FALSE) {
-    $notableFlagClass = "wildcard";
-    $adlistsUrls = array("π" => substr($queryAds[0], 2));
-} elseif ($queryAds[0] === "none") {
-    $featuredTotal = "0";
-    $notableFlagClass = "noblock";
-
-    // QoL addition: Determine appropriate info message if CNAME exists
-    // Suggests to the user that $serverName has a CNAME (alias) that may be blocked
-    $dnsRecord = dns_get_record("$serverName")[0];
-    if (array_key_exists("target", $dnsRecord)) {
-        $wlInfo = $dnsRecord['target'];
-    } else {
-        $wlInfo = "unknown";
-    }
-}
-
-// Set #bpOutput notification
-$wlOutputClass = (isset($wlInfo) && $wlInfo === "recentwl") ? $wlInfo : "hidden";
-$wlOutput = (isset($wlInfo) && $wlInfo !== "recentwl") ? "<a href='http://$wlInfo'>$wlInfo</a>" : "";
-
-// Get Pi-hole Core version
-$phVersion = exec("cd /etc/.pihole/ && git describe --long --tags");
-
-// Print $execTime on development branches
-// Testing for - is marginally faster than "git rev-parse --abbrev-ref HEAD"
-if (explode("-", $phVersion)[1] != "0")
-  $execTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
-
-// Please Note: Text is added via CSS to allow an admin to provide a localized
-// language without the need to edit this file
-
-setHeader();
 ?>
-<!doctype html>
-<!-- Pi-hole: A black hole for Internet advertisements
-*  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-*  Network-wide ad blocking via your own hardware.
-*
-*  This file is copyright under the latest version of the EUPL. -->
-<html>
-<head>
-  <meta charset="utf-8">
-  <?=$viewPort ?>
-  <meta name="robots" content="noindex,nofollow">
-  <meta http-equiv="x-dns-prefetch-control" content="off">
-  <link rel="stylesheet" href="pihole/blockingpage.css">
-  <link rel="shortcut icon" href="admin/img/favicons/favicon.ico" type="image/x-icon">
-  <title>● <?=$serverName ?></title>
-  <script src="admin/scripts/vendor/jquery.min.js"></script>
-  <script>
-    window.onload = function () {
-      <?php
-      // Remove href fallback from "Back to safety" button
-      if ($featuredTotal > 0) {
-        echo '$("#bpBack").removeAttr("href");';
-
-        // Enable whitelisting if JS is available
-        echo '$("#bpWhitelist").prop("disabled", false);';
-
-        // Enable password input if necessary
-        if (!empty($svPasswd)) {
-          echo '$("#bpWLPassword").attr("placeholder", "Password");';
-          echo '$("#bpWLPassword").prop("disabled", false);';
-        }
-        // Otherwise hide the input
-        else {
-          echo '$("#bpWLPassword").hide();';
-        }
-      }
-      ?>
-    }
-  </script>
-</head>
-<body id="blockpage"><div id="bpWrapper">
-<header>
-  <h1 id="bpTitle">
-    <a class="title" href="/"><?php //Website Blocked ?></a>
-  </h1>
-  <div class="spc"></div>
-
-  <input id="bpAboutToggle" type="checkbox">
-  <div id="bpAbout">
-    <div class="aboutPH">
-      <div class="aboutImg"></div>
-      <p>Open Source Ad Blocker
-        <small>Designed for Raspberry Pi</small>
-      </p>
-    </div>
-    <div class="aboutLink">
-      <a class="linkPH" href="https://docs.pi-hole.net/"><?php //About PH ?></a>
-      <?php if (!empty($svEmail)) echo '<a class="linkEmail" href="mailto:'.$svEmail.'"></a>'; ?>
-    </div>
-  </div>
-
-  <div id="bpAlt">
-    <label class="altBtn" for="bpAboutToggle"><?php //Why am I here? ?></label>
-  </div>
-</header>
-
-<main>
-  <div id="bpOutput" class="<?=$wlOutputClass ?>"><?=$wlOutput ?></div>
-  <div id="bpBlock">
-    <p class="blockMsg"><?=$serverName ?></p>
-  </div>
-  <?php if(isset($notableFlagClass)) { ?>
-    <div id="bpFlag">
-        <p class="flagMsg <?=$notableFlagClass ?>"></p>
-    </div>
-  <?php } ?>
-  <div id="bpHelpTxt"><?=$bpAskAdmin ?></div>
-  <div id="bpButtons" class="buttons">
-    <a id="bpBack" onclick="javascript:history.back()" href="about:home"></a>
-    <?php if ($featuredTotal > 0) echo '<label id="bpInfo" for="bpMoreToggle"></label>'; ?>
-  </div>
-  <input id="bpMoreToggle" type="checkbox">
-  <div id="bpMoreInfo">
-    <span id="bpFoundIn"><span><?=$featuredTotal ?></span><?=$adlistsCount ?></span>
-    <pre id='bpQueryOutput'><?php if ($featuredTotal > 0) foreach ($queryResults as $num => $value) { echo "<span>[$num]:</span>$adlistsUrls[$num]\n"; } ?></pre>
-
-    <form id="bpWLButtons" class="buttons">
-      <input id="bpWLDomain" type="text" value="<?=$serverName ?>" disabled>
-      <input id="bpWLPassword" type="password" placeholder="JavaScript disabled" disabled>
-      <button id="bpWhitelist" type="button" disabled></button>
-    </form>
-  </div>
-</main>
-
-<footer><span><?=date("l g:i A, F dS"); ?>.</span> Pi-hole <?=$phVersion ?> (<?=gethostname()."/".$_SERVER["SERVER_ADDR"]; if (isset($execTime)) printf("/%.2fs", $execTime); ?>)</footer>
-</div>
-
-<script>
-  function add() {
-    $("#bpOutput").removeClass("hidden error exception");
-    $("#bpOutput").addClass("add");
-    var domain = "<?=$serverName ?>";
-    var pw = $("#bpWLPassword");
-    if(domain.length === 0) {
-      return;
-    }
-    $.ajax({
-      url: "/admin/scripts/pi-hole/php/add.php",
-      method: "post",
-      data: {"domain":domain, "list":"white", "pw":pw.val()},
-      success: function(response) {
-        if(response.indexOf("Pi-hole blocking") !== -1) {
-          setTimeout(function(){window.location.reload(1);}, 10000);
-          $("#bpOutput").removeClass("add");
-          $("#bpOutput").addClass("success");
-          $("#bpOutput").html("");
-        } else {
-          $("#bpOutput").removeClass("add");
-          $("#bpOutput").addClass("error");
-          $("#bpOutput").html(""+response+"");
-        }
-      },
-      error: function(jqXHR, exception) {
-        $("#bpOutput").removeClass("add");
-        $("#bpOutput").addClass("exception");
-        $("#bpOutput").html("");
-      }
-    });
-  }
-  <?php if ($featuredTotal > 0) { ?>
-    $(document).keypress(function(e) {
-        if(e.which === 13 && $("#bpWLPassword").is(":focus")) {
-            add();
-        }
-    });
-    $("#bpWhitelist").on("click", function() {
-        add();
-    });
-  <?php } ?>
-</script>
-</body></html>
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -28,14 +28,19 @@ server.modules = (
 server.document-root        = "/var/www/html"
 server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
+server.errorlog             = "/var/log/lighttpd/error-pihole.log"
 server.pid-file             = "/run/lighttpd.pid"
 server.username             = "www-data"
 server.groupname            = "www-data"
 server.port                 = 80
-accesslog.filename          = "/var/log/lighttpd/access.log"
+accesslog.filename          = "/var/log/lighttpd/access-pihole.log"
 accesslog.format            = "%{%s}t|%V|%r|%s|%b"

