From 6658968950dcf8f077a6bd9fb309c0aae352b2e0 Mon Sep 17 00:00:00 2001 From: gedetil Date: Tue, 11 Apr 2017 12:21:39 -0500 Subject: [PATCH 01/32] Update settings.php Implement "Halt system" button, next to "Restart system" button, on admin/settings page. Useful for doing clean shutdown before powering off. Gilbert Detillieux 2017-04-11 --- settings.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/settings.php b/settings.php index d74069b4..1c66ca4c 100644 --- a/settings.php +++ b/settings.php @@ -838,10 +838,15 @@ if(isset($_POST["submit"])) {

System Administration

+ +
+ + +
From aac1b1ba05e5bad8f07b58f42aabd66a0ec95160 Mon Sep 17 00:00:00 2001 From: gedetil Date: Tue, 11 Apr 2017 13:40:27 -0500 Subject: [PATCH 02/32] Update settings.js Implement "Halt system" button, next to "Restart system" button, on admin/settings page. Useful for doing clean shutdown before powering off. Gilbert Detillieux 2017-04-11 --- scripts/pi-hole/js/settings.js | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/scripts/pi-hole/js/settings.js b/scripts/pi-hole/js/settings.js index 74991352..dea9b775 100644 --- a/scripts/pi-hole/js/settings.js +++ b/scripts/pi-hole/js/settings.js @@ -17,6 +17,22 @@ $(function () { $("input[name=\"AddMAC\"]").val(mac); }); }); +$(".confirm-halt").confirm({ + text: "Are you sure you want to send a halt command to your Pi-Hole?", + title: "Confirmation required", + confirm(button) { + $("#haltform").submit(); + }, + cancel(button) { + // nothing to do + }, + confirmButton: "Yes, halt", + cancelButton: "No, go back", + post: true, + confirmButtonClass: "btn-danger", + cancelButtonClass: "btn-success", + dialogClass: "modal-dialog modal-mg" // Bootstrap classes for mid-size modal +}); $(".confirm-reboot").confirm({ text: "Are you sure you want to send a reboot command to your Pi-Hole?", title: "Confirmation required", From 08f40722c1d591cc9f320aad197f88a0bd6a05ec Mon Sep 17 00:00:00 2001 From: gedetil Date: Tue, 11 Apr 2017 13:44:18 -0500 Subject: [PATCH 03/32] Update savesettings.php Implement "Halt system" button, next to "Restart system" button, on admin/settings page. Useful for doing clean shutdown before powering off. Gilbert Detillieux 2017-04-11 --- scripts/pi-hole/php/savesettings.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/pi-hole/php/savesettings.php b/scripts/pi-hole/php/savesettings.php index da339526..850177c8 100644 --- a/scripts/pi-hole/php/savesettings.php +++ b/scripts/pi-hole/php/savesettings.php @@ -420,6 +420,11 @@ function readAdlists() $success .= "The webUI settings have been updated"; break; + case "halt": + exec("sudo pihole -a halt"); + $success = "The system will halt in 5 seconds..."; + break; + case "reboot": exec("sudo pihole -a reboot"); $success = "The system will reboot in 5 seconds..."; From ab126d94e058cbb8fc2b651f761fd49ea9ba5b33 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Tue, 2 May 2017 10:47:02 +1000 Subject: [PATCH 04/32] Modifications to support core queryFunc() changes * Set pcre.recursion_limit, 3x the limit necessary to process a valid 253 character domain name * Updated validate_domain() to include underscore as a valid character within a domain * Run escapeshellarg() on `pihole -q` command in the unlikely event that a maliciously crafted domain query is able to pass validate_domain() * Known issues: Changes to the output of this file and Pi-hole core's queryFunc() results in `queryads.js` failing to work (Thereby breaking Tools > Query adlists) --- scripts/pi-hole/php/queryads.php | 57 ++++++++++---------------------- 1 file changed, 18 insertions(+), 39 deletions(-) diff --git a/scripts/pi-hole/php/queryads.php b/scripts/pi-hole/php/queryads.php index 457e235c..62196763 100644 --- a/scripts/pi-hole/php/queryads.php +++ b/scripts/pi-hole/php/queryads.php @@ -9,52 +9,31 @@ ob_end_flush(); ini_set("output_buffering", "0"); ob_implicit_flush(true); -header('Content-Type: text/event-stream'); -header('Cache-Control: no-cache'); +header("Content-Type: text/event-stream"); +header("Cache-Control: no-cache"); +ini_set("pcre.recursion_limit", 1500); -function echoEvent($datatext) { - if(!isset($_GET["IE"])) - echo "data: ".implode("\ndata: ", explode("\n", $datatext))."