Merge branch 'development' into cors_mixed_content_fix

2017-10-08 12:22:14 +11:00
parent 6323d5afed cfcdc53185
commit 2c091f3a3c
13 changed files with 988 additions and 752 deletions
--- a/advanced/01-pihole.conf
+++ b/advanced/01-pihole.conf
@@ -42,6 +42,6 @@ cache-size=10000
 log-queries
 log-facility=/var/log/pihole.log

-local-ttl=300
+local-ttl=2

 log-async
--- a/advanced/Scripts/list.sh
+++ b/advanced/Scripts/list.sh
@@ -66,15 +66,15 @@ HandleOther() {
  domain="${1,,}"

  # Check validity of domain
-  validDomain=$(perl -lne 'print if /^((-|_)*[a-z\d]((-|_)*[a-z\d])*(-|_)*)(\.(-|_)*([a-z\d]((-|_)*[a-z\d])*))*$/' <<< "${domain}") # Valid chars check
-  validDomain=$(perl -lne 'print if /^.{1,253}$/' <<< "${validDomain}") # Overall length check
-  validDomain=$(perl -lne 'print if /^[^\.]{1,63}(\.[^\.]{1,63})*$/' <<< "${validDomain}") # Length of each label
+  if [[ "${#domain}" -le 253 ]]; then
+    validDomain=$(grep -P "^((-|_)*[a-z\d]((-|_)*[a-z\d])*(-|_)*)(\.(-|_)*([a-z\d]((-|_)*[a-z\d])*))*$" <<< "${domain}") # Valid chars check
+    validDomain=$(grep -P "^[^\.]{1,63}(\.[^\.]{1,63})*$" <<< "${validDomain}") # Length of each label
+  fi
  
-  if [[ -z "${validDomain}" ]]; then
-    echo -e "  ${CROSS} $1 is not a valid argument or domain name!"
-  else
-    echo -e "  ${TICK} $1 is a valid domain name!"
+  if [[ -n "${validDomain}" ]]; then
    domList=("${domList[@]}" ${validDomain})
+  else
+    echo -e "  ${CROSS} ${domain} is not a valid argument or domain name!"
  fi
 }

@@ -107,6 +107,8 @@ AddDomain() {
  [[ "${list}" == "${wildcardlist}" ]] && listname="wildcard blacklist"

  if [[ "${list}" == "${whitelist}" || "${list}" == "${blacklist}" ]]; then
+    [[ "${list}" == "${whitelist}" && -z "${type}" ]] && type="--whitelist-only"
+    [[ "${list}" == "${blacklist}" && -z "${type}" ]] && type="--blacklist-only"
    bool=true
    # Is the domain in the list we want to add it to?
    grep -Ex -q "${domain}" "${list}" > /dev/null 2>&1 || bool=false
@@ -129,7 +131,7 @@ AddDomain() {
    # Remove the /* from the end of the IP addresses
    IPV4_ADDRESS=${IPV4_ADDRESS%/*}
    IPV6_ADDRESS=${IPV6_ADDRESS%/*}
-
+    [[ -z "${type}" ]] && type="--wildcard-only"
    bool=true
    # Is the domain in the list?
    grep -e "address=\/${domain}\/" "${wildcardlist}" > /dev/null 2>&1 || bool=false
@@ -138,7 +140,7 @@ AddDomain() {
      if [[ "${verbose}" == true ]]; then
      echo -e "  ${INFO} Adding $1 to wildcard blacklist..."
      fi
-      reload=true
+      reload="restart"
      echo "address=/$1/${IPV4_ADDRESS}" >> "${wildcardlist}"
      if [[ "${#IPV6_ADDRESS}" > 0 ]]; then
        echo "address=/$1/${IPV6_ADDRESS}" >> "${wildcardlist}"
@@ -161,6 +163,8 @@ RemoveDomain() {