+# Allow streaming response
+# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
+server.stream-response-body = 1
+#ssl.read-ahead              = "disable"
+
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
 url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
@@ -73,10 +78,21 @@ include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsen

 # If the URL starts with /admin, it is the Web interface
 $HTTP["url"] =~ "^/admin/" {
-    # Create a response header for debugging using curl -I
+    # X-Pi-hole is a response header for debugging using curl -I
+    # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
+    # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input.
+    # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
+    # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
+    # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
+    # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
    setenv.add-response-header = (
        "X-Pi-hole" => "The Pi-hole Web interface is working!",
-        "X-Frame-Options" => "DENY"
+        "X-Frame-Options" => "DENY",
+        "X-XSS-Protection" => "1; mode=block",
+        "X-Content-Type-Options" => "nosniff",
+        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
+        "X-Permitted-Cross-Domain-Policies" => "none",
+        "Referrer-Policy" => "same-origin"
    )
 }

--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -29,14 +29,19 @@ server.modules = (
 server.document-root        = "/var/www/html"
 server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
+server.errorlog             = "/var/log/lighttpd/error-pihole.log"
 server.pid-file             = "/run/lighttpd.pid"
 server.username             = "lighttpd"
 server.groupname            = "lighttpd"
 server.port                 = 80
-accesslog.filename          = "/var/log/lighttpd/access.log"
+accesslog.filename          = "/var/log/lighttpd/access-pihole.log"
 accesslog.format            = "%{%s}t|%V|%r|%s|%b"

+# Allow streaming response
+# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
+server.stream-response-body = 1
+#ssl.read-ahead              = "disable"
+
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
 url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
@@ -81,10 +86,21 @@ fastcgi.server = (

 # If the URL starts with /admin, it is the Web interface
 $HTTP["url"] =~ "^/admin/" {
-    # Create a response header for debugging using curl -I
+    # X-Pi-hole is a response header for debugging using curl -I
+    # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
+    # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input.
+    # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
+    # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
+    # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
+    # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
    setenv.add-response-header = (
        "X-Pi-hole" => "The Pi-hole Web interface is working!",
-        "X-Frame-Options" => "DENY"
+        "X-Frame-Options" => "DENY",
+        "X-XSS-Protection" => "1; mode=block",
+        "X-Content-Type-Options" => "nosniff",
+        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
+        "X-Permitted-Cross-Domain-Policies" => "none",
+        "Referrer-Policy" => "same-origin"
    )
 }

--- a/install/basic-install.sh
+++ b/install/basic-install.sh
--- a/install/uninstall.sh
+++ b/install/uninstall.sh
@@ -11,10 +11,9 @@
 source "/opt/pihole/COL_TABLE"

 while true; do
-    read -rp "  ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " yn
-    case ${yn} in
+    read -rp "  ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " answer
+    case ${answer} in
        [Yy]* ) break;;
-        [Nn]* ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
        * ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
    esac
 done
@@ -37,7 +36,7 @@ else
 fi

 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-PH_TEST="true"
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 # setupVars set in basic-install.sh
 source "${setupVars}"
@@ -45,8 +44,8 @@ source "${setupVars}"
 # package_manager_detect() sourced from basic-install.sh
 package_manager_detect

-# Install packages used by the Pi-hole
-DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}")
+# Uninstall packages used by the Pi-hole
+DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}" "${OS_CHECK_DEPS[@]}")
 if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
    # Install the Web dependencies
    DEPS+=("${PIHOLE_WEB_DEPS[@]}")
@@ -76,8 +75,8 @@ removeAndPurge() {
    for i in "${DEPS[@]}"; do
        if package_check "${i}" > /dev/null; then
            while true; do
-                read -rp "  ${QST} Do you wish to remove ${COL_WHITE}${i}${COL_NC} from your system? [Y/N] " yn
-                case ${yn} in
+                read -rp "  ${QST} Do you wish to remove ${COL_WHITE}${i}${COL_NC} from your system? [Y/N] " answer
+                case ${answer} in
                    [Yy]* )
                        echo -ne "  ${INFO} Removing ${i}...";
                        ${SUDO} "${PKG_REMOVE[@]}" "${i}" &> /dev/null;
@@ -147,6 +146,7 @@ removeNoPurge() {
    ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null
    ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null
    ${SUDO} rm -rf /var/log/*pihole* &> /dev/null
+    ${SUDO} rm -rf /var/log/pihole/*pihole* &> /dev/null
    ${SUDO} rm -rf /etc/pihole/ &> /dev/null
    ${SUDO} rm -rf /etc/.pihole/ &> /dev/null
    ${SUDO} rm -rf /opt/pihole/ &> /dev/null
@@ -215,8 +215,8 @@ while true; do
        echo -n "${i} "
    done
    echo "${COL_NC}"
-    read -rp "  ${QST} Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] " yn
-    case ${yn} in
+    read -rp "  ${QST} Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] " answer
+    case ${answer} in
        [Yy]* ) removeAndPurge; break;;
        [Nn]* ) removeNoPurge; break;;
        * ) removeAndPurge; break;;
--- a/gravity.sh
+++ b/gravity.sh
@@ -139,9 +139,9 @@ update_gravity_timestamp() {
 # Import domains from file and store them in the specified database table
 database_table_from_file() {
  # Define locals
-  local table source backup_path backup_file tmpFile type
+  local table src backup_path backup_file tmpFile list_type
  table="${1}"
-  source="${2}"
+  src="${2}"
  backup_path="${piholeDir}/migration_backup"
  backup_file="${backup_path}/$(basename "${2}")"
  tmpFile="$(mktemp -p "/tmp" --suffix=".gravity")"
@@ -155,13 +155,13 @@ database_table_from_file() {

  # Special handling for domains to be imported into the common domainlist table
  if [[ "${table}" == "whitelist" ]]; then
-    type="0"
+    list_type="0"
    table="domainlist"
  elif [[ "${table}" == "blacklist" ]]; then
-    type="1"
+    list_type="1"
    table="domainlist"
  elif [[ "${table}" == "regex" ]]; then
-    type="3"
+    list_type="3"
    table="domainlist"
  fi

@@ -174,9 +174,9 @@ database_table_from_file() {
    rowid+=1
  fi

-  # Loop over all domains in ${source} file
+  # Loop over all domains in ${src} file
  # Read file line by line
-  grep -v '^ *#' < "${source}" | while IFS= read -r domain
+  grep -v '^ *#' < "${src}" | while IFS= read -r domain
  do
    # Only add non-empty lines
    if [[ -n "${domain}" ]]; then
@@ -185,10 +185,10 @@ database_table_from_file() {
        echo "${rowid},\"${domain}\",${timestamp}" >> "${tmpFile}"
      elif [[ "${table}" == "adlist" ]]; then
        # Adlist table format
-        echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\",,0,0,0" >> "${tmpFile}"
+        echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\",,0,0,0" >> "${tmpFile}"
      else
        # White-, black-, and regexlist table format
-        echo "${rowid},${type},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\"" >> "${tmpFile}"
+        echo "${rowid},${list_type},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\"" >> "${tmpFile}"
      fi
      rowid+=1
    fi
@@ -201,14 +201,14 @@ database_table_from_file() {
  status="$?"

