Merge pull request #4405 from pi-hole/development

Pi-hole v5.6

.github/dependabot.yml

@@ -7,4 +7,4 @@ updates:
     day: saturday
     time: "10:00"
   open-pull-requests-limit: 10
-  target-branch: developement
+  target-branch: developement

.github/workflows/test.yml

@@ -28,7 +28,7 @@ jobs:
     needs: smoke-test
     strategy:
       matrix:
-        distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_32, fedora_33]
+        distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_33, fedora_34]
     env:
       DISTRO: ${{matrix.distro}}
     steps:

advanced/Scripts/database_migration/gravity-db.sh

@@ -122,4 +122,10 @@ upgrade_gravityDB(){
 		sqlite3 "${database}" < "${scriptPath}/13_to_14.sql"
 		version=14
 	fi
+	if [[ "$version" == "14" ]]; then
+	# Changes the vw_adlist created in 5_to_6
+	echo -e "  ${INFO} Upgrading gravity database from version 14 to 15"
+	sqlite3 "${database}" < "${scriptPath}/14_to_15.sql"
+	version=15
+fi
 }

advanced/Scripts/database_migration/gravity/13_to_14.sql

@@ -10,4 +10,4 @@ ALTER TABLE adlist ADD COLUMN status INTEGER NOT NULL DEFAULT 0;
 
 UPDATE info SET value = 14 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/database_migration/gravity/14_to_15.sql

@@ -0,0 +1,15 @@
+.timeout 30000
+
+PRAGMA FOREIGN_KEYS=OFF;
+
+BEGIN TRANSACTION;
+DROP VIEW vw_adlist;
+
+CREATE VIEW vw_adlist AS SELECT DISTINCT address, id
+    FROM adlist
+    WHERE enabled = 1
+    ORDER BY id;
+
+UPDATE info SET value = 15 WHERE property = 'version';
+
+COMMIT;

advanced/Scripts/piholeDebug.sh

@@ -585,6 +585,27 @@ processor_check() {
     fi
 }
 
+disk_usage() {
+    local file_system
+    local hide
+
+    echo_current_diagnostic "Disk usage"
+    mapfile -t file_system < <(df -h)
+
+    # Some lines of df might contain sensitive information like usernames and passwords.
+    # E.g. curlftpfs filesystems (https://www.looklinux.com/mount-ftp-share-on-linux-using-curlftps/)
+    # We are not interested in those lines so we collect keyword, to remove them from the output
+    # Additinal keywords can be added, separated by "|"
+    hide="curlftpfs"
+
+    # only show those lines not containg a sensitive phrase
+    for line in "${file_system[@]}"; do
+      if [[ ! $line =~ $hide ]]; then
+        log_write "   ${line}"
+      fi
+    done
+}
+
 parse_setup_vars() {
     echo_current_diagnostic "Setup variables"
     # If the file exists,
@@ -777,14 +798,30 @@ check_x_headers() {
     # server is operating correctly
     echo_current_diagnostic "Dashboard and block page"
     # Use curl -I to get the header and parse out just the X-Pi-hole one
+    local block_page
+    block_page=$(curl -Is localhost | awk '/X-Pi-hole/' | tr -d '\r')
+    # Do it for the dashboard as well, as the header is different than above
     local dashboard
     dashboard=$(curl -Is localhost/admin/ | awk '/X-Pi-hole/' | tr -d '\r')
     # Store what the X-Header should be in variables for comparison later
+    local block_page_working
+    block_page_working="X-Pi-hole: A black hole for Internet advertisements."
     local dashboard_working
     dashboard_working="X-Pi-hole: The Pi-hole Web interface is working!"
+    local full_curl_output_block_page
+    full_curl_output_block_page="$(curl -Is localhost)"
     local full_curl_output_dashboard
     full_curl_output_dashboard="$(curl -Is localhost/admin/)"
-    
+    # If the X-header found by curl matches what is should be,
+    if [[ $block_page == "$block_page_working" ]]; then
+        # display a success message
+        log_write "$TICK Block page X-Header: ${COL_GREEN}${block_page}${COL_NC}"
+    else
+        # Otherwise, show an error
+        log_write "$CROSS Block page X-Header: ${COL_RED}X-Header does not match or could not be retrieved.${COL_NC}"
+        log_write "${COL_RED}${full_curl_output_block_page}${COL_NC}"
+    fi
+
     # Same logic applies to the dashboard as above, if the X-Header matches what a working system should have,
     if [[ $dashboard == "$dashboard_working" ]]; then
         # then we can show a success
@@ -1405,6 +1442,7 @@ diagnose_operating_system
 check_selinux
 check_firewalld
 processor_check
+disk_usage
 check_networking
 check_name_resolution
 check_dhcp_servers