  if [[ "${list}" == "${whitelist}" || "${list}" == "${blacklist}" ]]; then
    bool=true
+    [[ "${list}" == "${whitelist}" && -z "${type}" ]] && type="--whitelist-only"
+    [[ "${list}" == "${blacklist}" && -z "${type}" ]] && type="--blacklist-only"
    # Is it in the list? Logic follows that if its whitelisted it should not be blacklisted and vice versa
    grep -Ex -q "${domain}" "${list}" > /dev/null 2>&1 || bool=false
    if [[ "${bool}" == true ]]; then
@@ -175,6 +179,7 @@ RemoveDomain() {
      fi
    fi
  elif [[ "${list}" == "${wildcardlist}" ]]; then
+    [[ -z "${type}" ]] && type="--wildcard-only"
    bool=true
    # Is it in the list?
    grep -e "address=\/${domain}\/" "${wildcardlist}" > /dev/null 2>&1 || bool=false
@@ -192,12 +197,10 @@ RemoveDomain() {
  fi
 }

+# Update Gravity
 Reload() {
-  # Reload hosts file
  echo ""
-  echo -e "  ${INFO} Updating gravity..."
-  echo ""
-  pihole -g -sd
+  pihole -g --skip-download "${type:-}"
 }

 Displaylist() {
@@ -243,6 +246,7 @@ fi

 PoplistFile

-if ${reload}; then
-  Reload
+if [[ "${reload}" != false ]]; then
+  # Ensure that "restart" is used for Wildcard updates
+  Reload "${reload}"
 fi
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -1,4 +1,6 @@
 #!/usr/bin/env bash
+# shellcheck disable=SC1090
+
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
@@ -30,6 +32,7 @@ Options:
  -f, fahrenheit      Set Fahrenheit as preferred temperature unit
  -k, kelvin          Set Kelvin as preferred temperature unit
  -r, hostrecord      Add a name to the DNS associated to an IPv4/IPv6 address
+  -e, email           Set an administrative contact address for the Block Page
  -h, --help          Show this help dialog
  -i, interface       Specify dnsmasq's interface listening behavior
                        Add '-h' for more info on interface usage"
@@ -226,20 +229,7 @@ Reboot() {
 }

 RestartDNS() {
-  local str="Restarting DNS service"
-  [[ -t 1 ]] && echo -ne "  ${INFO} ${str}"
-  if command -v systemctl &> /dev/null; then
-    output=$( { systemctl restart dnsmasq; } 2>&1 )
-  else
-    output=$( { service dnsmasq restart; } 2>&1 )
-  fi
-
-  if [[ -z "${output}" ]]; then
-    [[ -t 1 ]] && echo -e "${OVER}  ${TICK} ${str}"
-  else
-    [[ ! -t 1 ]] && OVER=""
-    echo -e "${OVER}  ${CROSS} ${output}"
-  fi
+  /usr/local/bin/pihole restartdns
 }

 SetQueryLogOptions() {
@@ -427,6 +417,27 @@ Options:
 	RestartDNS
 }

+SetAdminEmail() {
+  if [[ "${1}" == *"-h"* ]]; then
+    echo "Usage: pihole -a email <address>
+Example: 'pihole -a email admin@address.com'
+Set an administrative contact address for the Block Page
+
+Options:
+  \"\"                  Empty: Remove admin contact
+  -h, --help          Show this help dialog"
+    exit 0
+  fi
+
+	if [[ -n "${args[2]}" ]]; then
+		change_setting "ADMIN_EMAIL" "${args[2]}"
+		echo -e "  ${TICK} Setting admin contact to ${args[2]}"
+	else
+		change_setting "ADMIN_EMAIL" ""
+		echo -e "  ${TICK} Removing admin contact"
+	fi
+}
+
 SetListeningMode() {
 	source "${setupVars}"