  if [[ "${status}" -ne 0 ]]; then
-    echo -e "\\n  ${CROSS} Unable to fill table ${table}${type} in database ${gravityDBfile}\\n  ${output}"
+    echo -e "\\n  ${CROSS} Unable to fill table ${table}${list_type} in database ${gravityDBfile}\\n  ${output}"
    gravity_Cleanup "error"
  fi

  # Move source file to backup directory, create directory if not existing
  mkdir -p "${backup_path}"
-  mv "${source}" "${backup_file}" 2> /dev/null || \
-    echo -e "  ${CROSS} Unable to backup ${source} to ${backup_path}"
+  mv "${src}" "${backup_file}" 2> /dev/null || \
+    echo -e "  ${CROSS} Unable to backup ${src} to ${backup_path}"

  # Delete tmpFile
  rm "${tmpFile}" > /dev/null 2>&1 || \
@@ -527,8 +527,9 @@ parseList() {
  # This sed does the following things:
  # 1. Remove all domains containing invalid characters. Valid are: a-z, A-Z, 0-9, dot (.), minus (-), underscore (_)
  # 2. Append ,adlistID to every line
-  # 3. Ensures there is a newline on the last line
-  sed -e "/[^a-zA-Z0-9.\_-]/d;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}"
+  # 3. Remove trailing period (see https://github.com/pi-hole/pi-hole/issues/4701)
+  # 4. Ensures there is a newline on the last line
+  sed -e "/[^a-zA-Z0-9.\_-]/d;s/\.$//;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}"
  # Find (up to) five domains containing invalid characters (see above)
  incorrect_lines="$(sed -e "/[^a-zA-Z0-9.\_-]/!d" "${src}" | head -n 5)"

@@ -539,7 +540,7 @@ parseList() {
  num_target_lines_new="$(grep -c "^" "${target}")"
  # Number of new correctly added lines
  num_correct_lines="$(( num_target_lines_new-num_target_lines ))"
-  # Upate number of lines in target file
+  # Update number of lines in target file
  num_target_lines="$num_target_lines_new"
  num_invalid="$(( num_source_lines-num_correct_lines ))"
  if [[ "${num_invalid}" -eq 0 ]]; then
@@ -718,10 +719,10 @@ gravity_DownloadBlocklistFromUrl() {

 # Parse source files into domains format
 gravity_ParseFileIntoDomains() {
-  local source="${1}" destination="${2}" firstLine
+  local src="${1}" destination="${2}" firstLine

  # Determine if we are parsing a consolidated list
-  #if [[ "${source}" == "${piholeDir}/${matterAndLight}" ]]; then
+  #if [[ "${src}" == "${piholeDir}/${matterAndLight}" ]]; then
    # Remove comments and print only the domain name
    # Most of the lists downloaded are already in hosts file format but the spacing/formatting is not contiguous
    # This helps with that and makes it easier to read
@@ -732,7 +733,7 @@ gravity_ParseFileIntoDomains() {
    # 4) Remove lines containing "/"
    # 5) Remove leading tabs, spaces, etc.
    # 6) Delete lines not matching domain names
-    < "${source}" tr -d '\r' | \
+    < "${src}" tr -d '\r' | \
    tr '[:upper:]' '[:lower:]' | \
    sed 's/\s*#.*//g' | \
    sed -r '/(\/).*$/d' | \
@@ -744,16 +745,16 @@ gravity_ParseFileIntoDomains() {

  # Individual file parsing: Keep comments, while parsing domains from each line
  # We keep comments to respect the list maintainer's licensing
-  read -r firstLine < "${source}"
+  read -r firstLine < "${src}"

  # Determine how to parse individual source file formats
  if [[ "${firstLine,,}" =~ (adblock|ublock|^!) ]]; then
    # Compare $firstLine against lower case words found in Adblock lists
    echo -e "  ${CROSS} Format: Adblock (list type not supported)"
-  elif grep -q "^address=/" "${source}" &> /dev/null; then
+  elif grep -q "^address=/" "${src}" &> /dev/null; then
    # Parse Dnsmasq format lists
    echo -e "  ${CROSS} Format: Dnsmasq (list type not supported)"
-  elif grep -q -E "^https?://" "${source}" &> /dev/null; then
+  elif grep -q -E "^https?://" "${src}" &> /dev/null; then
    # Parse URL list if source file contains "http://" or "https://"
    # Scanning for "^IPv4$" is too slow with large (1M) lists on low-end hardware
    echo -ne "  ${INFO} Format: URL"
@@ -769,13 +770,13 @@ gravity_ParseFileIntoDomains() {
      /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/ { next }
      # Print if nonempty
      length { print }
-    ' "${source}" 2> /dev/null > "${destination}"
+    ' "${src}" 2> /dev/null > "${destination}"
    chmod 644 "${destination}"

    echo -e "${OVER}  ${TICK} Format: URL"
  else
    # Default: Keep hosts/domains file in same format as it was downloaded
-    output=$( { mv "${source}" "${destination}"; } 2>&1 )
+    output=$( { mv "${src}" "${destination}"; } 2>&1 )
    chmod 644 "${destination}"

    if [[ ! -e "${destination}" ]]; then
@@ -869,15 +870,19 @@ gravity_Cleanup() {

 database_recovery() {
  local result
-  local str="Checking integrity of existing gravity database"
+  local str="Checking integrity of existing gravity database (this can take a while)"
  local option="${1}"
  echo -ne "  ${INFO} ${str}..."
-  if result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA integrity_check" 2>&1)"; then
+  result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA integrity_check" 2>&1)"
+
+  if [[ ${result} = "ok" ]]; then
    echo -e "${OVER}  ${TICK} ${str} - no errors found"

-    str="Checking foreign keys of existing gravity database"
+    str="Checking foreign keys of existing gravity database (this can take a while)"
    echo -ne "  ${INFO} ${str}..."
-    if result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA foreign_key_check" 2>&1)"; then
+    unset result
+    result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA foreign_key_check" 2>&1)"
+    if [[ -z ${result} ]]; then
      echo -e "${OVER}  ${TICK} ${str} - no errors found"
      if [[ "${option}" != "force" ]]; then
        return
--- a/manpages/pihole.8
+++ b/manpages/pihole.8
@@ -11,8 +11,6 @@ Pi-hole : A black-hole for internet advertisements
 .br
 \fBpihole -a\fR (\fB-c|-f|-k\fR)
 .br
-\fBpihole -a -e\fR email
-.br
 \fBpihole -a -i\fR interface
 .br
 \fBpihole -a -l\fR privacylevel
@@ -132,9 +130,6 @@ Available commands and options:
      -f, fahrenheit    Set Fahrenheit as preferred temperature unit
 .br
      -k, kelvin        Set Kelvin as preferred temperature unit
-.br
-      -e, email         Set an administrative contact address for the
-                        Block Page
 .br
      -i, interface     Specify dnsmasq's interface listening behavior
 .br
@@ -187,12 +182,12 @@ Available commands and options:

