From 54d0b9a1b88d1af6f2d3dece156e7d853a991fb1 Mon Sep 17 00:00:00 2001 From: XhmikosR Date: Sat, 7 Dec 2019 13:46:14 +0200 Subject: [PATCH 001/115] Serve JS files with utf-8 charset too Signed-off-by: XhmikosR --- advanced/lighttpd.conf.debian | 2 +- advanced/lighttpd.conf.fedora | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 2215bbdb..f96c2d4b 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -49,7 +49,7 @@ mimetype.assign = ( ".png" => "image/png", ".jpeg" => "image/jpeg", ".html" => "text/html", ".css" => "text/css; charset=utf-8", - ".js" => "application/javascript", + ".js" => "application/javascript; charset=utf-8", ".json" => "application/json", ".txt" => "text/plain", ".svg" => "image/svg+xml" ) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 4232c90f..22299248 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -51,7 +51,7 @@ mimetype.assign = ( ".png" => "image/png", ".jpeg" => "image/jpeg", ".html" => "text/html", ".css" => "text/css; charset=utf-8", - ".js" => "application/javascript", + ".js" => "application/javascript; charset=utf-8", ".json" => "application/json", ".txt" => "text/plain", ".svg" => "image/svg+xml" ) From b0f133365744f1341418f8da08bb25869d021111 Mon Sep 17 00:00:00 2001 From: pvogt09 <50047961+pvogt09@users.noreply.github.com> Date: Fri, 14 Feb 2020 20:41:43 +0100 Subject: [PATCH 002/115] Move permission change behind git reset (like in update_repo()) and remove whitespace at end of line Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> --- automated install/basic-install.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6b0927de..b9275190 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -426,8 +426,6 @@ make_repo() { fi # Clone the repo and return the return code from this command git clone -q --depth 20 "${remoteRepo}" "${directory}" &> /dev/null || return $? - # Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git) - chmod -R a+rX "${directory}" # Move into the directory that was passed as an argument pushd "${directory}" &> /dev/null || return 1 # Check current branch. If it is master, then reset to the latest availible tag. @@ -438,7 +436,8 @@ make_repo() { fi # Show a colored message showing it's status printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" - + # Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git) + chmod -R a+rX "${directory}" # Move back into the original directory popd &> /dev/null || return 1 return 0 From 4f390ce801c739ea87cfcae131855ecbd9161818 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 2 Mar 2020 05:39:21 -0800 Subject: [PATCH 003/115] Use bash regex instead of awk. Signed-off-by: Dan Schaper --- advanced/Scripts/query.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index a96129e0..73650400 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -33,15 +33,13 @@ scanList(){ export LC_CTYPE=C # /dev/null forces filename to be printed when only one list has been generated - # shellcheck disable=SC2086 case "${type}" in "exact" ) grep -i -E -l "(^|(?/dev/null;; # Create array of regexps # Iterate through each regexp and check whether it matches the domainQuery # If it does, print the matching regexp and continue looping # Input 1 - regexps | Input 2 - domainQuery - "regex" ) awk 'NR==FNR{regexps[$0];next}{for (r in regexps)if($0 ~ r)print r}' \ - <(echo "${lists}") <(echo "${domain}") 2>/dev/null;; + "regex" ) if [[ "${domain}" =~ ${lists} ]]; then printf "%b\n" "${lists}"; fi;; * ) grep -i "${esc_domain}" ${lists} /dev/null 2>/dev/null;; esac } From 360d0e4e6bfb5c71e078be41d21132422fb20323 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 2 Mar 2020 08:07:10 -0800 Subject: [PATCH 004/115] Loop through array of lists. Signed-off-by: Dan Schaper --- advanced/Scripts/query.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index 73650400..4dc9429d 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -35,11 +35,15 @@ scanList(){ # /dev/null forces filename to be printed when only one list has been generated case "${type}" in "exact" ) grep -i -E -l "(^|(?/dev/null;; - # Create array of regexps # Iterate through each regexp and check whether it matches the domainQuery # If it does, print the matching regexp and continue looping # Input 1 - regexps | Input 2 - domainQuery - "regex" ) if [[ "${domain}" =~ ${lists} ]]; then printf "%b\n" "${lists}"; fi;; + "regex" ) + for list in `echo "${lists}"`; do + if [[ "${domain}" =~ ${list} ]]; then + printf "%b\n" "${list}"; + fi + done;; * ) grep -i "${esc_domain}" ${lists} /dev/null 2>/dev/null;; esac } From bf4fada3b7188630ecb4656b123a94110998cacd Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 2 Mar 2020 09:52:06 -0800 Subject: [PATCH 005/115] Don't quote inside backticks, use unquoted variable. Signed-off-by: Dan Schaper --- advanced/Scripts/query.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index 4dc9429d..7518e6c4 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -39,7 +39,7 @@ scanList(){ # If it does, print the matching regexp and continue looping # Input 1 - regexps | Input 2 - domainQuery "regex" ) - for list in `echo "${lists}"`; do + for list in ${lists}; do if [[ "${domain}" =~ ${list} ]]; then printf "%b\n" "${list}"; fi From 22ce5c0d70e48f8e806dd79758359ccb623efb20 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 9 Mar 2020 00:32:37 +0100 Subject: [PATCH 006/115] Fix incorrect type description. (#3201) Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 28d34ab6..304dc666 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1116,7 +1116,7 @@ show_adlists() { } show_domainlist() { - show_db_entries "Domainlist (0/1 = exact/regex whitelist, 2/3 = exact/regex blacklist)" "SELECT id,type,domain,enabled,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist" "4 4 100 7 19 19 50" + show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,type,domain,enabled,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist" "4 4 100 7 19 19 50" show_db_entries "Domainlist groups" "SELECT * FROM domainlist_by_group" "10 10" } From 497bfd80a5419e9057305dbc4f0ed281a917756c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 9 Mar 2020 00:38:53 +0100 Subject: [PATCH 007/115] Update development from release/v5.0 (#3200) * Use bash regex instead of awk. Signed-off-by: Dan Schaper * Fix incorrect type description. (#3201) Signed-off-by: DL6ER Co-authored-by: Dan Schaper --- advanced/Scripts/piholeDebug.sh | 2 +- advanced/Scripts/query.sh | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 28d34ab6..304dc666 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1116,7 +1116,7 @@ show_adlists() { } show_domainlist() { - show_db_entries "Domainlist (0/1 = exact/regex whitelist, 2/3 = exact/regex blacklist)" "SELECT id,type,domain,enabled,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist" "4 4 100 7 19 19 50" + show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,type,domain,enabled,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist" "4 4 100 7 19 19 50" show_db_entries "Domainlist groups" "SELECT * FROM domainlist_by_group" "10 10" } diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index a96129e0..7518e6c4 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -33,15 +33,17 @@ scanList(){ export LC_CTYPE=C # /dev/null forces filename to be printed when only one list has been generated - # shellcheck disable=SC2086 case "${type}" in "exact" ) grep -i -E -l "(^|(?/dev/null;; - # Create array of regexps # Iterate through each regexp and check whether it matches the domainQuery # If it does, print the matching regexp and continue looping # Input 1 - regexps | Input 2 - domainQuery - "regex" ) awk 'NR==FNR{regexps[$0];next}{for (r in regexps)if($0 ~ r)print r}' \ - <(echo "${lists}") <(echo "${domain}") 2>/dev/null;; + "regex" ) + for list in ${lists}; do + if [[ "${domain}" =~ ${list} ]]; then + printf "%b\n" "${list}"; + fi + done;; * ) grep -i "${esc_domain}" ${lists} /dev/null 2>/dev/null;; esac } From 7b8611ced064bb5f697a633f01e58828eb6e2e46 Mon Sep 17 00:00:00 2001 From: XhmikosR Date: Mon, 9 Mar 2020 01:53:14 +0200 Subject: [PATCH 008/115] Assorted typo fixes. (#3126) * Assorted typo fixes. Signed-off-by: XhmikosR Co-authored-by: Dan Schaper --- .github/ISSUE_TEMPLATE.md | 4 ++-- .gitignore | 2 +- advanced/Scripts/COL_TABLE | 4 ++-- advanced/Scripts/chronometer.sh | 10 +++++----- advanced/Scripts/piholeCheckout.sh | 4 ++-- advanced/Scripts/piholeDebug.sh | 20 ++++++++++---------- advanced/Scripts/setupLCD.sh | 2 +- advanced/blockingpage.css | 4 ++-- advanced/dnsmasq.conf.original | 12 ++++++------ advanced/index.php | 6 +++--- automated install/basic-install.sh | 12 ++++++------ automated install/uninstall.sh | 6 +++--- gravity.sh | 6 +++--- pihole | 6 +++--- test/README.md | 4 ++-- test/test_automated_install.py | 8 ++++---- 16 files changed, 55 insertions(+), 55 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 4a9c585a..bef9f73c 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -9,11 +9,11 @@ `{Replace this with a number from 1 to 10. 