\n\n"; - else - echo $datatext; +function validate_domain($domain) { // Cr: http://stackoverflow.com/a/4694816 + return (preg_match("/^([a-z\d]((-|_)*[a-z\d])*)(\.([a-z\d]((-|_)*[a-z\d])*))*$/i", $domain) // Valid chars check + && preg_match("/^.{1,253}$/", $domain) // Overall length check + && preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain)); // Length of each label } -// Credit: http://stackoverflow.com/a/4694816/2087442 -function is_valid_domain_name($domain_name) -{ - return (preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $domain_name) //valid chars check - && preg_match("/^.{1,253}$/", $domain_name) //overall length check - && preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name) ); //length of each label -} - -// Test if domain is set -if(isset($_GET["domain"])) -{ - // Is this a valid domain? - $url = $_GET["domain"]; - if(!is_valid_domain_name($url)) - { - echoEvent("Invalid domain!"); - die(); +// Validate domain, if set +if(isset($_GET["domain"])) { + if(validate_domain($_GET["domain"])) { + $domain = $_GET["domain"]; + } else { + die("::: Invalid domain"); } -} -else -{ - echoEvent("No domain provided"); - die(); +} else { + die("::: Domain query not specified"); } -if(isset($_GET["exact"])) -{ - $exact = "-exact"; -} -else -{ - $exact = ""; -} +$exact = isset($_GET["exact"]) ? "-exact" : ""; -$proc = popen("sudo pihole -q ".$url." ".$exact, 'r'); +$proc = popen("sudo pihole -q ".escapeshellarg($domain)." $exact", "r"); while (!feof($proc)) { - echoEvent(fread($proc, 4096)); + echo fread($proc, 4096); } ?> From a3e8ac1a9d4ef3cd91b46d921e462b8a580f966f Mon Sep 17 00:00:00 2001 From: TheME Date: Mon, 10 Jul 2017 21:39:21 +0200 Subject: [PATCH 05/32] list.php: fix path to footer.php... ...if invalid list parameter is used --- list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/list.php b/list.php index 9b71bd74..5efde479 100644 --- a/list.php +++ b/list.php @@ -11,7 +11,7 @@ $list = $_GET['l']; if($list !== "white" && $list !== "black"){ echo "Invalid list parameter"; - require "footer.php"; + require "scripts/pi-hole/php/footer.php"; die(); } From 3a17f9da13cdf4fef54ea0dd1b23323ca59bd66f Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Wed, 19 Jul 2017 00:29:47 +1000 Subject: [PATCH 06/32] Rebase off devel to only add "-bp" functionality * Included pcre.recursion_limit as a safety cutoff measure --- scripts/pi-hole/php/queryads.php | 62 ++++++++++++++++++++++---------- 1 file changed, 44 insertions(+), 18 deletions(-) diff --git a/scripts/pi-hole/php/queryads.php b/scripts/pi-hole/php/queryads.php index 62196763..133ea12c 100644 --- a/scripts/pi-hole/php/queryads.php +++ b/scripts/pi-hole/php/queryads.php @@ -9,31 +9,57 @@ ob_end_flush(); ini_set("output_buffering", "0"); ob_implicit_flush(true); -header("Content-Type: text/event-stream"); -header("Cache-Control: no-cache"); +header('Content-Type: text/event-stream'); +header('Cache-Control: no-cache'); + +function echoEvent($datatext) { + if(!isset($_GET["IE"])) + echo "data: ".implode("\ndata: ", explode("\n", $datatext))."\n\n"; + else + echo $datatext; +} + +// Credit: http://stackoverflow.com/a/4694816/2087442 ini_set("pcre.recursion_limit", 1500); - -function validate_domain($domain) { // Cr: http://stackoverflow.com/a/4694816 - return (preg_match("/^([a-z\d]((-|_)*[a-z\d])*)(\.([a-z\d]((-|_)*[a-z\d])*))*$/i", $domain) // Valid chars check - && preg_match("/^.{1,253}$/", $domain) // Overall length check - && preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain)); // Length of each label +function is_valid_domain_name($domain_name) +{ + return (preg_match("/^((-|_)*[a-z\d]((-|_)*[a-z\d])*(-|_)*)(\.(-|_)*([a-z\d]((-|_)*[a-z\d])*))*$/i", $domain_name) // Valid chars check + && preg_match("/^.{1,253}$/", $domain_name) // Overall length check + && preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name) ); // Length of each label } -// Validate domain, if set -if(isset($_GET["domain"])) { - if(validate_domain($_GET["domain"])) { - $domain = $_GET["domain"]; - } else { - die("::: Invalid domain"); +// Test if domain is set +if(isset($_GET["domain"])) +{ + // Is this a valid domain? + $url = $_GET["domain"]; + if(!is_valid_domain_name($url)) + { + echoEvent("Invalid domain!"); + die(); } -} else { - die("::: Domain query not specified"); +} +else +{ + echoEvent("No domain provided"); + die(); } -$exact = isset($_GET["exact"]) ? "-exact" : ""; +if(isset($_GET["exact"])) +{ + $exact = "-exact"; +} +elseif(isset($_GET["bp"])) +{ + $exact = "-bp"; +} +else +{ + $exact = ""; +} -$proc = popen("sudo pihole -q ".escapeshellarg($domain)." $exact", "r"); +$proc = popen("sudo pihole -q ".