 	(Logging options):
 .br
-      on                Enable the Pi-hole log at /var/log/pihole.log
+      on                Enable the Pi-hole log at /var/log/pihole/pihole.log
 .br
      off               Disable and flush the Pi-hole log at
-                        /var/log/pihole.log
+                        /var/log/pihole/pihole.log
 .br
-      off noflush       Disable the Pi-hole log at /var/log/pihole.log
+      off noflush       Disable the Pi-hole log at /var/log/pihole/pihole.log
 .br

 \fB-up, updatePihole\fR [--check-only]
--- a/167
+++ b/167
@@ -16,12 +16,11 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
 # error due to modifying a readonly variable.
 setupVars="/etc/pihole/setupVars.conf"
 PI_HOLE_BIN_DIR="/usr/local/bin"
-readonly FTL_PID_FILE="/run/pihole-FTL.pid"

 readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
 source "${colfile}"

-readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 source "${utilsfile}"

 webpageFunc() {
@@ -36,19 +35,20 @@ listFunc() {
 }

 debugFunc() {
-  local automated
-  local web
+    local automated
+    local web
+    local check_database_integrity
+    # Pull off the `debug` leaving passed call augmentation flags in $1
+    shift

-  # Pull off the `debug` leaving passed call augmentation flags in $1
-  shift
-  if [[ "$@" == *"-a"* ]]; then
-    automated="true"
-  fi
-  if [[ "$@" == *"-w"* ]]; then
-    web="true"
-  fi
+    for value in "$@"; do
+        [[ "$value"  == *"-a"* ]] && automated="true"
+        [[ "$value"  == *"-w"* ]] && web="true"
+        [[ "$value"  == *"-c"* ]] && check_database_integrity="true"
+        [[ "$value" == *"--check_database"* ]] && check_database_integrity="true"
+    done

-  AUTOMATED=${automated:-} WEBCALL=${web:-} "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
+  AUTOMATED=${automated:-} WEBCALL=${web:-} CHECK_DATABASE=${check_database_integrity:-} "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
  exit 0
 }

@@ -100,25 +100,8 @@ versionFunc() {
  exec "${PI_HOLE_SCRIPT_DIR}"/version.sh "$@"
 }

-# Get PID of main pihole-FTL process
-getFTLPID() {
-  local pid
-
-  if [ -s "${FTL_PID_FILE}" ]; then
-    # -s: FILE exists and has a size greater than zero
-    pid="$(<"$FTL_PID_FILE")"
-    # Exploit prevention: unset the variable if there is malicious content
-    # Verify that the value read from the file is numeric
-    [[ "$pid" =~ [^[:digit:]] ]] && unset pid
-  fi
-
-  # If FTL is not running, or the PID file contains malicious stuff, substitute
-  # negative PID to signal this to the caller
-  echo "${pid:=-1}"
-}
-
 restartDNS() {
-  local svcOption svc str output status pid icon
+  local svcOption svc str output status pid icon FTL_PID_FILE
  svcOption="${1:-restart}"

  # Determine if we should reload or restart
@@ -127,7 +110,11 @@ restartDNS() {
    # Note 1: This will NOT re-read any *.conf files
    # Note 2: We cannot use killall here as it does
    #         not know about real-time signals
-    pid="$(getFTLPID)"
+
+    # get the current path to the pihole-FTL.pid
+    FTL_PID_FILE="$(getFTLPIDFile)"
+
+    pid="$(getFTLPID ${FTL_PID_FILE})"
    if [[ "$pid" -eq "-1" ]]; then
      svc="true"
      str="FTL is not running"
@@ -140,7 +127,7 @@ restartDNS() {
  elif [[ "${svcOption}" =~ "reload" ]]; then
    # Reloading of the DNS cache has been requested
    # Note: This will NOT re-read any *.conf files
-    pid="$(getFTLPID)"
+    pid="$(getFTLPID ${FTL_PID_FILE})"
    if [[ "$pid" -eq "-1" ]]; then
      svc="true"
      str="FTL is not running"
@@ -226,7 +213,7 @@ Time:
      fi

      local str="Pi-hole Disabled"
-      addOrEditKeyValPair "BLOCKING_ENABLED" "false" "${setupVars}"
+      addOrEditKeyValPair "${setupVars}" "BLOCKING_ENABLED" "false"
    fi
  else
    # Enable Pi-hole
@@ -238,7 +225,7 @@ Time:
    echo -e "  ${INFO} Enabling blocking"
    local str="Pi-hole Enabled"

-    addOrEditKeyValPair "BLOCKING_ENABLED" "true" "${setupVars}"
+    addOrEditKeyValPair "${setupVars}" "BLOCKING_ENABLED" "true"
  fi

  restartDNS reload-lists
@@ -254,14 +241,14 @@ Example: 'pihole logging on'
 Specify whether the Pi-hole log should be used

 Options:
-  on                  Enable the Pi-hole log at /var/log/pihole.log
-  off                 Disable and flush the Pi-hole log at /var/log/pihole.log
-  off noflush         Disable the Pi-hole log at /var/log/pihole.log"
+  on                  Enable the Pi-hole log at /var/log/pihole/pihole.log
+  off                 Disable and flush the Pi-hole log at /var/log/pihole/pihole.log
+  off noflush         Disable the Pi-hole log at /var/log/pihole/pihole.log"
    exit 0
  elif [[ "${1}" == "off" ]]; then
    # Disable logging
-    sed -i 's/^log-queries/#log-queries/' /etc/dnsmasq.d/01-pihole.conf
-    addOrEditKeyValPair "QUERY_LOGGING" "false" "${setupVars}"
+    removeKey /etc/dnsmasq.d/01-pihole.conf "log-queries"
+    addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "false"
    if [[ "${2}" != "noflush" ]]; then
      # Flush logs
      "${PI_HOLE_BIN_DIR}"/pihole -f
@@ -270,8 +257,8 @@ Options:
    local str="Logging has been disabled!"
  elif [[ "${1}" == "on" ]]; then
    # Enable logging
-    sed -i 's/^#log-queries/log-queries/' /etc/dnsmasq.d/01-pihole.conf
-    addOrEditKeyValPair "QUERY_LOGGING" "true" "${setupVars}"
+    addKey /etc/dnsmasq.d/01-pihole.conf "log-queries"
+    addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "true"
    echo -e "  ${INFO} Enabling logging..."
    local str="Logging has been enabled!"
  else
@@ -315,32 +302,37 @@ analyze_ports() {
 }

 statusFunc() {
-  # Determine if there is pihole-FTL service is listening
-  local listening pid port
+    # Determine if there is pihole-FTL service is listening
+    local pid port ftl_api_port ftl_pid_file ftl_apiport_file