@@ -497,6 +508,7 @@ main() {
 		"addstaticdhcp"     ) AddDHCPStaticAddress;;
 		"removestaticdhcp"  ) RemoveDHCPStaticAddress;;
 		"-r" | "hostrecord" ) SetHostRecord "$3";;
+		"-e" | "email"      ) SetAdminEmail "$3";;
 		"-i" | "interface"  ) SetListeningMode "$@";;
 		"-t" | "teleporter" ) Teleporter;;
 		"adlist"            ) CustomizeAdLists;;
--- a/advanced/blockingpage.css
+++ b/advanced/blockingpage.css
@@ -228,7 +228,6 @@ header #bpAlt label {
 .aboutImg {
  background: url("/admin/img/logo.svg") no-repeat center;
  background-size: 90px 90px;
-  border: 3px solid rgba(255,255,255,0.2);
  height: 90px;
  margin: 0 auto;
  padding: 2px;
--- a/advanced/index.js
+++ b/advanced/index.js
@@ -1 +0,0 @@
-var x = ""
--- a/advanced/index.php
+++ b/advanced/index.php
@@ -9,32 +9,30 @@
 // Sanitise HTTP_HOST output
 $serverName = htmlspecialchars($_SERVER["HTTP_HOST"]);

+if (!is_file("/etc/pihole/setupVars.conf"))
+  die("[ERROR] File not found: <code>/etc/pihole/setupVars.conf</code>");
+
 // Get values from setupVars.conf
-if (is_file("/etc/pihole/setupVars.conf")) {
-    $setupVars = parse_ini_file("/etc/pihole/setupVars.conf");
-    $svFQDN = $setupVars["FQDN"];
-    $svPasswd = !empty($setupVars["WEBPASSWORD"]);
-    $svEmail = (!empty($setupVars["ADMIN_EMAIL"]) && filter_var($setupVars["ADMIN_EMAIL"], FILTER_VALIDATE_EMAIL)) ? $setupVars["ADMIN_EMAIL"] : "";
-    unset($setupVars);
-} else {
-    die("[ERROR] File not found: <code>/etc/pihole/setupVars.conf</code>");
-}
+$setupVars = parse_ini_file("/etc/pihole/setupVars.conf");
+$svPasswd = !empty($setupVars["WEBPASSWORD"]);
+$svEmail = (!empty($setupVars["ADMIN_EMAIL"]) && filter_var($setupVars["ADMIN_EMAIL"], FILTER_VALIDATE_EMAIL)) ? $setupVars["ADMIN_EMAIL"] : "";
+unset($setupVars);

 // Set landing page location, found within /var/www/html/
 $landPage = "../landing.php";

-// Set empty array for hostnames to be accepted as self address for splash page
+// Define array for hostnames to be accepted as self address for splash page
 $authorizedHosts = [];
-
-// Append FQDN to $authorizedHosts
-if (!empty($svFQDN)) array_push($authorizedHosts, $svFQDN);
-
-// Append virtual hostname to $authorizedHosts
-if (!empty($_SERVER["VIRTUAL_HOST"])) {
+if (!empty($_SERVER["FQDN"])) {
+    // If setenv.add-environment = ("fqdn" => "true") is configured in lighttpd,
+    // append $serverName to $authorizedHosts
+    array_push($authorizedHosts, $serverName);
+} else if (!empty($_SERVER["VIRTUAL_HOST"])) {
+    // Append virtual hostname to $authorizedHosts
    array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]);
 }

-// Set which extension types render as Block Page (Including "" for index.wxyz)
+// Set which extension types render as Block Page (Including "" for index.ext)
 $validExtTypes = array("asp", "htm", "html", "php", "rss", "xml", "");

 // Get extension of current URL
@@ -56,8 +54,9 @@ function setHeader($type = "x") {
    if (isset($type) && $type === "js") header("Content-Type: application/javascript");
 }

-// Determine block page redirect type
+// Determine block page type
 if ($serverName === "pi.hole") {
+    // Redirect to Web Interface
    exit(header("Location: /admin"));
 } elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) {
    // Set Splash Page output
@@ -68,21 +67,28 @@ if ($serverName === "pi.hole") {
    </head><body id='splashpage'><img src='/admin/img/logo.svg'/><br/>Pi-<b>hole</b>: Your black hole for Internet advertisements</body></html>
    ";