$url." ".$exact, 'r'); while (!feof($proc)) { - echo fread($proc, 4096); + echoEvent(fread($proc, 4096)); } ?> From 1ae7247213061a00cda2bcbe9f79edf87c9a724c Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Wed, 26 Jul 2017 22:09:22 -0400 Subject: [PATCH 07/32] Change success check to a more stable indicator Fixes #540 --- scripts/pi-hole/js/list.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/pi-hole/js/list.js b/scripts/pi-hole/js/list.js index 1b01387c..664d64b2 100644 --- a/scripts/pi-hole/js/list.js +++ b/scripts/pi-hole/js/list.js @@ -143,8 +143,7 @@ function add(arg) { method: "post", data: {"domain":domain.val(), "list":locallistType, "token":token}, success: function(response) { - if (response.indexOf("not a valid argument") >= 0 || - response.indexOf("is not a valid domain") >= 0) { + if (response.indexOf("] Pi-hole blocking is ") === -1) { alFailure.show(); err.html(response); alFailure.delay(4000).fadeOut(2000, function() { From fe3e8fcb08ca15964a97c6ab5f706f27b43034d0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 27 Jul 2017 16:01:18 +0200 Subject: [PATCH 08/32] Ensure excess whitespace is split when white/blacklisting multiple domains --- scripts/pi-hole/php/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/pi-hole/php/auth.php b/scripts/pi-hole/php/auth.php index a8a64e33..22cb459c 100644 --- a/scripts/pi-hole/php/auth.php +++ b/scripts/pi-hole/php/auth.php @@ -119,7 +119,7 @@ function check_csrf($token) { function check_domain() { if(isset($_POST['domain'])){ - $domains = explode(" ",$_POST['domain']); + $domains = preg_split('\s+', $_POST['domain']); foreach($domains as $domain) { $validDomain = is_valid_domain_name($domain); From 873dde525405cf12a8a6dc414643538992640a32 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 28 Jul 2017 19:59:56 +0100 Subject: [PATCH 09/32] change `admin` to `approvers` Signed-off-by: Adam Warner --- .pullapprove.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pullapprove.yml b/.pullapprove.yml index dfe83654..42d3b2fb 100644 --- a/.pullapprove.yml +++ b/.pullapprove.yml @@ -35,4 +35,4 @@ groups: - master required: 4 teams: - - admin + - approvers From 2b5a4d8989bd514f58ce460ed460868ad4af0e3b Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Wed, 2 Aug 2017 21:16:55 -0400 Subject: [PATCH 10/32] Fix undefined variable $timestamp --- scripts/pi-hole/php/update_checker.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/pi-hole/php/update_checker.php b/scripts/pi-hole/php/update_checker.php index abcfc9de..6629b6a6 100644 --- a/scripts/pi-hole/php/update_checker.php +++ b/scripts/pi-hole/php/update_checker.php @@ -42,14 +42,14 @@ $FTL_current = exec("pihole-FTL version"); $versionfile = "../versions"; $check_version = false; +$date = date_create(); +$timestamp = date_timestamp_get($date); // Check version if version buffer file does not exist if(is_readable($versionfile)) { // Obtain latest time stamp from buffer file $versions = explode(",",file_get_contents($versionfile)); - $date = date_create(); - $timestamp = date_timestamp_get($date); // Is last check for updates older than 30 minutes? if($timestamp >= intval($versions[0]) + 1800) From 295639f77bb14e20ac7286d96bf9504c349158bb Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Wed, 2 Aug 2017 21:21:19 -0400 Subject: [PATCH 11/32] Fix unknown variable in db_queries.php Probably the result of a copy-paste from queries.php to db_queries.php --- db_queries.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db_queries.php b/db_queries.php index 189c97cd..a2441b58 100644 --- a/db_queries.php +++ b/db_queries.php @@ -99,7 +99,7 @@ $token = $_SESSION['token'];
-

Recent Queries

+

Recent Queries