-  pid="$(getFTLPID)"
-  if [[ "$pid" -eq "-1" ]]; then
-    case "${1}" in
-      "web") echo "-1";;
-      *) echo -e "  ${CROSS} DNS service is NOT running";;
-    esac
-    return 0
-  else
-    #get the port pihole-FTL is listening on by using FTL's telnet API
-    port="$(echo ">dns-port >quit" | nc 127.0.0.1 4711)"
-    if [[ "${port}" == "0" ]]; then
-      case "${1}" in
-        "web") echo "-1";;
-        *) echo -e "  ${CROSS} DNS service is NOT listening";;
-      esac
-      return 0
+    ftl_pid_file="$(getFTLPIDFile)"
+
+    pid="$(getFTLPID ${ftl_pid_file})"
+
+    ftl_apiport_file="${getFTLAPIPortFile}"
+    ftl_api_port="$(getFTLAPIPort ${ftl_apiport_file})"
+    if [[ "$pid" -eq "-1" ]]; then
+        case "${1}" in
+            "web") echo "-1";;
+            *) echo -e "  ${CROSS} DNS service is NOT running";;
+        esac
+        return 0
    else
-      if [[ "${1}" != "web" ]]; then
-        echo -e "  ${TICK} FTL is listening on port ${port}"
-        analyze_ports "${port}"
-      fi
+        #get the DNS port pihole-FTL is listening on by using FTL's telnet API
+        port="$(echo ">dns-port >quit" | nc 127.0.0.1 "$ftl_api_port")"
+        if [[ "${port}" == "0" ]]; then
+            case "${1}" in
+                "web") echo "-1";;
+                *) echo -e "  ${CROSS} DNS service is NOT listening";;
+            esac
+            return 0
+        else
+            if [[ "${1}" != "web" ]]; then
+                echo -e "  ${TICK} FTL is listening on port ${port}"
+                analyze_ports "${port}"
+            fi
+        fi
    fi
-  fi

  # Determine if Pi-hole's blocking is enabled
  if grep -q "BLOCKING_ENABLED=false" /etc/pihole/setupVars.conf; then
@@ -364,7 +356,7 @@ statusFunc() {
    # Enable blocking
    "${PI_HOLE_BIN_DIR}"/pihole enable
  fi
-
+exit 0
 }

 tailFunc() {
@@ -381,7 +373,7 @@ tailFunc() {
  # Color blocklist/blacklist/wildcard entries as red
  # Color A/AAAA/DHCP strings as white
  # Color everything else as gray
-  tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \
+  tail -f /var/log/pihole/pihole.log | grep --line-buffered "${1}" | sed -E \
    -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
    -e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \
    -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
@@ -454,6 +446,7 @@ Whitelist/Blacklist Options:

 Debugging Options:
  -d, debug           Start a debugging session
+                        Add '-c' or '--check-database' to include a Pi-hole database integrity check
                        Add '-a' to automatically upload the log to tricorder.pi-hole.net
  -f, flush           Flush the Pi-hole log
  -r, reconfigure     Reconfigure or Repair Pi-hole subsystems
@@ -495,8 +488,39 @@ if [[ $# = 0 ]]; then
  helpFunc
 fi

+# functions that do not require sudo power
 case "${1}" in
  "-h" | "help" | "--help"      ) helpFunc;;
+  "-v" | "version"              ) versionFunc "$@";;
+  "-c" | "chronometer"          ) chronometerFunc "$@";;
+  "-q" | "query"                ) queryFunc "$@";;
+  "status"                      ) statusFunc "$2";;
+
+  "tricorder"                   ) tricorderFunc;;
+
+  # we need to add all arguments that require sudo power to not trigger the * argument
+  "-w" | "whitelist"            ) ;;
+  "-b" | "blacklist"            ) ;;
+  "--wild" | "wildcard"         ) ;;
+  "--regex" | "regex"           ) ;;
+  "--white-regex" | "white-regex" ) ;;
+  "--white-wild" | "white-wild"   ) ;;
+  "-f" | "flush"                ) ;;
+  "-up" | "updatePihole"        ) ;;
+  "-r"  | "reconfigure"         ) ;;
+  "-g" | "updateGravity"        ) ;;
+  "-l" | "logging"              ) ;;
+  "uninstall"                   ) ;;
+  "enable"                      ) ;;
+  "disable"                     ) ;;
+  "-d" | "debug"                ) ;;
+  "restartdns"                  ) ;;
+  "-a" | "admin"                ) ;;
+  "checkout"                    ) ;;
+  "updatechecker"               ) ;;
+  "arpflush"                    ) ;;
+  "-t" | "tail"                 ) ;;
+  *                             ) helpFunc;;
 esac

 # Must be root to use this tool
@@ -523,21 +547,14 @@ case "${1}" in
  "-up" | "updatePihole"        ) updatePiholeFunc "$@";;
  "-r"  | "reconfigure"         ) reconfigurePiholeFunc;;
  "-g" | "updateGravity"        ) updateGravityFunc "$@";;
-  "-c" | "chronometer"          ) chronometerFunc "$@";;
-  "-h" | "help"                 ) helpFunc;;
-  "-v" | "version"              ) versionFunc "$@";;
-  "-q" | "query"                ) queryFunc "$@";;
  "-l" | "logging"              ) piholeLogging "$@";;
  "uninstall"                   ) uninstallFunc;;
  "enable"                      ) piholeEnable 1;;
  "disable"                     ) piholeEnable 0 "$2";;
-  "status"                      ) statusFunc "$2";;
  "restartdns"                  ) restartDNS "$2";;
  "-a" | "admin"                ) webpageFunc "$@";;
-  "-t" | "tail"                 ) tailFunc "$2";;
  "checkout"                    ) piholeCheckoutFunc "$@";;
-  "tricorder"                   ) tricorderFunc;;
  "updatechecker"               ) updateCheckFunc "$@";;
  "arpflush"                    ) arpFunc "$@";;
-  *                             ) helpFunc;;
+  "-t" | "tail"                 ) tailFunc "$2";;
 esac
--- a/test/_centos_7.Dockerfile
+++ b/test/_centos_7.Dockerfile
@@ -1,18 +0,0 @@
-FROM centos:7
-RUN yum install -y git
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_centos_8.Dockerfile
+++ b/test/_centos_8.Dockerfile
@@ -12,7 +12,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_debian_10.Dockerfile
+++ b/test/_debian_10.Dockerfile
@@ -11,7 +11,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_debian_11.Dockerfile
+++ b/test/_debian_11.Dockerfile
@@ -11,7 +11,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_debian_9.Dockerfile
+++ b/test/_debian_9.Dockerfile
@@ -1,17 +0,0 @@
-FROM buildpack-deps:stretch-scm
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_fedora_33.Dockerfile
+++ b/test/_fedora_33.Dockerfile
@@ -1,18 +0,0 @@
-FROM fedora:33
-RUN dnf install -y git
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_fedora_34.Dockerfile
+++ b/test/_fedora_34.Dockerfile
@@ -12,7 +12,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_16.Dockerfile
+++ b/test/_ubuntu_16.Dockerfile
@@ -1,17 +0,0 @@
-FROM buildpack-deps:xenial-scm
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_18.Dockerfile
+++ b/test/_ubuntu_18.Dockerfile
@@ -11,7 +11,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_20.Dockerfile
+++ b/test/_ubuntu_20.Dockerfile
@@ -12,7 +12,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_22.Dockerfile
+++ b/test/_ubuntu_22.Dockerfile
@@ -1,4 +1,4 @@
-FROM buildpack-deps:hirsute-scm
+FROM buildpack-deps:jammy-scm

 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -12,7 +12,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN true && \
    chmod +x $SCRIPTDIR/*

-ENV PH_TEST true
+ENV SKIP_INSTALL true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net

