Merge pull request #4405 from pi-hole/development

Pi-hole v5.6

.github/workflows/test.yml

@@ -28,7 +28,7 @@ jobs:
     needs: smoke-test
     strategy:
       matrix:
-        distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_32, fedora_33]
+        distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_33, fedora_34]
     env:
       DISTRO: ${{matrix.distro}}
     steps:

advanced/Scripts/database_migration/gravity-db.sh

@@ -122,4 +122,10 @@ upgrade_gravityDB(){
 		sqlite3 "${database}" < "${scriptPath}/13_to_14.sql"
 		version=14
 	fi
+	if [[ "$version" == "14" ]]; then
+	# Changes the vw_adlist created in 5_to_6
+	echo -e "  ${INFO} Upgrading gravity database from version 14 to 15"
+	sqlite3 "${database}" < "${scriptPath}/14_to_15.sql"
+	version=15
+fi
 }

advanced/Scripts/database_migration/gravity/13_to_14.sql

@@ -10,4 +10,4 @@ ALTER TABLE adlist ADD COLUMN status INTEGER NOT NULL DEFAULT 0;
 
 UPDATE info SET value = 14 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/database_migration/gravity/14_to_15.sql

@@ -0,0 +1,15 @@
+.timeout 30000
+
+PRAGMA FOREIGN_KEYS=OFF;
+
+BEGIN TRANSACTION;
+DROP VIEW vw_adlist;
+
+CREATE VIEW vw_adlist AS SELECT DISTINCT address, id
+    FROM adlist
+    WHERE enabled = 1
+    ORDER BY id;
+
+UPDATE info SET value = 15 WHERE property = 'version';
+
+COMMIT;

advanced/Scripts/piholeDebug.sh

@@ -585,6 +585,27 @@ processor_check() {
     fi
 }
 
+disk_usage() {
+    local file_system
+    local hide
+
+    echo_current_diagnostic "Disk usage"
+    mapfile -t file_system < <(df -h)
+
+    # Some lines of df might contain sensitive information like usernames and passwords.
+    # E.g. curlftpfs filesystems (https://www.looklinux.com/mount-ftp-share-on-linux-using-curlftps/)
+    # We are not interested in those lines so we collect keyword, to remove them from the output
+    # Additinal keywords can be added, separated by "|"
+    hide="curlftpfs"
+
+    # only show those lines not containg a sensitive phrase
+    for line in "${file_system[@]}"; do
+      if [[ ! $line =~ $hide ]]; then
+        log_write "   ${line}"
+      fi
+    done
+}
+
 parse_setup_vars() {
     echo_current_diagnostic "Setup variables"
     # If the file exists,
@@ -1421,6 +1442,7 @@ diagnose_operating_system
 check_selinux
 check_firewalld
 processor_check
+disk_usage
 check_networking
 check_name_resolution
 check_dhcp_servers

advanced/Scripts/webpage.sh

@@ -709,54 +709,14 @@ AddCustomDNSAddress() {
 
     ip="${args[2]}"
     host="${args[3]}"
-	echo "${ip} ${host}" >> "${dnscustomfile}"
+    reload="${args[4]}"
 
-    # Restart dnsmasq to load new custom DNS entries
-    RestartDNS
-}
-
-RemoveCustomDNSAddress() {
-    echo -e "  ${TICK} Removing custom DNS entry..."
-
-    ip="${args[2]}"
-    host="${args[3]}"
-
-    if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
-        sed -i "/^${ip} ${host}$/d" "${dnscustomfile}"
-    else
-        echo -e "  ${CROSS} Invalid IP has been passed"
-        exit 1
-    fi
-
-    # Restart dnsmasq to update removed custom DNS entries
-    RestartDNS
-}
-
-AddCustomCNAMERecord() {
-    echo -e "  ${TICK} Adding custom CNAME record..."
-
-    domain="${args[2]}"
-    target="${args[3]}"
-
-    echo "cname=${domain},${target}" >> "${dnscustomcnamefile}"
-
-    # Restart dnsmasq to load new custom CNAME records
-    RestartDNS
-}
-
-RemoveCustomCNAMERecord() {
-    echo -e "  ${TICK} Removing custom CNAME record..."
-
-    domain="${args[2]}"
-    target="${args[3]}"
-
-    validDomain="$(checkDomain "${domain}")"
-    if [[ -n "${validDomain}" ]]; then
-        validTarget="$(checkDomain "${target}")"
-        if [[ -n "${validDomain}" ]]; then
-            sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}"
+    validHost="$(checkDomain "${host}")"
+    if [[ -n "${validHost}" ]]; then
+        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
+            echo "${ip} ${validHost}" >> "${dnscustomfile}"
         else
-            echo "  ${CROSS} Invalid Target Passed!"
+            echo -e "  ${CROSS} Invalid IP has been passed"
             exit 1
         fi
     else
@@ -764,8 +724,89 @@ RemoveCustomCNAMERecord() {
         exit 1
     fi
 