1 being not familiar, and 10 being very familiar}` --- -**Expected behaviour:** +**Expected behavior:** `{A detailed description of what you expect to see}` -**Actual behaviour:** +**Actual behavior:** `{A detailed description and/or screenshots of what you do see}` diff --git a/.gitignore b/.gitignore index 1e80dfb8..b7ad1e41 100644 --- a/.gitignore +++ b/.gitignore @@ -15,7 +15,7 @@ __pycache__ # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 -# All idea files, with execptions +# All idea files, with exceptions .idea !.idea/codeStyles/* !.idea/codeStyleSettings.xml diff --git a/advanced/Scripts/COL_TABLE b/advanced/Scripts/COL_TABLE index 57aab4dd..d76be68c 100644 --- a/advanced/Scripts/COL_TABLE +++ b/advanced/Scripts/COL_TABLE @@ -1,7 +1,7 @@ -# Determine if terminal is capable of showing colours +# Determine if terminal is capable of showing colors if [[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]; then # Bold and underline may not show up on all clients - # If something MUST be emphasised, use both + # If something MUST be emphasized, use both COL_BOLD='' COL_ULINE='' diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 1a4ce993..757df9be 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -72,7 +72,7 @@ printFunc() { # Remove excess characters from main text if [[ "$text_main_len" -gt "$text_main_max_len" ]]; then - # Trim text without colours + # Trim text without colors text_main_trim="${text_main_nocol:0:$text_main_max_len}" # Replace with trimmed text text_main="${text_main/$text_main_nocol/$text_main_trim}" @@ -88,7 +88,7 @@ printFunc() { [[ "$spc_num" -le 0 ]] && spc_num="0" spc=$(printf "%${spc_num}s") - #spc="${spc// /.}" # Debug: Visualise spaces + #spc="${spc// /.}" # Debug: Visualize spaces printf "%s%s$spc" "$title" "$text_main" @@ -131,7 +131,7 @@ get_init_stats() { printf "%s%02d:%02d:%02d\\n" "$days" "$hrs" "$mins" "$secs" } - # Set Colour Codes + # Set Color Codes coltable="/opt/pihole/COL_TABLE" if [[ -f "${coltable}" ]]; then source ${coltable} @@ -269,7 +269,7 @@ get_sys_stats() { scr_lines="${scr_size[0]}" scr_cols="${scr_size[1]}" - # Determine Chronometer size behaviour + # Determine Chronometer size behavior if [[ "$scr_cols" -ge 58 ]]; then chrono_width="large" elif [[ "$scr_cols" -gt 40 ]]; then @@ -308,7 +308,7 @@ get_sys_stats() { [[ "${cpu_freq}" == *".0"* ]] && cpu_freq="${cpu_freq/.0/}" fi - # Determine colour for temperature + # Determine color for temperature if [[ -n "$temp_file" ]]; then if [[ "$temp_unit" == "C" ]]; then cpu_temp=$(printf "%.0fc\\n" "$(calcFunc "$(< $temp_file) / 1000")") diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 31009dd9..042a3c02 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -36,7 +36,7 @@ warning1() { return 0 ;; *) - echo -e "\\n ${INFO} Branch change has been cancelled" + echo -e "\\n ${INFO} Branch change has been canceled" return 1 ;; esac @@ -84,7 +84,7 @@ checkout() { echo -e " ${INFO} Shortcut \"dev\" detected - checking out development / devel branches..." echo "" echo -e " ${INFO} Pi-hole Core" - fetch_checkout_pull_branch "${PI_HOLE_FILES_DIR}" "development" || { echo " ${CROSS} Unable to pull Core developement branch"; exit 1; } + fetch_checkout_pull_branch "${PI_HOLE_FILES_DIR}" "development" || { echo " ${CROSS} Unable to pull Core development branch"; exit 1; } if [[ "${INSTALL_WEB_INTERFACE}" == "true" ]]; then echo "" echo -e " ${INFO} Web interface" diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 304dc666..4e137f8d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -138,7 +138,7 @@ PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log" PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log" PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log" -# An array of operating system "pretty names" that we officialy support +# An array of operating system "pretty names" that we officially support # We can loop through the array at any time to see if it matches a value #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS") @@ -300,7 +300,7 @@ compare_local_version_to_git_version() { if [[ "${remote_branch}" == "master" ]]; then # so the color of the text is green log_write "${INFO} Branch: ${COL_GREEN}${remote_branch}${COL_NC}" - # If it is any other branch, they are in a developement branch + # If it is any other branch, they are in a development branch else # So show that in yellow, signifying it's something to take a look at, but not a critical error log_write "${INFO} Branch: ${COL_YELLOW}${remote_branch:-Detached}${COL_NC} (${FAQ_CHECKOUT_COMMAND})" @@ -357,7 +357,7 @@ check_component_versions() { get_program_version() { local program_name="${1}" - # Create a loval variable so this function can be safely reused + # Create a local variable so this function can be safely reused local program_version echo_current_diagnostic "${program_name} version" # Evalutate the program we are checking, if it is any of the ones below, show the version @@ -747,7 +747,7 @@ check_x_headers() { # Do it for the dashboard as well, as the header is different than above local dashboard dashboard=$(curl -Is localhost/admin/ | awk '/X-Pi-hole/' | tr -d '\r') - # Store what the X-Header shoud be in variables for comparision later + # Store what the X-Header shoud be in variables for comparison later local block_page_working block_page_working="X-Pi-hole: A black hole for Internet advertisements." local dashboard_working @@ -818,7 +818,7 @@ dig_at() { # First, do a dig on localhost to see if Pi-hole can use itself to block a domain if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then - # If it can, show sucess + # If it can, show success log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC (${local_address})" else # Otherwise, show a failure @@ -969,7 +969,7 @@ check_name_resolution() { # This function can check a directory exists # Pi-hole has files in several places, so we will reuse this function dir_check() { - # Set the first argument passed to tihs function as a named variable for better readability + # Set the first argument passed to this function as a named variable for better readability local directory="${1}" # Display the current test that is running echo_current_diagnostic "contents of ${COL_CYAN}${directory}${COL_NC}" @@ -987,14 +987,14 @@ dir_check() { } list_files_in_dir() { - # Set the first argument passed to tihs function as a named variable for better readability + # Set the first argument passed to this function as a named variable for better readability local dir_to_parse="${1}" # Store the files found in an array mapfile -t files_found < <(ls "${dir_to_parse}") # For each file in the array, for each_file in "${files_found[@]}"; do if [[ -d "${dir_to_parse}/${each_file}" ]]; then - # If it's a directoy, do nothing + # If it's a directory, do nothing : elif [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_DEBUG_LOG}" ]] || \ [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_RAW_BLOCKLIST_FILES}" ]] || \ @@ -1190,7 +1190,7 @@ analyze_pihole_log() { # So first check if there are domains in the log that should be obfuscated if [[ -n ${line_to_obfuscate} ]]; then # If there are, we need to use awk to replace only the domain name (the 6th field in the log) - # so we substitue the domain for the placeholder value + # so we substitute the domain for the placeholder value obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}') log_write " ${obfuscated_line}" else @@ -1238,7 +1238,7 @@ upload_to_tricorder() { log_write " * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only." log_write " * For more information, see: ${TRICORDER_CONTEST}" log_write " * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat." - # If pihole -d is running automatically (usually throught the dashboard) + # If pihole -d is running automatically (usually through the dashboard) if [[ "${AUTOMATED}" ]]; then # let the user know log_write "${INFO} Debug script running in automated mode" diff --git a/advanced/Scripts/setupLCD.sh b/advanced/Scripts/setupLCD.sh index 00eb963f..e8f14f06 100755 --- a/advanced/Scripts/setupLCD.sh +++ b/advanced/Scripts/setupLCD.sh @@ -20,7 +20,7 @@ getInitSys() { elif [ -f /etc/init.d/cron ] && [ ! -h /etc/init.d/cron ]; then SYSTEMD=0 else - echo "Unrecognised init system" + echo "Unrecognized init system" return 1 fi } diff --git a/advanced/blockingpage.css b/advanced/blockingpage.css index e74844d1..5fd858fb 100644 --- a/advanced/blockingpage.css +++ b/advanced/blockingpage.css @@ -14,7 +14,7 @@ #bpOutput.add:before { content: "Info"; } #bpOutput.add:after { content: "The domain is being whitelisted..."; } #bpOutput.error:before, .unhandled:before { content: "Error"; } -#bpOutput.unhandled:after { content: "An unhandled exception occured. This may happen when your browser is unable to load jQuery, or when the webserver is denying access to the Pi-hole API."; } +#bpOutput.unhandled:after { content: "An unhandled exception occurred. This may happen when your browser is unable to load jQuery, or when the webserver is denying access to the Pi-hole API."; } #bpOutput.success:before { content: "Success"; } #bpOutput.success:after { content: "Website has been whitelisted! You may need to flush your DNS cache"; } @@ -325,7 +325,7 @@ main { box-shadow: inset 0 3px 5px rgba(0,0,0,0.125); } -/* Input border colour */ +/* Input border color */ .buttons *:not([disabled]):hover, .buttons input:focus { border-color: rgba(0,0,0,0.25); } diff --git a/advanced/dnsmasq.conf.original b/advanced/dnsmasq.conf.original index 9e4cc92e..6758f0b8 100644 --- a/advanced/dnsmasq.conf.original +++ b/advanced/dnsmasq.conf.original @@ -46,7 +46,7 @@ #resolv-file= # By default, dnsmasq will send queries to any of the upstream -# servers it knows about and tries to favour servers to are known +# servers it knows about and tries to favor servers to are known # to be up. Uncommenting this forces dnsmasq to try each query # with each server strictly in the order they appear in # /etc/resolv.conf @@ -189,7 +189,7 @@ # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack # hosts. Use the DHCPv4 lease to derive the name, network segment and # MAC address and assume that the host will also have an -# IPv6 address calculated using the SLAAC alogrithm. +# IPv6 address calculated using the SLAAC algorithm. #dhcp-range=1234::, ra-names # Do Router Advertisements, BUT NOT DHCP for this subnet. @@ -210,7 +210,7 @@ #dhcp-range=1234::, ra-stateless, ra-names # Do router advertisements for all subnets where we're doing DHCPv6 -# Unless overriden by ra-stateless, ra-names, et al, the router +# Unless overridden by ra-stateless, ra-names, et al, the router # advertisements will have the M and O bits set, so that the clients # get addresses and configuration from DHCPv6, and the A bit reset, so the # clients don't use SLAAC addresses. @@ -281,7 +281,7 @@ # Give a fixed IPv6 address and name to client with # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 # Note the MAC addresses CANNOT be used to identify DHCPv6 clients. -# Note also the they [] around the IPv6 address are obilgatory. +# Note also the they [] around the IPv6 address are obligatory. #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] # Ignore any clients which are not specified in dhcp-host lines @@ -404,14 +404,14 @@ #dhcp-option=vendor:MSFT,2,1i # Send the Encapsulated-vendor-class ID needed by some configurations of -# Etherboot to allow is to recognise the DHCP server. +# Etherboot to allow is to recognize the DHCP server. #dhcp-option=vendor:Etherboot,60,"Etherboot" # Send options to PXELinux. Note that we need to send the options even # though they don't appear in the parameter request list, so we need # to use dhcp-option-force here. # See http://syslinux.zytor.com/pxe.php#special for details. -# Magic number - needed before anything else is recognised +# Magic number - needed before anything else is recognized #dhcp-option-force=208,f1:00:74:7e # Configuration file name #dhcp-option-force=209,configs/common diff --git a/advanced/index.php b/advanced/index.php index b0c4a7c3..3b1de8d8 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -6,7 +6,7 @@ * This file is copyright under the latest version of the EUPL. * Please see LICENSE file for your rights under this license. */ -// Sanitise HTTP_HOST output +// Sanitize HTTP_HOST output $serverName = htmlspecialchars($_SERVER["HTTP_HOST"]); // Remove external ipv6 brackets if any $serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName); @@ -68,7 +68,7 @@ if ($serverName === "pi.hole") { // Unset variables so as to not be included in $landPage unset($serverName, $svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt, $viewPort); - // Render splash/landing page when directly browsing via IP or authorised hostname + // Render splash/landing page when directly browsing via IP or authorized hostname exit($renderPage); } elseif ($currentUrlExt === "js") { // Serve Pi-hole Javascript for blocked domains requesting JS @@ -209,7 +209,7 @@ $phVersion = exec("cd /etc/.pihole/ && git describe --long --tags"); if (explode("-", $phVersion)[1] != "0") $execTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]; -// Please Note: Text is added via CSS to allow an admin to provide a localised +// Please Note: Text is added via CSS to allow an admin to provide a localized // language without the need to edit this file setHeader(); diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5aaa4a75..14c68250 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -430,8 +430,8 @@ make_repo() { chmod -R a+rX "${directory}" # Move into the directory that was passed as an argument pushd "${directory}" &> /dev/null || return 1 - # Check current branch. If it is master, then reset to the latest availible tag. - # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks) + # Check current branch. If it is master, then reset to the latest available tag. + # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks) curBranch=$(git rev-parse --abbrev-ref HEAD) if [[ "${curBranch}" == "master" ]]; then #If we're calling make_repo() then it should always be master, we may not need to check. git reset --hard "$(git describe --abbrev=0 --tags)" || return $? @@ -466,8 +466,8 @@ update_repo() { git clean --quiet --force -d || true # Okay for already clean directory # Pull the latest commits git pull --quiet &> /dev/null || return $? - # Check current branch. If it is master, then reset to the latest availible tag. - # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks) + # Check current branch. If it is master, then reset to the latest available tag. + # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks) curBranch=$(git rev-parse --abbrev-ref HEAD) if [[ "${curBranch}" == "master" ]]; then git reset --hard "$(git describe --abbrev=0 --tags)" || return $? @@ -819,13 +819,13 @@ It is also possible to use a DHCP reservation, but if you are going to do that, # Ask for the IPv4 address IPV4_ADDRESS=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" "${r}" "${c}" "${IPV4_ADDRESS}" 3>&1 1>&2 2>&3) || \ - # Cancelling IPv4 settings window + # Canceling IPv4 settings window { ipSettingsCorrect=False; echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } printf " %b Your static IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" # Ask for the gateway IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" "${r}" "${c}" "${IPv4gw}" 3>&1 1>&2 2>&3) || \ - # Cancelling gateway settings window + # Canceling gateway settings window { ipSettingsCorrect=False; echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } printf " %b Your static IPv4 gateway: %s\\n" "${INFO}" "${IPv4gw}" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 2d6837b4..01ce9c39 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -14,8 +14,8 @@ while true; do read -rp " ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " yn case ${yn} in [Yy]* ) break;; - [Nn]* ) echo -e "${OVER} ${COL_LIGHT_GREEN}Uninstall has been cancelled${COL_NC}"; exit 0;; - * ) echo -e "${OVER} ${COL_LIGHT_GREEN}Uninstall has been cancelled${COL_NC}"; exit 0;; + [Nn]* ) echo -e "${OVER} ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;; + * ) echo -e "${OVER} ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;; esac done @@ -52,7 +52,7 @@ if [[ "${INSTALL_WEB_SERVER}" == true ]]; then DEPS+=("${PIHOLE_WEB_DEPS[@]}") fi -# Compatability +# Compatibility if [ -x "$(command -v apt-get)" ]; then # Debian Family PKG_REMOVE=("${PKG_MANAGER}" -y remove --purge) diff --git a/gravity.sh b/gravity.sh index c421e832..78b5ef98 100755 --- a/gravity.sh +++ b/gravity.sh @@ -271,7 +271,7 @@ gravity_CheckDNSResolutionAvailable() { fi # If the /etc/resolv.conf contains resolvers other than 127.0.0.1 then the local dnsmasq will not be queried and pi.hole is NXDOMAIN. - # This means that even though name resolution is working, the getent hosts check fails and the holddown timer keeps ticking and eventualy fails + # This means that even though name resolution is working, the getent hosts check fails and the holddown timer keeps ticking and eventually fails # So we check the output of the last command and if it failed, attempt to use dig +short as a fallback if timeout 4 dig +short "${lookupDomain}" &> /dev/null; then if [[ -n "${secs:-}" ]]; then @@ -561,7 +561,7 @@ gravity_ParseFileIntoDomains() { # Determine if we are parsing a consolidated list #if [[ "${source}" == "${piholeDir}/${matterAndLight}" ]]; then # Remove comments and print only the domain name - # Most of the lists downloaded are already in hosts file format but the spacing/formating is not contigious + # Most of the lists downloaded are already in hosts file format but the spacing/formating is not contiguous # This helps with that and makes it easier to read # It also helps with debugging so each stage of the script can be researched more in depth # 1) Remove carriage returns @@ -742,7 +742,7 @@ gravity_Cleanup() { dnsWasOffline=true fi - # Print Pi-hole status if an error occured + # Print Pi-hole status if an error occurred if [[ -n "${error}" ]]; then "${PIHOLE_COMMAND}" status exit 1 diff --git a/pihole b/pihole index 6e72b4a3..9624105a 100755 --- a/pihole +++ b/pihole @@ -302,9 +302,9 @@ tailFunc() { source /etc/pihole/setupVars.conf # Strip date from each line - # Colour blocklist/blacklist/wildcard entries as red - # Colour A/AAAA/DHCP strings as white - # Colour everything else as gray + # Color blocklist/blacklist/wildcard entries as red + # Color A/AAAA/DHCP strings as white + # Color everything else as gray tail -f /var/log/pihole.log | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \ -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ diff --git a/test/README.md b/test/README.md index f5a9b5e8..b4dd1122 100644 --- a/test/README.md +++ b/test/README.md @@ -7,11 +7,11 @@ From command line all you need to do is: - `pip install tox` - `tox` -Tox handles setting up a virtual environment for python dependancies, installing dependancies, building the docker images used by tests, and finally running tests. It's an easy way to have travis-ci like build behavior locally. +Tox handles setting up a virtual environment for python dependencies, installing dependencies, building the docker images used by tests, and finally running tests. It's an easy way to have travis-ci like build behavior locally. ## Alternative py.test method of running tests -You're responsible for setting up your virtual env and dependancies in this situation. +You're responsible for setting up your virtual env and dependencies in this situation. ``` py.test -vv -n auto -m "build_stage" diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 4e9a7eef..c0bd1ebe 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -195,12 +195,12 @@ def test_configureFirewall_IPTables_enabled_rules_exist_no_errors(Pihole): expected_stdout = 'Installing new IPTables firewall rulesets' assert expected_stdout in configureFirewall.stdout firewall_calls = Pihole.run('cat /var/log/iptables').stdout - # General call type occurances + # General call type occurrences assert len(re.findall(r'iptables -S', firewall_calls)) == 1 assert len(re.findall(r'iptables -C', firewall_calls)) == 4 assert len(re.findall(r'iptables -I', firewall_calls)) == 0 - # Specific port call occurances + # Specific port call occurrences assert len(re.findall(r'tcp --dport 80', firewall_calls)) == 1 assert len(re.findall(r'tcp --dport 53', firewall_calls)) == 1 assert len(re.findall(r'udp --dport 53', firewall_calls)) == 1 @@ -242,12 +242,12 @@ def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole): expected_stdout = 'Installing new IPTables firewall rulesets' assert expected_stdout in configureFirewall.stdout firewall_calls = Pihole.run('cat /var/log/iptables').stdout - # General call type occurances + # General call type occurrences assert len(re.findall(r'iptables -S', firewall_calls)) == 1 assert len(re.findall(r'iptables -C', firewall_calls)) == 4 assert len(re.findall(r'iptables -I', firewall_calls)) == 4 - # Specific port call occurances + # Specific port call occurrences assert len(re.findall(r'tcp --dport 80', firewall_calls)) == 2 assert len(re.findall(r'tcp --dport 53', firewall_calls)) == 2 assert len(re.findall(r'udp --dport 53', firewall_calls)) == 2 From bb936f4fdb3e5631193a8f236b71f1b6d75f5743 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Wed, 11 Mar 2020 11:01:28 +0100 Subject: [PATCH 009/115] Reduce apt-get install verbosity The new version of the installer moved from debconf-apt-progress to raw apt-get output on installs to solve issues with interactive config file choices. This lead to a largely increases amount of output lines of the installer. To reduce the apt-get output to a minimum, while sustaining interactive input in case of config files, the "-qq" option can be used, which inherits "--yes": - https://manpages.debian.org/buster/apt/apt-get.8.en.html#OPTIONS - https://manpages.ubuntu.com/manpages/bionic/man8/apt-get.8.html#options Signed-off-by: MichaIng --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 14c68250..070fc3b7 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -184,7 +184,7 @@ if is_command apt-get ; then # A variable to store the command used to update the package cache UPDATE_PKG_CACHE="${PKG_MANAGER} update" # An array for something... - PKG_INSTALL=("${PKG_MANAGER}" --yes --no-install-recommends install) + PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install) # grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" # Some distros vary slightly so these fixes for dependencies may apply From dbc54b3063e6bfff302fdd95269c67ae03085e41 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 11 Mar 2020 18:47:59 +0000 Subject: [PATCH 010/115] remove resolvconf dep Signed-off-by: Adam Warner --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 65c72b40..0d05db1a 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -244,7 +244,7 @@ if is_command apt-get ; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(dhcpcd5 git "${iproute_pkg}" whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf libcap2) + PIHOLE_DEPS=(cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "php-intl") From 1481cc583fe6425a9be74720f1c45a8bfc389ab5 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 11 Mar 2020 18:48:40 +0000 Subject: [PATCH 011/115] Don't set nameserver in dhcpcd.conf Signed-off-by: Adam Warner --- automated install/basic-install.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 0d05db1a..b896eb35 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -854,8 +854,7 @@ setDHCPCD() { # we can append these lines to dhcpcd.conf to enable a static IP echo "interface ${PIHOLE_INTERFACE} static ip_address=${IPV4_ADDRESS} - static routers=${IPv4gw} - static domain_name_servers=127.0.0.1" | tee -a /etc/dhcpcd.conf >/dev/null + static routers=${IPv4gw}" | tee -a /etc/dhcpcd.conf >/dev/null # Then use the ip command to immediately set the new address ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}" # Also give a warning that the user may need to reboot their system From 175d32c5f660a03368be40bb931a3752bb24643c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 11 Mar 2020 18:55:43 +0000 Subject: [PATCH 012/115] Set nameservers to be that which have been chosen by the user in the whiptail Signed-off-by: Adam Warner --- automated install/basic-install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b896eb35..35d4df9f 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -854,7 +854,8 @@ setDHCPCD() { # we can append these lines to dhcpcd.conf to enable a static IP echo "interface ${PIHOLE_INTERFACE} static ip_address=${IPV4_ADDRESS} - static routers=${IPv4gw}" | tee -a /etc/dhcpcd.conf >/dev/null + static routers=${IPv4gw} + static domain_name_servers=${PIHOLE_DNS_1},${PIHOLE_DNS_2}" | tee -a /etc/dhcpcd.conf >/dev/null # Then use the ip command to immediately set the new address ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}" # Also give a warning that the user may need to reboot their system From 4994da5170300cceaba8f1eca143daabe89df357 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 12 Mar 2020 18:48:40 +0000 Subject: [PATCH 013/115] Update automated install/basic-install.sh --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 35d4df9f..f5043ded 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -855,7 +855,7 @@ setDHCPCD() { echo "interface ${PIHOLE_INTERFACE} static ip_address=${IPV4_ADDRESS} static routers=${IPv4gw} - static domain_name_servers=${PIHOLE_DNS_1},${PIHOLE_DNS_2}" | tee -a /etc/dhcpcd.conf >/dev/null + static domain_name_servers=${PIHOLE_DNS_1} ${PIHOLE_DNS_2}" | tee -a /etc/dhcpcd.conf >/dev/null # Then use the ip command to immediately set the new address ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}" # Also give a warning that the user may need to reboot their system From 6d4844a0b3fc7b3fc5418d07fb2bf1d93b6b627c Mon Sep 17 00:00:00 2001 From: Julien Orain Date: Wed, 18 Mar 2020 21:35:35 +0100 Subject: [PATCH 014/115] docs(typo): fix typo Signed-off-by: Julien Orain --- advanced/Templates/pihole.cron | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Templates/pihole.cron b/advanced/Templates/pihole.cron index 8dc98721..ba89efdb 100644 --- a/advanced/Templates/pihole.cron +++ b/advanced/Templates/pihole.cron @@ -10,7 +10,7 @@ # # # This file is under source-control of the Pi-hole installation and update -# scripts, any changes made to this file will be overwritten when the softare +# scripts, any changes made to this file will be overwritten when the software # is updated or re-installed. Please make any changes to the appropriate crontab # or other cron file snippets. From 15a9d662ac5e1aab12a7c025a48d75971b3687f0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 14 Mar 2020 11:18:43 +0000 Subject: [PATCH 015/115] Add option --comment "whatever" for adding comments for new domains through the CLI interface. Signed-off-by: DL6ER --- advanced/Scripts/list.sh | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 4f2e046f..77a5dece 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -22,6 +22,9 @@ web=false domList=() typeId="" +comment="" +declare -i domaincount +domaincount=0 colfile="/opt/pihole/COL_TABLE" source ${colfile} @@ -97,10 +100,12 @@ ValidateDomain() { fi if [[ -n "${validDomain}" ]]; then - domList=("${domList[@]}" ${validDomain}) + domList=("${domList[@]}" "${validDomain}") else echo -e " ${CROSS} ${domain} is not a valid argument or domain name!" fi + + domaincount=$((domaincount+1)) } ProcessDomainList() { @@ -151,7 +156,12 @@ AddDomain() { reload=true # Insert only the domain here. The enabled and date_added fields will be filled # with their default values (enabled = true, date_added = current timestamp) - sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type) VALUES ('${domain}',${typeId});" + if [[ -z "${comment}" ]]; then + sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type) VALUES ('${domain}',${typeId});" + else + # also add comment when variable has been set through the "--comment" option + sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type,comment) VALUES ('${domain}',${typeId},'${comment}');" + fi } RemoveDomain() { @@ -224,8 +234,16 @@ NukeList() { sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE type = ${typeId};" } -for var in "$@"; do - case "${var}" in +GetComment() { + comment="$1" + if [[ "${comment}" =~ [^a-zA-Z0-9_\#:/\.,\ -] ]]; then + echo " ${CROSS} Found invalid characters in domain comment!" + exit + fi +} + +while (( "$#" )); do + case "${1}" in "-w" | "whitelist" ) typeId=0;; "-b" | "blacklist" ) typeId=1;; "--white-regex" | "white-regex" ) typeId=2;; @@ -239,13 +257,15 @@ for var in "$@"; do "-l" | "--list" ) Displaylist;; "--nuke" ) NukeList;; "--web" ) web=true;; - * ) ValidateDomain "${var}";; + "--comment" ) GetComment "${2}"; shift;; + * ) ValidateDomain "${1}";; esac + shift done shift -if [[ $# = 0 ]]; then +if [[ ${domaincount} == 0 ]]; then helpFunc fi From 277179f150692e6c0968912a02341959069a9242 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 27 Mar 2020 19:34:41 +0100 Subject: [PATCH 016/115] Remove 19036 trust anchor, now expired: https://www.icann.org/resources/pages/ksk-rollover Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 829ba57b..aab90c35 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -179,7 +179,6 @@ ProcessDNSSettings() { if [[ "${DNSSEC}" == true ]]; then echo "dnssec -trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D " >> "${dnsmasqconfig}" fi From dc35709a1b3a60cf48bcd78d1a7ffae00c81cb69 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 31 Mar 2020 17:39:21 +0100 Subject: [PATCH 017/115] Remove hosts-file.net from default lists --- automated install/basic-install.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f5043ded..a8ac91f3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1212,8 +1212,7 @@ chooseBlocklists() { MalwareDom "MalwareDomains" on Cameleon "Cameleon" on DisconTrack "Disconnect.me Tracking" on - DisconAd "Disconnect.me Ads" on - HostsFile "Hosts-file.net Ads" on) + DisconAd "Disconnect.me Ads" on) # In a variable, show the choices available; exit if Cancel is selected choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) || { printf " %bCancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; rm "${adlistFile}" ;exit 1; } @@ -1235,7 +1234,6 @@ appendToListsFile() { Cameleon ) echo "https://sysctl.org/cameleon/hosts" >> "${adlistFile}";; DisconTrack ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" >> "${adlistFile}";; DisconAd ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" >> "${adlistFile}";; - HostsFile ) echo "https://hosts-file.net/ad_servers.txt" >> "${adlistFile}";; esac } From 7b15a88dc45e4bda8e52a9ed6c64c1c7c44a9882 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 31 Mar 2020 18:36:40 +0000 Subject: [PATCH 018/115] Strip comments from downloaded lists instead of discarding lines with comments altogether Signed-off-by: DL6ER --- gravity.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/gravity.sh b/gravity.sh index c421e832..2afbb17b 100755 --- a/gravity.sh +++ b/gravity.sh @@ -566,12 +566,14 @@ gravity_ParseFileIntoDomains() { # It also helps with debugging so each stage of the script can be researched more in depth # 1) Remove carriage returns # 2) Convert all characters to lowercase - # 3) Remove lines containing "#" or "/" - # 4) Remove leading tabs, spaces, etc. - # 5) Delete lines not matching domain names + # 3) Remove comments (text starting with "#", include possible spaces before the hash sign) + # 4) Remove lines containing "/" + # 5) Remove leading tabs, spaces, etc. + # 6) Delete lines not matching domain names < "${source}" tr -d '\r' | \ tr '[:upper:]' '[:lower:]' | \ - sed -r '/(\/|#).*$/d' | \ + sed 's/\s*#.*//g' | \ + sed -r '/(\/).*$/d' | \ sed -r 's/^.*\s+//g' | \ sed -r '/([^\.]+\.)+[^\.]{2,}/!d' > "${destination}" chmod 644 "${destination}" From 7d19ee1b2575f90b7a42ee390b5561fe6908250a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 31 Mar 2020 21:48:10 +0100 Subject: [PATCH 019/115] validate blocklist URL before adding to the database (#3237) Signed-off-by: Adam Warner Co-authored-by: DL6ER --- advanced/Scripts/webpage.sh | 34 +++++++++++++++++++++++++--------- gravity.sh | 9 ++++++++- 2 files changed, 33 insertions(+), 10 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index aab90c35..2b70249e 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -401,22 +401,38 @@ SetWebUILayout() { change_setting "WEBUIBOXEDLAYOUT" "${args[2]}" } +CheckUrl(){ + local regex + # Check for characters NOT allowed in URLs + regex="[^a-zA-Z0-9:/?&%=~._-]" + if [[ "${1}" =~ ${regex} ]]; then + return 1 + else + return 0 + fi +} + CustomizeAdLists() { local address address="${args[3]}" local comment comment="${args[4]}" - if [[ "${args[2]}" == "enable" ]]; then - sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'" - elif [[ "${args[2]}" == "disable" ]]; then - sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'" - elif [[ "${args[2]}" == "add" ]]; then - sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address, comment) VALUES ('${address}', '${comment}')" - elif [[ "${args[2]}" == "del" ]]; then - sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'" + if CheckUrl "${address}"; then + if [[ "${args[2]}" == "enable" ]]; then + sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'" + elif [[ "${args[2]}" == "disable" ]]; then + sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'" + elif [[ "${args[2]}" == "add" ]]; then + sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address, comment) VALUES ('${address}', '${comment}')" + elif [[ "${args[2]}" == "del" ]]; then + sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'" + else + echo "Not permitted" + return 1 + fi else - echo "Not permitted" + echo "Invalid Url" return 1 fi } diff --git a/gravity.sh b/gravity.sh index c421e832..cf3f9299 100755 --- a/gravity.sh +++ b/gravity.sh @@ -374,7 +374,14 @@ gravity_DownloadBlocklists() { esac echo -e " ${INFO} Target: ${url}" - gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" + local regex + # Check for characters NOT allowed in URLs + regex="[^a-zA-Z0-9:/?&%=~._-]" + if [[ "${url}" =~ ${regex} ]]; then + echo -e " ${CROSS} Invalid Target" + else + gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" + fi echo "" done From d1caad76d832eca713352826392917fa3f4a23dc Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 1 Apr 2020 17:19:32 +0000 Subject: [PATCH 020/115] Do not flush neigh cache as this is known to create a number of issues. The better aproach to this is to manually flush the ARP cache by either restarting or calling "ip neigh flush all". Signed-off-by: DL6ER --- advanced/Scripts/piholeARPTable.