 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/test_any_automated_install.py
+++ b/test/test_any_automated_install.py
@@ -116,9 +116,9 @@ def test_installPiholeWeb_fresh_install_no_errors(host):
    source /opt/pihole/basic-install.sh
    installPiholeWeb
    ''')
-    expected_stdout = info_box + ' Installing blocking page...'
+    expected_stdout = info_box + ' Installing 404 page...'
    assert expected_stdout in installWeb.stdout
-    expected_stdout = tick_box + (' Creating directory for blocking page, '
+    expected_stdout = tick_box + (' Creating directory for 404 page, '
                                  'and copying files')
    assert expected_stdout in installWeb.stdout
    expected_stdout = info_box + ' Backing up index.lighttpd.html'
@@ -130,7 +130,6 @@ def test_installPiholeWeb_fresh_install_no_errors(host):
    assert expected_stdout in installWeb.stdout
    web_directory = host.run('ls -r /var/www/html/pihole').stdout
    assert 'index.php' in web_directory
-    assert 'blockingpage.css' in web_directory


 def get_directories_recursive(host, directory):
@@ -150,10 +149,10 @@ def get_directories_recursive(host, directory):

 def test_installPihole_fresh_install_readableFiles(host):
    '''
-    confirms all neccessary files are readable by pihole user
+    confirms all necessary files are readable by pihole user
    '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # dialog returns Cancel for user prompt
+    mock_command('dialog', {'*': ('', '0')}, host)
    # mock git pull
    mock_command_passthrough('git', {'pull': ('', '0')}, host)
    # mock systemctl to not start lighttpd and FTL
@@ -240,24 +239,14 @@ def test_installPihole_fresh_install_readableFiles(host):
        'r', '/etc/pihole/dns-servers.conf', piholeuser)
    actual_rc = host.run(check_servers).rc
    assert exit_status_success == actual_rc
-    # readable GitHubVersions
-    check_version = test_cmd.format(
-        'r', '/etc/pihole/GitHubVersions', piholeuser)
-    actual_rc = host.run(check_version).rc
-    assert exit_status_success == actual_rc
    # readable install.log
    check_install = test_cmd.format(
        'r', '/etc/pihole/install.log', piholeuser)
    actual_rc = host.run(check_install).rc
    assert exit_status_success == actual_rc
-    # readable localbranches
-    check_localbranch = test_cmd.format(
-        'r', '/etc/pihole/localbranches', piholeuser)
-    actual_rc = host.run(check_localbranch).rc
-    assert exit_status_success == actual_rc
-    # readable localversions
+    # readable versions
    check_localversion = test_cmd.format(
-        'r', '/etc/pihole/localversions', piholeuser)
+        'r', '/etc/pihole/versions', piholeuser)
    actual_rc = host.run(check_localversion).rc
    assert exit_status_success == actual_rc
    # readable logrotate
@@ -393,8 +382,8 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
        "127.0.0.1",
        # "pi.hole"
    ]
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # dialog returns Cancel for user prompt
+    mock_command('dialog', {'*': ('', '0')}, host)

    # mock git pull
    mock_command_passthrough('git', {'pull': ('', '0')}, host)
@@ -483,7 +472,6 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
        setup_var_file += "{}={}\n".format(k, v)
    setup_var_file += "INSTALL_WEB_SERVER=true\n"
    setup_var_file += "INSTALL_WEB_INTERFACE=true\n"
-    setup_var_file += "IPV4_ADDRESS=127.0.0.1\n"
    setup_var_file += "EOF\n"
    host.run(setup_var_file)
    installWeb = host.run('''
@@ -606,10 +594,6 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
            'r', webroot + '/pihole/index.php', webuser)
        actual_rc = host.run(check_index).rc
        assert exit_status_success == actual_rc
-        check_blockpage = test_cmd.format(
-            'r', webroot + '/pihole/blockingpage.css', webuser)
-        actual_rc = host.run(check_blockpage).rc
-        assert exit_status_success == actual_rc
        if test_webpage is True:
            # check webpage for unreadable files
            noPHPfopen = re.compile(
@@ -675,17 +659,10 @@ def test_FTL_detect_aarch64_no_errors(host):
    '''
    # mock uname to return aarch64 platform
    mock_command('uname', {'-m': ('aarch64', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
    # mock ldd to respond with aarch64 shared library
-    mock_command(
-        'ldd',
-        {
-            '/bin/ls': (
-                '/lib/ld-linux-aarch64.so.1',
-                '0'
-            )
-        },
-        host
-    )
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-aarch64.so.1', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -708,8 +685,10 @@ def test_FTL_detect_armv4t_no_errors(host):
    '''
    # mock uname to return armv4t platform
    mock_command('uname', {'-m': ('armv4t', '0')}, host)
-    # mock ldd to respond with ld-linux shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
+    # mock ldd to respond with armv4t shared library
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux.so.3', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -732,8 +711,10 @@ def test_FTL_detect_armv5te_no_errors(host):
    '''
    # mock uname to return armv5te platform
    mock_command('uname', {'-m': ('armv5te', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
    # mock ldd to respond with ld-linux shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, host)
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux.so.3', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -757,7 +738,9 @@ def test_FTL_detect_armv6l_no_errors(host):
    # mock uname to return armv6l platform
    mock_command('uname', {'-m': ('armv6l', '0')}, host)
    # mock ldd to respond with ld-linux-armhf shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-armhf.so.3', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -782,7 +765,9 @@ def test_FTL_detect_armv7l_no_errors(host):
    # mock uname to return armv7l platform
    mock_command('uname', {'-m': ('armv7l', '0')}, host)
    # mock ldd to respond with ld-linux-armhf shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-armhf.so.3', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -806,8 +791,10 @@ def test_FTL_detect_armv8a_no_errors(host):
    '''
    # mock uname to return armv8a platform
    mock_command('uname', {'-m': ('armv8a', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
    # mock ldd to respond with ld-linux-armhf shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host)
+    mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-armhf.so.3', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -828,6 +815,8 @@ def test_FTL_detect_x86_64_no_errors(host):
    '''
    confirms only x86_64 package is downloaded for FTL engine
    '''
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -848,6 +837,8 @@ def test_FTL_detect_unknown_no_errors(host):
    ''' confirms only generic package is downloaded for FTL engine '''
    # mock uname to return generic platform
    mock_command('uname', {'-m': ('mips', '0')}, host)
+    # mock `which sh` to return `/bin/sh`
+    mock_command('which', {'sh': ('/bin/sh', '0')}, host)
    detectPlatform = host.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
@@ -864,8 +855,8 @@ def test_FTL_download_aarch64_no_errors(host):
    '''
    confirms only aarch64 package is downloaded for FTL engine
    '''
-    # mock whiptail answers and ensure installer dependencies
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    # mock dialog answers and ensure installer dependencies
+    mock_command('dialog', {'*': ('', '0')}, host)
    host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
@@ -898,23 +889,6 @@ def test_FTL_binary_installed_and_responsive_no_errors(host):
    assert expected_stdout in installed_binary.stdout