advanced/Scripts/webpage.sh

@@ -709,54 +709,14 @@ AddCustomDNSAddress() {
 
     ip="${args[2]}"
     host="${args[3]}"
-	echo "${ip} ${host}" >> "${dnscustomfile}"
+    reload="${args[4]}"
 
-    # Restart dnsmasq to load new custom DNS entries
-    RestartDNS
-}
-
-RemoveCustomDNSAddress() {
-    echo -e "  ${TICK} Removing custom DNS entry..."
-
-    ip="${args[2]}"
-    host="${args[3]}"
-
-    if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
-        sed -i "/^${ip} ${host}$/d" "${dnscustomfile}"
-    else
-        echo -e "  ${CROSS} Invalid IP has been passed"
-        exit 1
-    fi
-
-    # Restart dnsmasq to update removed custom DNS entries
-    RestartDNS
-}
-
-AddCustomCNAMERecord() {
-    echo -e "  ${TICK} Adding custom CNAME record..."
-
-    domain="${args[2]}"
-    target="${args[3]}"
-
-    echo "cname=${domain},${target}" >> "${dnscustomcnamefile}"
-
-    # Restart dnsmasq to load new custom CNAME records
-    RestartDNS
-}
-
-RemoveCustomCNAMERecord() {
-    echo -e "  ${TICK} Removing custom CNAME record..."
-
-    domain="${args[2]}"
-    target="${args[3]}"
-
-    validDomain="$(checkDomain "${domain}")"
-    if [[ -n "${validDomain}" ]]; then
-        validTarget="$(checkDomain "${target}")"
-        if [[ -n "${validDomain}" ]]; then
-            sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}"
+    validHost="$(checkDomain "${host}")"
+    if [[ -n "${validHost}" ]]; then
+        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
+            echo "${ip} ${validHost}" >> "${dnscustomfile}"
         else
-            echo "  ${CROSS} Invalid Target Passed!"
+            echo -e "  ${CROSS} Invalid IP has been passed"
             exit 1
         fi
     else
@@ -764,8 +724,89 @@ RemoveCustomCNAMERecord() {
         exit 1
     fi
 