-    // Render splash page or landing page when directly browsing via IP or auth'd hostname
+    // Set splash/landing page based off presence of $landPage
    $renderPage = is_file(getcwd()."/$landPage") ? include $landPage : "$splashPage";
-    unset($serverName, $svFQDN, $svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt, $viewPort);
+
+    // Unset variables so as to not be included in $landPage
+    unset($serverName, $svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt, $viewPort);
+
+    // Render splash/landing page when directly browsing via IP or authorised hostname
    exit($renderPage);
 } elseif ($currentUrlExt === "js") {
-    // Serve dummy Javascript for blocked domains
+    // Serve Pi-hole Javascript for blocked domains requesting JS
    exit(setHeader("js").'var x = "Pi-hole: A black hole for Internet advertisements."');
 } elseif (strpos($_SERVER["REQUEST_URI"], "?") !== FALSE && isset($_SERVER["HTTP_REFERER"])) {
-    // Serve blank image upon receiving REQUEST_URI w/ query string & HTTP_REFERRER (e.g: an iframe of a blocked domain)
+    // Serve blank image upon receiving REQUEST_URI w/ query string & HTTP_REFERRER
+    // e.g: An iframe of a blocked domain
    exit(setHeader().'<html>
        <head><script>window.close();</script></head>
        <body><img src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs="></body>
    </html>');
 } elseif (!in_array($currentUrlExt, $validExtTypes) || substr_count($_SERVER["REQUEST_URI"], "?")) {
-    // Serve SVG upon receiving non $validExtTypes URL extension or query string (e.g: not an iframe of a blocked domain)
+    // Serve SVG upon receiving non $validExtTypes URL extension or query string
+    // e.g: Not an iframe of a blocked domain, such as when browsing to a file/query directly
+    // QoL addition: Allow the SVG to be clicked on in order to quickly show the full Block Page
    $blockImg = '<a href="/"><svg xmlns="http://www.w3.org/2000/svg" width="110" height="16"><defs><style>a {text-decoration: none;} circle {stroke: rgba(152,2,2,0.5); fill: none; stroke-width: 2;} rect {fill: rgba(152,2,2,0.5);} text {opacity: 0.3; font: 11px Arial;}</style></defs><circle cx="8" cy="8" r="7"/><rect x="10.3" y="-6" width="2" height="12" transform="rotate(45)"/><text x="19.3" y="12">Blocked by Pi-hole</text></svg></a>';
    exit(setHeader()."<html>
        <head>$viewPort</head>
@@ -95,7 +101,7 @@ if ($serverName === "pi.hole") {
 // Determine placeholder text based off $svPasswd presence
 $wlPlaceHolder = empty($svPasswd) ? "No admin password set" : "Javascript disabled";

-// Define admin email address text
+// Define admin email address text based off $svEmail presence
 $bpAskAdmin = !empty($svEmail) ? '<a href="mailto:'.$svEmail.'?subject=Site Blocked: '.$serverName.'"></a>' : "<span/>";

 // Determine if at least one block list has been generated
@@ -120,8 +126,10 @@ if (empty($adlistsUrls))
 // Get total number of blocklists (Including Whitelist, Blacklist & Wildcard lists)
 $adlistsCount = count($adlistsUrls) + 3;

-// Get results of queryads.php exact search
+// Set query timeout
 ini_set("default_socket_timeout", 3);
+
+// Logic for querying blocklists
 function queryAds($serverName) {
    // Determine the time it takes while querying adlists
    $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
@@ -131,32 +139,39 @@ function queryAds($serverName) {