-# def test_FTL_support_files_installed(host):
-#     '''
-#     confirms FTL support files are installed
-#     '''
-#     support_files = host.run('''
-#     source /opt/pihole/basic-install.sh
-#     FTLdetect
-#     stat -c '%a %n' /var/log/pihole-FTL.log
-#     stat -c '%a %n' /run/pihole-FTL.port
-#     stat -c '%a %n' /run/pihole-FTL.pid
-#     ls -lac /run
-#     ''')
-#     assert '644 /run/pihole-FTL.port' in support_files.stdout
-#     assert '644 /run/pihole-FTL.pid' in support_files.stdout
-#     assert '644 /var/log/pihole-FTL.log' in support_files.stdout
-
-
 def test_IPv6_only_link_local(host):
    '''
    confirms IPv6 blocking is disabled for Link-local address
@@ -1111,40 +1085,38 @@ def test_os_check_passes(host):

 def test_package_manager_has_installer_deps(host):
    ''' Confirms OS is able to install the required packages for the installer'''
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    mock_command('dialog', {'*': ('', '0')}, host)
    output = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    install_dependent_packages ${INSTALLER_DEPS[@]}
    ''')

-    assert 'No package' not in output.stdout  # centos7 still exits 0...
+    assert 'No package' not in output.stdout
    assert output.rc == 0


 def test_package_manager_has_pihole_deps(host):
    ''' Confirms OS is able to install the required packages for Pi-hole '''
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    mock_command('dialog', {'*': ('', '0')}, host)
    output = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
-    select_rpm_php
    install_dependent_packages ${PIHOLE_DEPS[@]}
    ''')

-    assert 'No package' not in output.stdout  # centos7 still exits 0...
+    assert 'No package' not in output.stdout
    assert output.rc == 0


 def test_package_manager_has_web_deps(host):
    ''' Confirms OS is able to install the required packages for web '''
-    mock_command('whiptail', {'*': ('', '0')}, host)
+    mock_command('dialog', {'*': ('', '0')}, host)
    output = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
-    select_rpm_php
    install_dependent_packages ${PIHOLE_WEB_DEPS[@]}
    ''')

-    assert 'No package' not in output.stdout  # centos7 still exits 0...
+    assert 'No package' not in output.stdout
    assert output.rc == 0
--- a/test/test_any_utils.py
+++ b/test/test_any_utils.py
@@ -1,16 +1,122 @@
 def test_key_val_replacement_works(host):
-    ''' Confirms addOrEditKeyValPair provides the expected output '''
+    ''' Confirms addOrEditKeyValPair either adds or replaces a key value pair in a given file '''
    host.run('''
-    setupvars=./testoutput
    source /opt/pihole/utils.sh
-    addOrEditKeyValPair "KEY_ONE" "value1" "./testoutput"
-    addOrEditKeyValPair "KEY_TWO" "value2" "./testoutput"
-    addOrEditKeyValPair "KEY_ONE" "value3" "./testoutput"
-    addOrEditKeyValPair "KEY_FOUR" "value4" "./testoutput"
-    cat ./testoutput
+    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
+    addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
+    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value3"
+    addOrEditKeyValPair "./testoutput" "KEY_FOUR" "value4"
    ''')
    output = host.run('''
    cat ./testoutput
    ''')
    expected_stdout = 'KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\n'
    assert expected_stdout == output.stdout
+
+
+def test_key_addition_works(host):
+    ''' Confirms addKey adds a key (no value) to a file without duplicating it '''
+    host.run('''
+    source /opt/pihole/utils.sh
+    addKey "./testoutput" "KEY_ONE"
+    addKey "./testoutput" "KEY_ONE"
+    addKey "./testoutput" "KEY_TWO"
+    addKey "./testoutput" "KEY_TWO"
+    addKey "./testoutput" "KEY_THREE"
+    addKey "./testoutput" "KEY_THREE"
+    ''')
+    output = host.run('''
+    cat ./testoutput
+    ''')
+    expected_stdout = 'KEY_ONE\nKEY_TWO\nKEY_THREE\n'
+    assert expected_stdout == output.stdout
+
+
+def test_key_removal_works(host):
+    ''' Confirms removeKey removes a key or key/value pair '''
+    host.run('''
+    source /opt/pihole/utils.sh
+    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
+    addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
+    addOrEditKeyValPair "./testoutput" "KEY_THREE" "value3"
+    addKey "./testoutput" "KEY_FOUR"
+    removeKey "./testoutput" "KEY_TWO"
+    removeKey "./testoutput" "KEY_FOUR"
+    ''')
+    output = host.run('''
+    cat ./testoutput
+    ''')
+    expected_stdout = 'KEY_ONE=value1\nKEY_THREE=value3\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLAPIPortFile_default(host):
+    ''' Confirms getFTLAPIPortFile returns the default API port file path '''
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    getFTLAPIPortFile
+    ''')
+    expected_stdout = '/run/pihole-FTL.port\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLAPIPort_default(host):
+    ''' Confirms getFTLAPIPort returns the default API port '''
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    getFTLAPIPort "/run/pihole-FTL.port"
+    ''')
+    expected_stdout = '4711\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLAPIPortFile_and_getFTLAPIPort_custom(host):
+    ''' Confirms getFTLAPIPort returns a custom API port in a custom PORTFILE location '''
+    host.run('''
+    tmpfile=$(mktemp)
+    echo "PORTFILE=${tmpfile}" > /etc/pihole/pihole-FTL.conf
+    echo "1234" > ${tmpfile}
+    ''')
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    FTL_API_PORT_FILE=$(getFTLAPIPortFile)
+    getFTLAPIPort "${FTL_API_PORT_FILE}"
+    ''')
+    expected_stdout = '1234\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLPIDFile_default(host):
+    ''' Confirms getFTLPIDFile returns the default PID file path '''
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    getFTLPIDFile
+    ''')
+    expected_stdout = '/run/pihole-FTL.pid\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLPID_default(host):
+    ''' Confirms getFTLPID returns the default value if FTL is not running '''
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    getFTLPID
+    ''')
+    expected_stdout = '-1\n'
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLPIDFile_and_getFTLPID_custom(host):
+    ''' Confirms getFTLPIDFile returns a custom PID file path '''
+    host.run('''
+    tmpfile=$(mktemp)
+    echo "PIDFILE=${tmpfile}" > /etc/pihole/pihole-FTL.conf
+    echo "1234" > ${tmpfile}
+    ''')
+    output = host.run('''
+    source /opt/pihole/utils.sh
+    FTL_PID_FILE=$(getFTLPIDFile)
+    getFTLPID "${FTL_PID_FILE}"
+    ''')
+    expected_stdout = '1234\n'
+    assert expected_stdout == output.stdout
--- a/test/test_centos_7_support.py
+++ b/test/test_centos_7_support.py
@@ -1,63 +0,0 @@
-from .conftest import (
-    tick_box,
-    info_box,
-    mock_command,
-)
-
-
-def test_php_upgrade_default_optout_centos_eq_7(host):
-    '''
-    confirms the default behavior to opt-out of installing PHP7 from REMI
-    '''
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optout_centos_eq_7(host):
-    '''
-    confirms installer behavior when user opt-out of installing PHP7 from REMI
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optin_centos_eq_7(host):
-    '''
-    confirms installer behavior when user opt-in to installing PHP7 from REMI
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    assert 'opt-out' not in package_manager_detect.stdout
-    expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
-                                  '(https://rpms.remirepo.net)')
-    assert expected_stdout in package_manager_detect.stdout
-    expected_stdout = tick_box + (' Remi\'s RPM repository has '
-                                  'been enabled for PHP7')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert remi_package.is_installed
--- a/test/test_centos_8_support.py
+++ b/test/test_centos_8_support.py
@@ -1,68 +0,0 @@
-from .conftest import (
-    tick_box,
-    info_box,
-    mock_command,
-)
-
-
-def test_php_upgrade_default_continue_centos_gte_8(host):
-    '''
-    confirms the latest version of CentOS continues / does not optout
-    (should trigger on CentOS7 only)
-    '''
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
-                                    ' Deprecated PHP may be in use.')
-    assert unexpected_stdout not in package_manager_detect.stdout
-    # ensure remi was not installed on latest CentOS
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optout_skipped_centos_gte_8(host):
-    '''
-    confirms installer skips user opt-out of installing PHP7 from REMI on
-    latest CentOS (should trigger on CentOS7 only)
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
-                                    ' Deprecated PHP may be in use.')
-    assert unexpected_stdout not in package_manager_detect.stdout
-    # ensure remi was not installed on latest CentOS
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optin_skipped_centos_gte_8(host):
-    '''
-    confirms installer skips user opt-in to installing PHP7 from REMI on
-    latest CentOS (should trigger on CentOS7 only)
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    assert 'opt-out' not in package_manager_detect.stdout
-    unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository '
-                                    '(https://rpms.remirepo.net)')
-    assert unexpected_stdout not in package_manager_detect.stdout
-    unexpected_stdout = tick_box + (' Remi\'s RPM repository has '
-                                    'been enabled for PHP7')
-    assert unexpected_stdout not in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
--- a/test/test_centos_common_support.py
+++ b/test/test_centos_common_support.py
@@ -7,23 +7,6 @@ from .conftest import (
 )