-    # Restart dnsmasq to update removed custom CNAME records
-    RestartDNS
+    # Restart dnsmasq to load new custom DNS entries only if $reload not false
+    if [[ ! $reload == "false" ]]; then
+      RestartDNS
+    fi
+}
+
+RemoveCustomDNSAddress() {
+    echo -e "  ${TICK} Removing custom DNS entry..."
+
+    ip="${args[2]}"
+    host="${args[3]}"
+    reload="${args[4]}"
+
+    validHost="$(checkDomain "${host}")"
+    if [[ -n "${validHost}" ]]; then
+        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
+            sed -i "/^${ip} ${validHost}$/d" "${dnscustomfile}"
+        else
+            echo -e "  ${CROSS} Invalid IP has been passed"
+            exit 1
+        fi
+        else
+            echo "  ${CROSS} Invalid Domain passed!"
+            exit 1
+    fi
+
+    # Restart dnsmasq to load new custom DNS entries only if reload is not false
+    if [[ ! $reload == "false" ]]; then
+      RestartDNS
+    fi
+}
+
+AddCustomCNAMERecord() {
+    echo -e "  ${TICK} Adding custom CNAME record..."
+
+    domain="${args[2]}"
+    target="${args[3]}"
+    reload="${args[4]}"
+
+    validDomain="$(checkDomain "${domain}")"
+    if [[ -n "${validDomain}" ]]; then
+        validTarget="$(checkDomain "${target}")"
+        if [[ -n "${validTarget}" ]]; then
+          echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}"
+        else
+          echo "  ${CROSS} Invalid Target Passed!"
+          exit 1
+        fi
+    else
+        echo "  ${CROSS} Invalid Domain passed!"
+        exit 1
+    fi
+    # Restart dnsmasq to load new custom CNAME records only if reload is not false
+    if [[ ! $reload == "false" ]]; then
+      RestartDNS
+    fi
+}
+
+RemoveCustomCNAMERecord() {
+    echo -e "  ${TICK} Removing custom CNAME record..."
+
+    domain="${args[2]}"
+    target="${args[3]}"
+    reload="${args[4]}"
+
+    validDomain="$(checkDomain "${domain}")"
+    if [[ -n "${validDomain}" ]]; then
+        validTarget="$(checkDomain "${target}")"
+        if [[ -n "${validTarget}" ]]; then
+            sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}"
+        else
+          echo "  ${CROSS} Invalid Target Passed!"
+          exit 1
+        fi
+    else
+        echo "  ${CROSS} Invalid Domain passed!"
+        exit 1
+    fi
+
+    # Restart dnsmasq to update removed custom CNAME records only if $reload not false
+    if [[ ! $reload == "false" ]]; then
+      RestartDNS
+    fi
 }
 
 main() {

advanced/Templates/gravity.db.sql

@@ -57,7 +57,7 @@ CREATE TABLE info
 	value TEXT NOT NULL
 );
 
-INSERT INTO "info" VALUES('version','14');
+INSERT INTO "info" VALUES('version','15');
 
 CREATE TABLE domain_audit
 (
@@ -143,12 +143,10 @@ CREATE VIEW vw_gravity AS SELECT domain, adlist_by_group.group_id AS group_id
     LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
     WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1);
 
-CREATE VIEW vw_adlist AS SELECT DISTINCT address, adlist.id AS id
+CREATE VIEW vw_adlist AS SELECT DISTINCT address, id
     FROM adlist
-    LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = adlist.id
-    LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
-    WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1)
-    ORDER BY adlist.id;
+    WHERE enabled = 1
+    ORDER BY id;
 
 CREATE TRIGGER tr_domainlist_add AFTER INSERT ON domainlist
     BEGIN

advanced/Templates/pihole-FTL.service

@@ -24,9 +24,13 @@ start() {
     touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
     # Ensure that permissions are set so that pihole-FTL can edit all necessary files
     chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole
-    chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /etc/pihole/macvendor.db
+    chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
+    # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
+    chmod -f 0644 /etc/pihole/macvendor.db
     # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
     chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
+    # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
+    chmod -f 0664 /etc/pihole/pihole-FTL.db
     if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
       su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
     else

advanced/index.php

@@ -11,6 +11,15 @@ $serverName = htmlspecialchars($_SERVER["SERVER_NAME"]);
 // Remove external ipv6 brackets if any
 $serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);
 
+if (!is_file("/etc/pihole/setupVars.conf"))
+  die("[ERROR] File not found: <code>/etc/pihole/setupVars.conf</code>");
+
+// Get values from setupVars.conf
+$setupVars = parse_ini_file("/etc/pihole/setupVars.conf");
+$svPasswd = !empty($setupVars["WEBPASSWORD"]);
+$svEmail = (!empty($setupVars["ADMIN_EMAIL"]) && filter_var($setupVars["ADMIN_EMAIL"], FILTER_VALIDATE_EMAIL)) ? $setupVars["ADMIN_EMAIL"] : "";
+unset($setupVars);
+
 // Set landing page location, found within /var/www/html/
 $landPage = "../landing.php";
 
@@ -25,6 +34,21 @@ if (!empty($_SERVER["FQDN"])) {
     array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]);
 }
 