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/advanced/Scripts/piholeARPTable.sh b/advanced/Scripts/piholeARPTable.sh index aa45f9ad..b6b552c9 100755 --- a/advanced/Scripts/piholeARPTable.sh +++ b/advanced/Scripts/piholeARPTable.sh @@ -36,13 +36,6 @@ flushARP(){ echo -ne " ${INFO} Flushing network table ..." fi - # Flush ARP cache to avoid re-adding of dead entries - if ! output=$(ip neigh flush all 2>&1); then - echo -e "${OVER} ${CROSS} Failed to clear ARP cache" - echo " Output: ${output}" - return 1 - fi - # Truncate network_addresses table in pihole-FTL.db # This needs to be done before we can truncate the network table due to # foreign key contraints From 16f664cdb431070f716cf68833a715901e8c3677 Mon Sep 17 00:00:00 2001 From: Antoine Tenart Date: Wed, 1 Apr 2020 18:24:15 +0200 Subject: [PATCH 021/115] basic_install: remove remaining references to hosts-file.net Commit dc35709a1b3a ("Remove hosts-file.net from default lists") left a few references to hosts-file.net. Removes them. Signed-off-by: Antoine Tenart --- automated install/basic-install.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a8ac91f3..e25f7389 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1206,7 +1206,7 @@ chooseBlocklists() { mv "${adlistFile}" "${adlistFile}.old" fi # Let user select (or not) blocklists via a checklist - cmd=(whiptail --separate-output --checklist "Pi-hole relies on third party lists in order to block ads.\\n\\nYou can use the suggestions below, and/or add your own after installation\\n\\nTo deselect any list, use the arrow keys and spacebar" "${r}" "${c}" 6) + cmd=(whiptail --separate-output --checklist "Pi-hole relies on third party lists in order to block ads.\\n\\nYou can use the suggestions below, and/or add your own after installation\\n\\nTo deselect any list, use the arrow keys and spacebar" "${r}" "${c}" 5) # In an array, show the options available (all off by default): options=(StevenBlack "StevenBlack's Unified Hosts List" on MalwareDom "MalwareDomains" on @@ -1250,7 +1250,6 @@ installDefaultBlocklists() { appendToListsFile Cameleon appendToListsFile DisconTrack appendToListsFile DisconAd - appendToListsFile HostsFile } # Check if /etc/dnsmasq.conf is from pi-hole. If so replace with an original and install new in .d directory From a993b8b34d3f4bd1ff1cbd3ea189b8eba3e8f39c Mon Sep 17 00:00:00 2001 From: pvogt09 <50047961+pvogt09@users.noreply.github.com> Date: Fri, 3 Apr 2020 12:06:59 +0200 Subject: [PATCH 022/115] fixes #3217 by checking for existing pihole group Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> --- automated install/basic-install.sh | 41 ++++++++++++++++++++++++++---- test/test_automated_install.py | 41 ++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 14c68250..4474d37e 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1770,18 +1770,49 @@ create_pihole_user() { printf " %b %s..." "${INFO}" "${str}" # If the user pihole exists, if id -u pihole &> /dev/null; then - # just show a success - printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" + # if group exists + if getent group pihole; then + # just show a success + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" + else + local str="Checking for group 'pihole'" + printf " %b %s..." "${INFO}" "${str}" + local str="Creating group 'pihole'" + # if group can be created + if groupadd pihole; then + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" + local str="Adding user 'pihole' to group 'pihole'" + printf " %b %s..." "${INFO}" "${str}" + # if pihole user can be added to group pihole + if usermod -g pihole pihole; then + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" + else + printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" + fi + else + printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" + fi + fi # Otherwise, else printf "%b %b %s" "${OVER}" "${CROSS}" "${str}" local str="Creating user 'pihole'" printf "%b %b %s..." "${OVER}" "${INFO}" "${str}" # create her with the useradd command - if useradd -r -s /usr/sbin/nologin pihole; then - printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" + if getent group pihole; then + # add primary group pihole as it already exists + if useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole; then + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" + else + printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" + fi else - printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" + # add user pihole with default group settings + if useradd -r -s /usr/sbin/nologin pihole; then + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" + else + printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" + fi fi fi } diff --git a/test/test_automated_install.py b/test/test_automated_install.py index c0bd1ebe..c4ab24e3 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -92,6 +92,47 @@ def test_setupVars_saved_to_file(Pihole): assert "{}={}".format(k, v) in output +def test_pihole_user_group_creation(Pihole): + ''' + check user creation works if user or group already exist + ''' + # normal situation where neither user or group exist + user_create = Pihole.run(''' + source /opt/pihole/basic-install.sh + create_pihole_user + ''') + expected_stdout = tick_box + ' Creating user \'pihole\'' + assert expected_stdout in user_create.stdout + # situation where both user and group already exist + user_create = Pihole.run(''' + source /opt/pihole/basic-install.sh + create_pihole_user + ''') + expected_stdout = tick_box + ' Checking for user \'pihole\'' + assert expected_stdout in user_create.stdout + # situation where only group and no user exists + Pihole.run('su --shell /bin/bash --command "userdel -r pihole" -p root') + user_create = Pihole.run(''' + source /opt/pihole/basic-install.sh + create_pihole_user + ''') + expected_stdout = tick_box + ' Creating user \'pihole\'' + assert expected_stdout in user_create.stdout + # situation where only user and no group exists + Pihole.run('su --shell /bin/bash --command "userdel -r pihole" -p root') + Pihole.run('su --shell /bin/bash --command "groupdel pihole" -p root') + Pihole.run('su --shell /bin/bash --command "groupadd pihole_dummy" -p root') + Pihole.run('su --shell /bin/bash --command "useradd -r --no-user-group -g pihole_dummy -s /usr/sbin/nologin pihole" -p root') + user_create = Pihole.run(''' + source /opt/pihole/basic-install.sh + create_pihole_user + ''') + expected_stdout = tick_box + ' Creating group \'pihole\'' + assert expected_stdout in user_create.stdout + expected_stdout = tick_box + ' Adding user \'pihole\' to group \'pihole\'' + assert expected_stdout in user_create.stdout + + def test_configureFirewall_firewalld_running_no_errors(Pihole): ''' confirms firewalld rules are applied when firewallD is running From 25c5661c1bc20c0cd568f375d85adbb5943be47e Mon Sep 17 00:00:00 2001 From: pvogt09 <50047961+pvogt09@users.noreply.github.com> Date: Fri, 3 Apr 2020 19:22:30 +0200 Subject: [PATCH 023/115] fix stickler errors Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> --- test/test_automated_install.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index c4ab24e3..fef9eb99 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -96,6 +96,7 @@ def test_pihole_user_group_creation(Pihole): ''' check user creation works if user or group already exist ''' + sudo_cmd = 'su --shell /bin/bash --command "{0}" -p root' # normal situation where neither user or group exist user_create = Pihole.run(''' source /opt/pihole/basic-install.sh @@ -111,7 +112,7 @@ def test_pihole_user_group_creation(Pihole): expected_stdout = tick_box + ' Checking for user \'pihole\'' assert expected_stdout in user_create.stdout # situation where only group and no user exists - Pihole.run('su --shell /bin/bash --command "userdel -r pihole" -p root') + Pihole.run(sudo_cmd.format('userdel -r pihole')) user_create = Pihole.