-def test_release_supported_version_check_centos(host):
-    '''
-    confirms installer exits on unsupported releases of CentOS
-    '''
-    # modify /etc/redhat-release to mock an unsupported CentOS release
-    host.run('echo "CentOS Linux release 6.9" > /etc/redhat-release')
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    expected_stdout = cross_box + (' CentOS 6 is not supported.')
-    assert expected_stdout in package_manager_detect.stdout
-    expected_stdout = 'Please update to CentOS release 7 or later'
-    assert expected_stdout in package_manager_detect.stdout
-
-
 def test_enable_epel_repository_centos(host):
    '''
    confirms the EPEL package repository is enabled when installed on CentOS
@@ -31,95 +14,11 @@ def test_enable_epel_repository_centos(host):
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
-    select_rpm_php
    ''')
    expected_stdout = info_box + (' Enabling EPEL package repository '
                                  '(https://fedoraproject.org/wiki/EPEL)')
    assert expected_stdout in package_manager_detect.stdout
-    expected_stdout = tick_box + ' Installed epel-release'
+    expected_stdout = tick_box + ' Installed'
    assert expected_stdout in package_manager_detect.stdout
    epel_package = host.package('epel-release')
    assert epel_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_default_optout_centos(host):
-    '''
-    confirms the default behavior to opt-out of upgrading to PHP7 from REMI
-    '''
-    # first we will install the default php version to test installer behavior
-    php_install = host.run('yum install -y php')
-    assert php_install.rc == 0
-    php_package = host.package('php')
-    default_centos_php_version = php_package.version.split('.')[0]
-    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
-        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_user_optout_centos(host):
-    '''
-    confirms installer behavior when user opt-out to upgrade to PHP7 via REMI
-    '''
-    # first we will install the default php version to test installer behavior
-    php_install = host.run('yum install -y php')
-    assert php_install.rc == 0
-    php_package = host.package('php')
-    default_centos_php_version = php_package.version.split('.')[0]
-    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
-        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_user_optin_centos(host):
-    '''
-    confirms installer behavior when user opt-in to upgrade to PHP7 via REMI
-    '''
-    # first we will install the default php version to test installer behavior
-    php_install = host.run('yum install -y php')
-    assert php_install.rc == 0
-    php_package = host.package('php')
-    default_centos_php_version = php_package.version.split('.')[0]
-    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
-        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, host)
-    package_manager_detect = host.run('''
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    select_rpm_php
-    install_dependent_packages PIHOLE_WEB_DEPS[@]
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout not in package_manager_detect.stdout
-    expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
-                                  '(https://rpms.remirepo.net)')
-    assert expected_stdout in package_manager_detect.stdout
-    expected_stdout = tick_box + (' Remi\'s RPM repository has '
-                                  'been enabled for PHP7')
-    assert expected_stdout in package_manager_detect.stdout
-    remi_package = host.package('remi-release')
-    assert remi_package.is_installed
-    updated_php_package = host.package('php')
-    updated_php_version = updated_php_package.version.split('.')[0]
-    assert int(updated_php_version) == 7
--- a/test/test_centos_fedora_common_support.py
+++ b/test/test_centos_fedora_common_support.py
@@ -30,7 +30,7 @@ def test_selinux_enforcing_exit(host):
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
-    expected_stdout = cross_box + ' Current SELinux: Enforcing'
+    expected_stdout = cross_box + ' Current SELinux: enforcing'
    assert expected_stdout in check_selinux.stdout
    expected_stdout = 'SELinux Enforcing detected, exiting installer'
    assert expected_stdout in check_selinux.stdout
@@ -46,7 +46,7 @@ def test_selinux_permissive(host):
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
-    expected_stdout = tick_box + ' Current SELinux: Permissive'
+    expected_stdout = tick_box + ' Current SELinux: permissive'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 0

@@ -60,6 +60,6 @@ def test_selinux_disabled(host):
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
-    expected_stdout = tick_box + ' Current SELinux: Disabled'
+    expected_stdout = tick_box + ' Current SELinux: disabled'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 0
--- a/test/test_fedora_support.py
+++ b/test/test_fedora_support.py
@@ -6,11 +6,8 @@ def test_epel_and_remi_not_installed_fedora(host):
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
-    select_rpm_php
    ''')
    assert package_manager_detect.stdout == ''

    epel_package = host.package('epel-release')
    assert not epel_package.is_installed
-    remi_package = host.package('remi-release')
-    assert not remi_package.is_installed
--- a/test/tox.centos_7.ini
+++ b/test/tox.centos_7.ini
@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _centos_7.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py ./test_centos_7_support.py
--- a/test/tox.centos_8.ini
+++ b/test/tox.centos_8.ini
@@ -5,4 +5,4 @@ envlist = py38
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _centos_8.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py ./test_centos_8_support.py
+           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py
--- a/test/tox.debian_9.ini
+++ b/test/tox.debian_9.ini
@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _debian_9.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
--- a/test/tox.fedora_33.ini
+++ b/test/tox.fedora_33.ini
@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _fedora_33.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_fedora_support.py
--- a/test/tox.ubuntu_21.ini
+++ b/test/tox.ubuntu_21.ini
@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _ubuntu_21.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
--- a/test/tox.ubuntu_22.ini
+++ b/test/tox.ubuntu_22.ini
@@ -4,5 +4,5 @@ envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
-commands = docker build -f _ubuntu_16.Dockerfile -t pytest_pihole:test_container ../
+commands = docker build -f _ubuntu_22.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
				`@@ -1 +0,0 @@`
				`dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fbcon=map:10 fbcon=font:VGA8x8 consoleblank=0`