+// Set which extension types render as Block Page (Including "" for index.ext)
+$validExtTypes = array("asp", "htm", "html", "php", "rss", "xml", "");
+
+// Get extension of current URL
+$currentUrlExt = pathinfo($_SERVER["REQUEST_URI"], PATHINFO_EXTENSION);
+
+// Set mobile friendly viewport
+$viewPort = '<meta name="viewport" content="width=device-width, initial-scale=1">';
+
+// Set response header
+function setHeader($type = "x") {
+    header("X-Pi-hole: A black hole for Internet advertisements.");
+    if (isset($type) && $type === "js") header("Content-Type: application/javascript");
+}
+
 // Determine block page type
 if ($serverName === "pi.hole"
     || (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) {
@@ -47,26 +71,325 @@ if ($serverName === "pi.hole"
     <html lang='en'>
         <head>
             <meta charset='utf-8'>
-            <meta name='viewport' content='width=device-width, initial-scale=1'>
+            $viewPort
             <title>● $serverName</title>
-            <link rel='shortcut icon' href='admin/img/favicons/favicon.ico' type='image/x-icon'>
-            <style>
-              #splashpage { background: #222; color: rgba(255, 255, 255, 0.7); text-align: center; }
-              #splashpage img { margin: 5px; width: 256px; }
-              #splashpage b { color: inherit; }
-            </style>
+            <link rel='stylesheet' href='/pihole/blockingpage.css'>
+            <link rel='shortcut icon' href='/admin/img/favicons/favicon.ico' type='image/x-icon'>
         </head>
         <body id='splashpage'>
-            <img src='admin/img/logo.svg' alt='Pi-hole logo' width='256' height='377'>
-            <br>
-            <p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
-            <a href='/admin'>Did you mean to go to the admin panel?</a>
+            <div id="pihole_card">
+              <img src='/admin/img/logo.svg' alt='Pi-hole logo' id="pihole_logo_splash" />
+              <p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
+              <a href='/admin'>Did you mean to go to the admin panel?</a>
+            </div>
         </body>
     </html>
 EOT;
     exit($splashPage);
+} elseif ($currentUrlExt === "js") {
+    // Serve Pi-hole JavaScript for blocked domains requesting JS
+    exit(setHeader("js").'var x = "Pi-hole: A black hole for Internet advertisements."');
+} elseif (strpos($_SERVER["REQUEST_URI"], "?") !== FALSE && isset($_SERVER["HTTP_REFERER"])) {
+    // Serve blank image upon receiving REQUEST_URI w/ query string & HTTP_REFERRER
+    // e.g: An iframe of a blocked domain
+    exit(setHeader().'<!doctype html>
+    <html lang="en">
+        <head>
+            <meta charset="utf-8"><script>window.close();</script>
+        </head>
+        <body>
+            <img src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=">
+        </body>
+    </html>');
+} elseif (!in_array($currentUrlExt, $validExtTypes) || substr_count($_SERVER["REQUEST_URI"], "?")) {
+    // Serve SVG upon receiving non $validExtTypes URL extension or query string
+    // e.g: Not an iframe of a blocked domain, such as when browsing to a file/query directly
+    // QoL addition: Allow the SVG to be clicked on in order to quickly show the full Block Page
+    $blockImg = '<a href="/">
+    <svg xmlns="http://www.w3.org/2000/svg" width="110" height="16">
+      <circle cx="8" cy="8" r="7" fill="none" stroke="rgba(152,2,2,.5)" stroke-width="2"/>
+      <path fill="rgba(152,2,2,.5)" d="M11.526 3.04l1.414 1.415-8.485 8.485-1.414-1.414z"/>
+      <text x="19.3" y="12" opacity=".3" style="font:11px Arial">
+        Blocked by Pi-hole
+      </text>
+    </svg>
+    </a>';
+    exit(setHeader()."<!doctype html>
+    <html lang='en'>
+        <head>
+            <meta charset='utf-8'>
+            $viewPort
+        </head>
+        <body>$blockImg</body>
+    </html>");
 }
 
-exit(header("HTTP/1.1 404 Not Found"));
+/* Start processing Block Page from here */
 