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -119,10 +120,13 @@ def test_pihole_user_group_creation(Pihole): expected_stdout = tick_box + ' Creating user \'pihole\'' assert expected_stdout in user_create.stdout # situation where only user and no group exists - Pihole.run('su --shell /bin/bash --command "userdel -r pihole" -p root') - Pihole.run('su --shell /bin/bash --command "groupdel pihole" -p root') - Pihole.run('su --shell /bin/bash --command "groupadd pihole_dummy" -p root') - Pihole.run('su --shell /bin/bash --command "useradd -r --no-user-group -g pihole_dummy -s /usr/sbin/nologin pihole" -p root') + Pihole.run(sudo_cmd.format('userdel -r pihole')) + Pihole.run(sudo_cmd.format('groupdel pihole')) + Pihole.run(sudo_cmd.format('groupadd pihole_dummy')) + useradd_dummy = ( + 'useradd -r --no-user-group -g pihole_dummy ' + + '-s /usr/sbin/nologin pihole') + Pihole.run(sudo_cmd.format(useradd_dummy)) user_create = Pihole.run(''' source /opt/pihole/basic-install.sh create_pihole_user From 40ac3e7eb746c1891294c60a20ed2cf7f97e6432 Mon Sep 17 00:00:00 2001 From: pvogt09 <50047961+pvogt09@users.noreply.github.com> Date: Fri, 3 Apr 2020 20:07:44 +0200 Subject: [PATCH 024/115] remove pihole group during uninstall Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> --- automated install/basic-install.sh | 4 ++-- automated install/uninstall.sh | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4474d37e..1070a7a3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1771,7 +1771,7 @@ create_pihole_user() { # If the user pihole exists, if id -u pihole &> /dev/null; then # if group exists - if getent group pihole; then + if getent group pihole > /dev/null 2>&1; then # just show a success printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" else @@ -1799,7 +1799,7 @@ create_pihole_user() { local str="Creating user 'pihole'" printf "%b %b %s..." "${OVER}" "${INFO}" "${str}" # create her with the useradd command - if getent group pihole; then + if getent group pihole > /dev/null 2>&1; then # add primary group pihole as it already exists if useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole; then printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 01ce9c39..5dab2136 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -188,6 +188,14 @@ removeNoPurge() { echo -e " ${CROSS} Unable to remove 'pihole' user" fi fi + # If the pihole group exists, then remove + if getent group "pihole" &> /dev/null; then + if ${SUDO} groupdel pihole 2> /dev/null; then + echo -e " ${TICK} Removed 'pihole' group" + else + echo -e " ${CROSS} Unable to remove 'pihole' group" + fi + fi echo -e "\\n We're sorry to see you go, but thanks for checking out Pi-hole! If you need help, reach out to us on Github, Discourse, Reddit or Twitter From ebbb7168a4c288e61eac30da1c0fe3df71386b22 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sat, 4 Apr 2020 21:45:09 +0200 Subject: [PATCH 025/115] add [options] for pihole restartdns MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- manpages/pihole.8 | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/manpages/pihole.8 b/manpages/pihole.8 index ed012092..9ee50110 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -1,4 +1,4 @@ -.TH "Pi-hole" "8" "Pi-hole" "Pi-hole" "May 2018" +.TH "Pi-hole" "8" "Pi-hole" "Pi-hole" "April 2020" .SH "NAME" Pi-hole : A black-hole for internet advertisements @@ -43,7 +43,7 @@ pihole -g\fR .br pihole status .br -pihole restartdns\fR +pihole restartdns\fR [options] .br \fBpihole\fR (\fBenable\fR|\fBdisable\fR [time]) .br @@ -260,9 +260,16 @@ Available commands and options: #m Disable Pi-hole functionality for # minute(s) .br -\fBrestartdns\fR +\fBrestartdns\fR [options] .br - Restart Pi-hole subsystems + Full restart Pi-hole subsystems +.br + + (restart options): +.br + reload Updates the lists, flushes dnsmasq 's DNS cache +.br + reload-lists Only update the lists WITHOUT flushing dnsmasq 's DNS cache .br \fBcheckout\fR [repo] [branch] From 3095fd4dd68a02945b32ee1bd2910349216baa3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 5 Apr 2020 08:49:35 +0200 Subject: [PATCH 026/115] add restart [options] to cli help MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- pihole | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pihole b/pihole index 6e72b4a3..90227e46 100755 --- a/pihole +++ b/pihole @@ -413,7 +413,9 @@ Options: enable Enable Pi-hole subsystems disable Disable Pi-hole subsystems Add '-h' for more info on disable usage - restartdns Restart Pi-hole subsystems + restartdns Full restart Pi-hole subsystems + Add '-- reload' to only updates the lists and flushes dnsmasq 's DNS cache + Add '--reload-lists' to only update the lists WITHOUT flushing dnsmasq 's DNS cache checkout Switch Pi-hole subsystems to a different Github branch Add '-h' for more info on checkout usage arpflush Flush information stored in Pi-hole's network tables"; From de42669bb7fe5a1ef31033a90a778292dee99cba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 5 Apr 2020 08:56:10 +0200 Subject: [PATCH 027/115] fix typo in pihole help MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 90227e46..e03e29c0 100755 --- a/pihole +++ b/pihole @@ -414,7 +414,7 @@ Options: disable Disable Pi-hole subsystems Add '-h' for more info on disable usage restartdns Full restart Pi-hole subsystems - Add '-- reload' to only updates the lists and flushes dnsmasq 's DNS cache + Add '--reload' to only updates the lists and flushes dnsmasq 's DNS cache Add '--reload-lists' to only update the lists WITHOUT flushing dnsmasq 's DNS cache checkout Switch Pi-hole subsystems to a different Github branch Add '-h' for more info on checkout usage From 2de5362adc2c1c780eac1ab39e466875143091d5 Mon Sep 17 00:00:00 2001 From: M4x Date: Sun, 5 Apr 2020 17:20:35 +0800 Subject: [PATCH 028/115] Sanitize email address in case of security issues (#3254) * Sanitize email address in case of security issues Signed-off-by: bash-c --- advanced/Scripts/webpage.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 2b70249e..f0f8bc31 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -517,6 +517,13 @@ Options: fi if [[ -n "${args[2]}" ]]; then + + # Sanitize email address in case of security issues + if [[ ! "${args[2]}" =~ ^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$ ]]; then + echo -e " ${CROSS} Invalid email address" + exit 0 + fi + change_setting "ADMIN_EMAIL" "${args[2]}" echo -e " ${TICK} Setting admin contact to ${args[2]}" else From d27a565d3950bf0fdb8011b1be7f98e3c8940ee0 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sun, 5 Apr 2020 11:44:44 +0200 Subject: [PATCH 029/115] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: DL6ER Signed-off-by: Christian König --- manpages/pihole.8 | 4 ++-- pihole | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manpages/pihole.8 b/manpages/pihole.8 index 9ee50110..84449429 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -267,9 +267,9 @@ Available commands and options: (restart options): .br - reload Updates the lists, flushes dnsmasq 's DNS cache + reload Updates the lists and flushes DNS cache .br - reload-lists Only update the lists WITHOUT flushing dnsmasq 's DNS cache + reload-lists Updates the lists WITHOUT flushing the DNS cache .br \fBcheckout\fR [repo] [branch] diff --git a/pihole b/pihole index e03e29c0..c0f916b2 100755 --- a/pihole +++ b/pihole @@ -414,8 +414,8 @@ Options: disable Disable Pi-hole subsystems Add '-h' for more info on disable usage restartdns Full restart Pi-hole subsystems - Add '--reload' to only updates the lists and flushes dnsmasq 's DNS cache - Add '--reload-lists' to only update the lists WITHOUT flushing dnsmasq 's DNS cache + Add 'reload' to update the lists and flush the cache without restarting the DNS server + Add 'reload-lists' to only update the lists WITHOUT flushing the cache or restarting the DNS server checkout Switch Pi-hole subsystems to a different Github branch Add '-h' for more info on checkout usage arpflush Flush information stored in Pi-hole's network tables"; From a9b19df4ec2b99442704cf2b7656908e3e10bc14 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 5 Apr 2020 12:28:33 +0100 Subject: [PATCH 030/115] expand email validation regex to catch more valid emails see comments on PR #3254 Signed-off-by: Adam Warner --- advanced/Scripts/webpage.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index f0f8bc31..b60428f6 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -519,7 +519,9 @@ Options: if [[ -n "${args[2]}" ]]; then # Sanitize email address in case of security issues - if [[ ! "${args[2]}" =~ ^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$ ]]; then + local regex + regex="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$" + if [[ ! "${args[2]}" =~ ${regex} ]]; then echo -e " ${CROSS} Invalid email address" exit 0 fi From b6ac1585ec3c093c471b64485b1da36346a9a58a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 5 Apr 2020 12:29:45 +0100 Subject: [PATCH 031/115] add regex attribution Signed-off-by: Adam Warner --- advanced/Scripts/webpage.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index b60428f6..5279cab3 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -519,6 +519,7 @@ Options: if [[ -n "${args[2]}" ]]; then # Sanitize email address in case of security issues + # Regex from https://stackoverflow.com/a/2138832/4065967 local regex regex="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$" if [[ ! "${args[2]}" =~ ${regex} ]]; then From 26f71e4dbe08517ebd35cc972b70462bb1823e5e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 5 Apr 2020 12:34:14 +0100 Subject: [PATCH 032/115] accidentally a space Signed-off-by: Adam Warner --- advanced/Scripts/webpage.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 5279cab3..3a04bbd7 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -522,7 +522,7 @@ Options: # Regex from https://stackoverflow.com/a/2138832/4065967 local regex regex="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$" - if [[ ! "${args[2]}" =~ ${regex} ]]; then + if [[ ! "${args[2]}" =~ ${regex} ]]; then echo -e " ${CROSS} Invalid email address" exit 0 fi From 90a5a13197d9cb43d1f2daea39693a0e312d02cf Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 8 Apr 2020 15:35:07 +0200 Subject: [PATCH 033/115] Convert CONDITIONAL_FORWARDING to REV_SERVER settings. Try to detect intended CIDR range automatically. Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 56 +++++++++++++++++++++++++++++-------- 1 file changed, 45 insertions(+), 11 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index f0f8bc31..41e52747 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -210,8 +210,42 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 fi if [[ "${CONDITIONAL_FORWARDING}" == true ]]; then - add_dnsmasq_setting "server=/${CONDITIONAL_FORWARDING_DOMAIN}/${CONDITIONAL_FORWARDING_IP}" - add_dnsmasq_setting "server=/${CONDITIONAL_FORWARDING_REVERSE}/${CONDITIONAL_FORWARDING_IP}" + # Convert legacy "conditional forwarding" to rev-server configuration + REV_SERVER=true + add_setting "REV_SERVER" "true" + + REV_SERVER_DOMAIN="${CONDITIONAL_FORWARDING_DOMAIN}" + add_setting "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}" + + REV_SERVER_TARGET="${CONDITIONAL_FORWARDING_IP}" + add_setting "REV_SERVER_TARGET" "${REV_SERVER_TARGET}" + + # Remove obsolete settings from setupVars.conf + delete_setting "CONDITIONAL_FORWARDING" + delete_setting "CONDITIONAL_FORWARDING_REVERSE" + delete_setting "CONDITIONAL_FORWARDING_DOMAIN" + delete_setting "CONDITIONAL_FORWARDING_IP" + + # Try to detect intended CIDR by analyzing the target + if [[ "${REV_SERVER_TARGET}" =~ 10\..* ]]; then + # Private network, Class A (RFC 1597 + RFC 1918) + REV_SERVER_CIDR="10.0.0.0/8" + elif [[ "${REV_SERVER_TARGET}" =~ 192\.168\..* ]]; then + # Private network, Class C (RFC 1597 + RFC 1918) + REV_SERVER_CIDR="192.168.0.0/16" + else + # Something else. The user will have to adapt this + # as we cannot know how large their subnet is + REV_SERVER_CIDR="${REV_SERVER_TARGET}/32" + fi + add_setting "REV_SERVER_CIDR" "${REV_SERVER_CIDR}" + fi + + if [[ "${REV_SERVER}" == true ]]; then + add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" + if [ -n "${REV_SERVER_DOMAIN}" ]; then + add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" + fi fi # Prevent Firefox from automatically switching over to DNS-over-HTTPS @@ -247,16 +281,16 @@ SetDNSServers() { change_setting "DNSSEC" "false" fi - if [[ "${args[6]}" == "conditional_forwarding" ]]; then - change_setting "CONDITIONAL_FORWARDING" "true" - change_setting "CONDITIONAL_FORWARDING_IP" "${args[7]}" - change_setting "CONDITIONAL_FORWARDING_DOMAIN" "${args[8]}" - change_setting "CONDITIONAL_FORWARDING_REVERSE" "${args[9]}" + if [[ "${args[6]}" == "rev-server" ]]; then + change_setting "REV_SERVER" "true" + change_setting "REV_SERVER_CIDR" "${args[7]}" + change_setting "REV_SERVER_TARGET" "${args[8]}" + change_setting "REV_SERVER_DOMAIN" "${args[9]}" else - change_setting "CONDITIONAL_FORWARDING" "false" - delete_setting "CONDITIONAL_FORWARDING_IP" - delete_setting "CONDITIONAL_FORWARDING_DOMAIN" - delete_setting "CONDITIONAL_FORWARDING_REVERSE" + change_setting "REV_SERVER" "false" + delete_setting "REV_SERVER_CIDR" + delete_setting "REV_SERVER_TARGET" + delete_setting "REV_SERVER_DOMAIN" fi ProcessDNSSettings From 4130af0aab17689c7295dbe90d1188fefd02874c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 9 Apr 2020 09:05:43 +0200 Subject: [PATCH 034/115] Retain rev-server settings when the feature gets disabled. Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 41e52747..5e63f0cf 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -288,9 +288,6 @@ SetDNSServers() { change_setting "REV_SERVER_DOMAIN" "${args[9]}" else change_setting "REV_SERVER" "false" - delete_setting "REV_SERVER_CIDR" - delete_setting "REV_SERVER_TARGET" - delete_setting "REV_SERVER_DOMAIN" fi ProcessDNSSettings From 093054a1eb6bfc82968ab0c36f0dfc737514599b Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 9 Apr 2020 09:38:24 +0200 Subject: [PATCH 035/115] Automatically convert legacy IP range to Class C network Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 5e63f0cf..d5bf46a4 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -231,12 +231,12 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 # Private network, Class A (RFC 1597 + RFC 1918) REV_SERVER_CIDR="10.0.0.0/8" elif [[ "${REV_SERVER_TARGET}" =~ 192\.168\..* ]]; then - # Private network, Class C (RFC 1597 + RFC 1918) + # Private network, Class B (RFC 1597 + RFC 1918) REV_SERVER_CIDR="192.168.0.0/16" else - # Something else. The user will have to adapt this - # as we cannot know how large their subnet is - REV_SERVER_CIDR="${REV_SERVER_TARGET}/32" + # Something else, convert to /24 subnet (preserves legacy behavior) + # This sed converts "192.168.1.2" to "192.168.1.0/24" + REV_SERVER_CIDR="$(sed "s+\\.[0-9]*$+\\.0/24+" <<< "${REV_SERVER_TARGET}")" fi add_setting "REV_SERVER_CIDR" "${REV_SERVER_CIDR}" fi From 308eb5eda5c32fd262c09a81c5df7ac2433886d9 Mon Sep 17 00:00:00 2001 From: Matthias Schoettle Date: Tue, 10 Mar 2020 14:31:05 -0400 Subject: [PATCH 036/115] Fixes broken blocking page and landing page when changing server port and/or hostname. See issues #2195 and #2720. Signed-off-by: Matthias Schoettle --- advanced/index.php | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/advanced/index.php b/advanced/index.php index b0c4a7c3..4f2a17f7 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -6,8 +6,8 @@ * This file is copyright under the latest version of the EUPL. * Please see LICENSE file for your rights under this license. */ -// Sanitise HTTP_HOST output -$serverName = htmlspecialchars($_SERVER["HTTP_HOST"]); +// Sanitize SERVER_NAME output +$serverName = htmlspecialchars($_SERVER["SERVER_NAME"]); // Remove external ipv6 brackets if any $serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName); @@ -50,16 +50,24 @@ function setHeader($type = "x") { } // Determine block page type -if ($serverName === "pi.hole") { +if ($serverName === "pi.hole" + || (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) { // Redirect to Web Interface exit(header("Location: /admin")); } elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) { // Set Splash Page output $splashPage = " - + + $viewPort - -
Pi-hole: Your black hole for Internet advertisements
Did you mean to go to the admin panel? + + + +
+ Pi-hole: Your black hole for Internet advertisements
+ Did you mean to go to the admin panel? + + "; // Set splash/landing page based off presence of $landPage @@ -68,7 +76,7 @@ if ($serverName === "pi.hole") { // Unset variables so as to not be included in $landPage unset($serverName, $svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt, $viewPort); - // Render splash/landing page when directly browsing via IP or authorised hostname + // Render splash/landing page when directly browsing via IP or authorized hostname exit($renderPage); } elseif ($currentUrlExt === "js") { // Serve Pi-hole Javascript for blocked domains requesting JS @@ -131,7 +139,12 @@ ini_set("default_socket_timeout", 3); function queryAds($serverName) { // Determine the time it takes while querying adlists $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]; - $queryAds = file("http://127.0.0.1/admin/scripts/pi-hole/php/queryads.php?domain=$serverName&bp", FILE_IGNORE_NEW_LINES); + $queryAdsURL = sprintf( + "http://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp", + $_SERVER["SERVER_PORT"], + $serverName + ); + $queryAds = file($queryAdsURL, FILE_IGNORE_NEW_LINES); $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds))); $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime); @@ -209,7 +222,7 @@ $phVersion = exec("cd /etc/.pihole/ && git describe --long --tags"); if (explode("-", $phVersion)[1] != "0") $execTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]; -// Please Note: Text is added via CSS to allow an admin to provide a localised +// Please Note: Text is added via CSS to allow an admin to provide a localized // language without the need to edit this file setHeader(); @@ -226,10 +239,10 @@ setHeader(); - - + + ● <?=$serverName ?> - + - + exit(setHeader().' + + + + + + + '); } elseif (!in_array($currentUrlExt, $validExtTypes) || substr_count($_SERVER["REQUEST_URI"], "?")) { // Serve SVG upon receiving non $validExtTypes URL extension or query string // e.g: Not an iframe of a blocked domain, such as when browsing to a file/query directly // QoL addition: Allow the SVG to be clicked on in order to quickly show the full Block Page - $blockImg = 'Blocked by Pi-hole'; - exit(setHeader()." - $viewPort + $blockImg = ' + + + + + Blocked by Pi-hole + + + '; + exit(setHeader()." + + + + $viewPort + $blockImg "); } @@ -227,7 +249,7 @@ if (explode("-", $phVersion)[1] != "0") setHeader(); ?> - + - + - + - - + + ● <?=$serverName ?>