    // Exception Handling
    try {
-        if ($queryTime >= ini_get("default_socket_timeout")) {
+        // Define Exceptions
+        if (strpos($queryAds[0], "No exact results") !== FALSE) {
+            // Return "none" into $queryAds array
+            return array("0" => "none");
+        } else if ($queryTime >= ini_get("default_socket_timeout")) {
+            // Connection Timeout
            throw new Exception ("Connection timeout (".ini_get("default_socket_timeout")."s)");
        } elseif (!strpos($queryAds[0], ".") !== false) {
-            if (strpos($queryAds[0], "No exact results") !== FALSE) return array("0" => "none");
+            // Unknown $queryAds output
            throw new Exception ("Unhandled error message (<code>$queryAds[0]</code>)");
        }
        return $queryAds;
    } catch (Exception $e) {
+        // Return exception as array
        return array("0" => "error", "1" => $e->getMessage());
    }
-
 }

+// Get results of queryads.php exact search
 $queryAds = queryAds($serverName);

-if ($queryAds[0] === "error") {
+// Pass error through to Block Page
+if ($queryAds[0] === "error")
    die("[ERROR]: Unable to parse results from <i>queryads.php</i>: <code>".$queryAds[1]."</code>");
-} else {
-    $featuredTotal = count($queryAds);

-    // Place results into key => value array
-    $queryResults = null;
-    foreach ($queryAds as $str) {
-      $value = explode(" ", $str);
-      @$queryResults[$value[0]] .= "$value[1]";
-    }
+// Count total number of matching blocklists
+$featuredTotal = count($queryAds);
+
+// Place results into key => value array
+$queryResults = null;
+foreach ($queryAds as $str) {
+    $value = explode(" ", $str);
+    @$queryResults[$value[0]] .= "$value[1]";
 }

 // Determine if domain has been blacklisted, whitelisted, wildcarded or CNAME blocked
@@ -174,7 +189,8 @@ if (strpos($queryAds[0], "blacklist") !== FALSE) {
    $featuredTotal = "0";
    $notableFlagClass = "noblock";

-    // Determine appropriate info message if CNAME exists
+    // QoL addition: Determine appropriate info message if CNAME exists
+    // Suggests to the user that $serverName has a CNAME (alias) that may be blocked
    $dnsRecord = dns_get_record("$serverName")[0];
    if (array_key_exists("target", $dnsRecord)) {
        $wlInfo = $dnsRecord['target'];
@@ -191,9 +207,12 @@ $wlOutput = (isset($wlInfo) && $wlInfo !== "recentwl") ? "<a href='http://$wlInf
 $phVersion = exec("cd /etc/.pihole/ && git describe --long --tags");

 // Print $execTime on development branches
-// Marginally faster than "git rev-parse --abbrev-ref HEAD"
+// Testing for - is marginally faster than "git rev-parse --abbrev-ref HEAD"
 if (explode("-", $phVersion)[1] != "0")
  $execTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
+
+// Please Note: Text is added via CSS to allow an admin to provide a localised
+// language without the need to edit this file
 ?>
 <!DOCTYPE html>
 <!-- Pi-hole: A black hole for Internet advertisements
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -41,7 +41,7 @@ accesslog.format            = "%{%s}t|%V|%r|%s|%b"


 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
-url.access-deny             = ( "~", ".inc" )
+url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

 compress.cache-dir          = "/var/cache/lighttpd/compress/"
@@ -66,5 +66,10 @@ $HTTP["url"] =~ "^/admin/" {
    }
 }

+# Block . files from being served, such as .git, .github, .gitignore
+$HTTP["url"] =~ "^/admin/\.(.*)" {
+     url.access-deny = ("")
+}
+
 # Add user chosen options held in external file
 include_shell "cat external.conf 2>/dev/null"
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -42,7 +42,7 @@ accesslog.format            = "%{%s}t|%V|%r|%s|%b"


 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
-url.access-deny             = ( "~", ".inc" )
+url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

 compress.cache-dir          = "/var/cache/lighttpd/compress/"
@@ -85,5 +85,10 @@ $HTTP["url"] =~ "^/admin/" {
    }
 }

+# Block . files from being served, such as .git, .github, .gitignore
+$HTTP["url"] =~ "^/admin/\.(.*)" {
+     url.access-deny = ("")
+}
+
 # Add user chosen options held in external file
 include_shell "cat external.conf 2>/dev/null"