+// Define admin email address text based off $svEmail presence
+$bpAskAdmin = !empty($svEmail) ? '<a href="mailto:'.$svEmail.'?subject=Site Blocked: '.$serverName.'"></a>' : "<span/>";
+
+// Get possible non-standard location of FTL's database
+$FTLsettings = parse_ini_file("/etc/pihole/pihole-FTL.conf");
+if (isset($FTLsettings["GRAVITYDB"])) {
+    $gravityDBFile = $FTLsettings["GRAVITYDB"];
+} else {
+    $gravityDBFile = "/etc/pihole/gravity.db";
+}
+
+// Connect to gravity.db
+try {
+    $db = new SQLite3($gravityDBFile, SQLITE3_OPEN_READONLY);
+} catch (Exception $exception) {
+    die("[ERROR]: Failed to connect to gravity.db");
+}
+
+// Get all adlist addresses
+$adlistResults = $db->query("SELECT address FROM vw_adlist");
+$adlistsUrls = array();
+while ($row = $adlistResults->fetchArray()) {
+    array_push($adlistsUrls, $row[0]);
+}
+
+if (empty($adlistsUrls))
+    die("[ERROR]: There are no adlists enabled");
+
+// Get total number of blocklists (Including Whitelist, Blacklist & Wildcard lists)
+$adlistsCount = count($adlistsUrls) + 3;
+
+// Set query timeout
+ini_set("default_socket_timeout", 3);
+
+// Logic for querying blocklists
+function queryAds($serverName) {
+    // Determine the time it takes while querying adlists
+    $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
+    $queryAdsURL = sprintf(
+        "http://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp",
+        $_SERVER["SERVER_PORT"],
+        $serverName
+    );
+    $queryAds = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
+    $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds)));
+    $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime);
+
+    // Exception Handling
+    try {
+        // Define Exceptions
+        if (strpos($queryAds[0], "No exact results") !== FALSE) {
+            // Return "none" into $queryAds array
+            return array("0" => "none");
+        } else if ($queryTime >= ini_get("default_socket_timeout")) {
+            // Connection Timeout
+            throw new Exception ("Connection timeout (".ini_get("default_socket_timeout")."s)");
+        } elseif (!strpos($queryAds[0], ".") !== false) {
+            // Unknown $queryAds output
+            throw new Exception ("Unhandled error message (<code>$queryAds[0]</code>)");
+        }
+        return $queryAds;
+    } catch (Exception $e) {
+        // Return exception as array
+        return array("0" => "error", "1" => $e->getMessage());
+    }
+}
+
+// Get results of queryads.php exact search
+$queryAds = queryAds($serverName);
+
+// Pass error through to Block Page
+if ($queryAds[0] === "error")
+    die("[ERROR]: Unable to parse results from <i>queryads.php</i>: <code>".$queryAds[1]."</code>");
+
+// Count total number of matching blocklists
+$featuredTotal = count($queryAds);
+
+// Place results into key => value array
+$queryResults = null;
+foreach ($queryAds as $str) {
+    $value = explode(" ", $str);
+    @$queryResults[$value[0]] .= "$value[1]";
+}
+
+// Determine if domain has been blacklisted, whitelisted, wildcarded or CNAME blocked
+if (strpos($queryAds[0], "blacklist") !== FALSE) {
+    $notableFlagClass = "blacklist";
+    $adlistsUrls = array("π" => substr($queryAds[0], 2));
+} elseif (strpos($queryAds[0], "whitelist") !== FALSE) {
+    $notableFlagClass = "noblock";
+    $adlistsUrls = array("π" => substr($queryAds[0], 2));
+    $wlInfo = "recentwl";
+} elseif (strpos($queryAds[0], "wildcard") !== FALSE) {
+    $notableFlagClass = "wildcard";
+    $adlistsUrls = array("π" => substr($queryAds[0], 2));
+} elseif ($queryAds[0] === "none") {
+    $featuredTotal = "0";
+    $notableFlagClass = "noblock";
+
+    // QoL addition: Determine appropriate info message if CNAME exists
+    // Suggests to the user that $serverName has a CNAME (alias) that may be blocked
+    $dnsRecord = dns_get_record("$serverName")[0];
+    if (array_key_exists("target", $dnsRecord)) {
+        $wlInfo = $dnsRecord['target'];
+    } else {
+        $wlInfo = "unknown";
+    }
+}
+
+// Set #bpOutput notification
+$wlOutputClass = (isset($wlInfo) && $wlInfo === "recentwl") ? $wlInfo : "hidden";
+$wlOutput = (isset($wlInfo) && $wlInfo !== "recentwl") ? "<a href='http://$wlInfo'>$wlInfo</a>" : "";
+
+// Get Pi-hole Core version
+$phVersion = exec("cd /etc/.pihole/ && git describe --long --tags");
+
+// Print $execTime on development branches
+// Testing for - is marginally faster than "git rev-parse --abbrev-ref HEAD"
+if (explode("-", $phVersion)[1] != "0")
+  $execTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
+
+// Please Note: Text is added via CSS to allow an admin to provide a localized
+// language without the need to edit this file
+
+setHeader();
 ?>
+<!doctype html>
+<!-- Pi-hole: A black hole for Internet advertisements