-    # Restart dnsmasq to update removed custom CNAME records
-    RestartDNS
+    # Restart dnsmasq to load new custom DNS entries only if $reload not false
+    if [[ ! $reload == "false" ]]; then
+      RestartDNS
+    fi
+}
+
+RemoveCustomDNSAddress() {
+    echo -e "  ${TICK} Removing custom DNS entry..."
+
+    ip="${args[2]}"
+    host="${args[3]}"
+    reload="${args[4]}"
+
+    validHost="$(checkDomain "${host}")"
+    if [[ -n "${validHost}" ]]; then
+        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
+            sed -i "/^${ip} ${validHost}$/d" "${dnscustomfile}"
+        else
+            echo -e "  ${CROSS} Invalid IP has been passed"
+            exit 1
+        fi
+        else
+            echo "  ${CROSS} Invalid Domain passed!"
+            exit 1
+    fi
+
+    # Restart dnsmasq to load new custom DNS entries only if reload is not false
+    if [[ ! $reload == "false" ]]; then
+      RestartDNS
+    fi
+}
+
+AddCustomCNAMERecord() {
+    echo -e "  ${TICK} Adding custom CNAME record..."
+
+    domain="${args[2]}"
+    target="${args[3]}"
+    reload="${args[4]}"
+
+    validDomain="$(checkDomain "${domain}")"
+    if [[ -n "${validDomain}" ]]; then
+        validTarget="$(checkDomain "${target}")"
+        if [[ -n "${validTarget}" ]]; then
+          echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}"
+        else
+          echo "  ${CROSS} Invalid Target Passed!"
+          exit 1
+        fi
+    else
+        echo "  ${CROSS} Invalid Domain passed!"
+        exit 1
+    fi
+    # Restart dnsmasq to load new custom CNAME records only if reload is not false
+    if [[ ! $reload == "false" ]]; then
+      RestartDNS
+    fi
+}
+
+RemoveCustomCNAMERecord() {
+    echo -e "  ${TICK} Removing custom CNAME record..."
+
+    domain="${args[2]}"
+    target="${args[3]}"
+    reload="${args[4]}"
+
+    validDomain="$(checkDomain "${domain}")"
+    if [[ -n "${validDomain}" ]]; then
+        validTarget="$(checkDomain "${target}")"
+        if [[ -n "${validTarget}" ]]; then
+            sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}"
+        else
+          echo "  ${CROSS} Invalid Target Passed!"
+          exit 1
+        fi
+    else
+        echo "  ${CROSS} Invalid Domain passed!"
+        exit 1
+    fi
+
+    # Restart dnsmasq to update removed custom CNAME records only if $reload not false
+    if [[ ! $reload == "false" ]]; then
+      RestartDNS
+    fi
 }
 
 main() {

advanced/Templates/gravity.db.sql

@@ -57,7 +57,7 @@ CREATE TABLE info
 	value TEXT NOT NULL
 );
 
-INSERT INTO "info" VALUES('version','14');
+INSERT INTO "info" VALUES('version','15');
 
 CREATE TABLE domain_audit
 (
@@ -143,12 +143,10 @@ CREATE VIEW vw_gravity AS SELECT domain, adlist_by_group.group_id AS group_id
     LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
     WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1);
 
-CREATE VIEW vw_adlist AS SELECT DISTINCT address, adlist.id AS id
+CREATE VIEW vw_adlist AS SELECT DISTINCT address, id
     FROM adlist
-    LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = adlist.id
-    LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
-    WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1)
-    ORDER BY adlist.id;
+    WHERE enabled = 1
+    ORDER BY id;
 
 CREATE TRIGGER tr_domainlist_add AFTER INSERT ON domainlist
     BEGIN

advanced/Templates/pihole-FTL.service

@@ -24,9 +24,13 @@ start() {
     touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
     # Ensure that permissions are set so that pihole-FTL can edit all necessary files
     chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole
-    chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /etc/pihole/macvendor.db
+    chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
+    # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
+    chmod -f 0644 /etc/pihole/macvendor.db
     # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
     chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
+    # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
+    chmod -f 0664 /etc/pihole/pihole-FTL.db
     if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
       su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
     else

advanced/lighttpd.conf.debian

@@ -85,5 +85,12 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
     url.access-deny = ("")
 }
 
+# allow teleporter iframe on settings page
+$HTTP["url"] =~ "/teleporter\.php$" {
+    $HTTP["referer"] =~ "/admin/settings\.php" {
+        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+    }
+}
+
 # Default expire header
 expire.url = ( "" => "access plus 0 seconds" )

advanced/lighttpd.conf.fedora

@@ -93,5 +93,12 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
     url.access-deny = ("")
 }
 
+# allow teleporter iframe on settings page
+$HTTP["url"] =~ "/teleporter\.php$" {
+    $HTTP["referer"] =~ "/admin/settings\.php" {
+        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+    }
+}
+
 # Default expire header
 expire.url = ( "" => "access plus 0 seconds" )

automated install/basic-install.sh

@@ -292,7 +292,7 @@ if is_command apt-get ; then
     # It's useful to separate this from Pi-hole, since the two repos are also setup separately
     PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl")
     # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php
-    if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then
+    if [[ -z "${phpInsMajor}" || "${phpInsMajor}" -lt 8 ]]; then
         PIHOLE_WEB_DEPS+=("${phpVer}-json")
     fi
     # The Web server user,
@@ -1914,8 +1914,6 @@ IPv6:	${IPV6_ADDRESS:-"Not Configured"}
 
 If you have not done so already, the above IP should be set to static.
 
-The install log is in /etc/pihole.
-
 ${additional}" "${r}" "${c}"
 }
 

test/_fedora_34.Dockerfile

@@ -1,4 +1,4 @@
-FROM fedora:32
+FROM fedora:34
 
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole

test/tox.fedora_34.ini

@@ -4,5 +4,5 @@ envlist = py37
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
-commands = docker build -f _fedora_32.Dockerfile -t pytest_pihole:test_container ../
+commands = docker build -f _fedora_34.Dockerfile -t pytest_pihole:test_container ../
            pytest {posargs:-vv -n auto} ./test_automated_install.py ./test_centos_fedora_common_support.py ./test_fedora_support.py