From 0023bc6007b1e8f324e03fb7b49d7fcc354fc4d2 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sun, 6 Aug 2017 16:56:00 -0400 Subject: [PATCH 12/32] Wrap domain if too long in Query Log --- style/pi-hole.css | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/style/pi-hole.css b/style/pi-hole.css index 6f090058..18b88fe4 100644 --- a/style/pi-hole.css +++ b/style/pi-hole.css @@ -34,3 +34,9 @@ a.lookatme { -webkit-animation-iteration-count: infinite; animation-iteration-count: infinite; } +#all-queries { + table-layout: fixed; +} +#all-queries tbody { + word-wrap: break-word; +} From 127314e98e4401b41ff8b73bacd57fe7b20813e4 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Tue, 8 Aug 2017 20:46:01 -0400 Subject: [PATCH 13/32] Fix undefined total in DB top lists --- scripts/pi-hole/js/db_lists.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/pi-hole/js/db_lists.js b/scripts/pi-hole/js/db_lists.js index 9a7cdfbc..00087d75 100644 --- a/scripts/pi-hole/js/db_lists.js +++ b/scripts/pi-hole/js/db_lists.js @@ -90,7 +90,7 @@ function updateTopClientsChart() { var url = clientname; percentage = data.top_sources[client] / sum * 100.0; clienttable.append(" " + url + - " " + data.top_sources[client] + "
" + data.top_sources[client] + "
"); } @@ -108,7 +108,7 @@ function updateTopDomainsChart() { $("#domain-frequency td").parent().remove(); var domaintable = $("#domain-frequency").find("tbody:last"); var domain, percentage; - var sum = 0; + let sum = 0; for (domain in data.top_domains) { if ({}.hasOwnProperty.call(data.top_domains, domain)){ sum += data.top_domains[domain]; @@ -128,7 +128,7 @@ function updateTopDomainsChart() { percentage = data.top_domains[domain] / sum * 100.0; domaintable.append(" " + domain + - " " + data.top_domains[domain] + "
" + data.top_domains[domain] + "
"); } @@ -165,7 +165,7 @@ function updateTopAdsChart() { } percentage = data.top_ads[ad] / sum * 100.0; - adtable.append(" " + ad + " " + data.top_ads[ad] + "
"); + adtable.append(" " + ad + " " + data.top_ads[ad] + "
"); } } From cff98f8ebe346e985cf2834b87e9454d9b29cf0a Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Tue, 8 Aug 2017 20:49:31 -0400 Subject: [PATCH 14/32] Remove testing change --- scripts/pi-hole/js/db_lists.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/pi-hole/js/db_lists.js b/scripts/pi-hole/js/db_lists.js index 00087d75..75a21746 100644 --- a/scripts/pi-hole/js/db_lists.js +++ b/scripts/pi-hole/js/db_lists.js @@ -108,7 +108,7 @@ function updateTopDomainsChart() { $("#domain-frequency td").parent().remove(); var domaintable = $("#domain-frequency").find("tbody:last"); var domain, percentage; - let sum = 0; + var sum = 0; for (domain in data.top_domains) { if ({}.hasOwnProperty.call(data.top_domains, domain)){ sum += data.top_domains[domain]; From fe35ca3f0283d3971ea8f0753b6ba12997327d23 Mon Sep 17 00:00:00 2001 From: Edd Turtle Date: Tue, 15 Aug 2017 19:03:12 +0100 Subject: [PATCH 15/32] Fix arrow positions in sidebar to be vertically centered --- scripts/pi-hole/php/header.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/pi-hole/php/header.php b/scripts/pi-hole/php/header.php index cb9eecf5..83d8af16 100644 --- a/scripts/pi-hole/php/header.php +++ b/scripts/pi-hole/php/header.php @@ -432,10 +432,10 @@ if($auth) {
  • hidden="true"> - Disable    + Disable   
    • @@ -472,10 +472,10 @@ if($auth) {
    • active"> - Tools + Tools
        From 41f5e3fe1b4e7264c9def19102b9571a14b29bde Mon Sep 17 00:00:00 2001 From: Edd Turtle Date: Wed, 16 Aug 2017 20:03:21 +0100 Subject: [PATCH 16/32] Fix final sidebar button (from devel branch) --- scripts/pi-hole/php/header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/pi-hole/php/header.php b/scripts/pi-hole/php/header.php index d0551755..767e1a47 100644 --- a/scripts/pi-hole/php/header.php +++ b/scripts/pi-hole/php/header.php @@ -420,10 +420,10 @@ if($auth) {
      • active"> - Long term data + Long term data
          class="active"> From 8ab21484378811bad5aac28e8badf48f7ae069a9 Mon Sep 17 00:00:00 2001 From: TheME Date: Sun, 27 Aug 2017 21:24:02 +0200 Subject: [PATCH 17/32] footer.php: elegantize 'Disable Custom time' modal --- scripts/pi-hole/php/footer.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/scripts/pi-hole/php/footer.php b/scripts/pi-hole/php/footer.php index 33917305..1e1bc3f8 100644 --- a/scripts/pi-hole/php/footer.php +++ b/scripts/pi-hole/php/footer.php @@ -11,17 +11,16 @@