+*  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
+*  Network-wide ad blocking via your own hardware.
+*
+*  This file is copyright under the latest version of the EUPL. -->
+<html>
+<head>
+  <meta charset="utf-8">
+  <?=$viewPort ?>
+  <meta name="robots" content="noindex,nofollow">
+  <meta http-equiv="x-dns-prefetch-control" content="off">
+  <link rel="stylesheet" href="pihole/blockingpage.css">
+  <link rel="shortcut icon" href="admin/img/favicons/favicon.ico" type="image/x-icon">
+  <title>● <?=$serverName ?></title>
+  <script src="admin/scripts/vendor/jquery.min.js"></script>
+  <script>
+    window.onload = function () {
+      <?php
+      // Remove href fallback from "Back to safety" button
+      if ($featuredTotal > 0) {
+        echo '$("#bpBack").removeAttr("href");';
+
+        // Enable whitelisting if JS is available
+        echo '$("#bpWhitelist").prop("disabled", false);';
+
+        // Enable password input if necessary
+        if (!empty($svPasswd)) {
+          echo '$("#bpWLPassword").attr("placeholder", "Password");';
+          echo '$("#bpWLPassword").prop("disabled", false);';
+        }
+        // Otherwise hide the input
+        else {
+          echo '$("#bpWLPassword").hide();';
+        }
+      }
+      ?>
+    }
+  </script>
+</head>
+<body id="blockpage"><div id="bpWrapper">
+<header>
+  <h1 id="bpTitle">
+    <a class="title" href="/"><?php //Website Blocked ?></a>
+  </h1>
+  <div class="spc"></div>
+
+  <input id="bpAboutToggle" type="checkbox">
+  <div id="bpAbout">
+    <div class="aboutPH">
+      <div class="aboutImg"></div>
+      <p>Open Source Ad Blocker
+        <small>Designed for Raspberry Pi</small>
+      </p>
+    </div>
+    <div class="aboutLink">
+      <a class="linkPH" href="https://docs.pi-hole.net/"><?php //About PH ?></a>
+      <?php if (!empty($svEmail)) echo '<a class="linkEmail" href="mailto:'.$svEmail.'"></a>'; ?>
+    </div>
+  </div>
+
+  <div id="bpAlt">
+    <label class="altBtn" for="bpAboutToggle"><?php //Why am I here? ?></label>
+  </div>
+</header>
+
+<main>
+  <div id="bpOutput" class="<?=$wlOutputClass ?>"><?=$wlOutput ?></div>
+  <div id="bpBlock">
+    <p class="blockMsg"><?=$serverName ?></p>
+  </div>
+  <?php if(isset($notableFlagClass)) { ?>
+    <div id="bpFlag">
+        <p class="flagMsg <?=$notableFlagClass ?>"></p>
+    </div>
+  <?php } ?>
+  <div id="bpHelpTxt"><?=$bpAskAdmin ?></div>
+  <div id="bpButtons" class="buttons">
+    <a id="bpBack" onclick="javascript:history.back()" href="about:home"></a>
+    <?php if ($featuredTotal > 0) echo '<label id="bpInfo" for="bpMoreToggle"></label>'; ?>
+  </div>
+  <input id="bpMoreToggle" type="checkbox">
+  <div id="bpMoreInfo">
+    <span id="bpFoundIn"><span><?=$featuredTotal ?></span><?=$adlistsCount ?></span>
+    <pre id='bpQueryOutput'><?php if ($featuredTotal > 0) foreach ($queryResults as $num => $value) { echo "<span>[$num]:</span>$adlistsUrls[$num]\n"; } ?></pre>
+
+    <form id="bpWLButtons" class="buttons">
+      <input id="bpWLDomain" type="text" value="<?=$serverName ?>" disabled>
+      <input id="bpWLPassword" type="password" placeholder="JavaScript disabled" disabled>
+      <button id="bpWhitelist" type="button" disabled></button>
+    </form>
+  </div>
+</main>
+
+<footer><span><?=date("l g:i A, F dS"); ?>.</span> Pi-hole <?=$phVersion ?> (<?=gethostname()."/".$_SERVER["SERVER_ADDR"]; if (isset($execTime)) printf("/%.2fs", $execTime); ?>)</footer>
+</div>
+
+<script>
+  function add() {
+    $("#bpOutput").removeClass("hidden error exception");
+    $("#bpOutput").addClass("add");
+    var domain = "<?=$serverName ?>";
+    var pw = $("#bpWLPassword");
+    if(domain.length === 0) {
+      return;
+    }
+    $.ajax({
+      url: "/admin/scripts/pi-hole/php/add.php",
+      method: "post",
+      data: {"domain":domain, "list":"white", "pw":pw.val()},
+      success: function(response) {
+        if(response.indexOf("Pi-hole blocking") !== -1) {
+          setTimeout(function(){window.location.reload(1);}, 10000);
+          $("#bpOutput").removeClass("add");
+          $("#bpOutput").addClass("success");
+          $("#bpOutput").html("");
+        } else {
+          $("#bpOutput").removeClass("add");
+          $("#bpOutput").addClass("error");
+          $("#bpOutput").html(""+response+"");
+        }
+      },
+      error: function(jqXHR, exception) {
+        $("#bpOutput").removeClass("add");
+        $("#bpOutput").addClass("exception");
+        $("#bpOutput").html("");
+      }
+    });
+  }
+  <?php if ($featuredTotal > 0) { ?>
+    $(document).keypress(function(e) {
+        if(e.which === 13 && $("#bpWLPassword").is(":focus")) {
+            add();
+        }
+    });
+    $("#bpWhitelist").on("click", function() {
+        add();
+    });
+  <?php } ?>
+</script>
+</body></html>

advanced/lighttpd.conf.debian

@@ -85,5 +85,12 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
     url.access-deny = ("")
 }
 
+# allow teleporter iframe on settings page
+$HTTP["url"] =~ "/teleporter\.php$" {
+    $HTTP["referer"] =~ "/admin/settings\.php" {
+        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+    }
+}
+
 # Default expire header
 expire.url = ( "" => "access plus 0 seconds" )

advanced/lighttpd.conf.fedora

@@ -93,5 +93,12 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
     url.access-deny = ("")
 }
 
+# allow teleporter iframe on settings page
+$HTTP["url"] =~ "/teleporter\.php$" {
+    $HTTP["referer"] =~ "/admin/settings\.php" {
+        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+    }
+}
+
 # Default expire header
 expire.url = ( "" => "access plus 0 seconds" )

automated install/basic-install.sh

@@ -74,7 +74,7 @@ PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update versi
 PI_HOLE_INSTALL_DIR="/opt/pihole"
 PI_HOLE_CONFIG_DIR="/etc/pihole"
 PI_HOLE_BIN_DIR="/usr/local/bin"
-PI_HOLE_404_DIR="${webroot}/pihole"
+PI_HOLE_BLOCKPAGE_DIR="${webroot}/pihole"
 if [ -z "$useUpdateVars" ]; then
   useUpdateVars=false
 fi
@@ -292,7 +292,7 @@ if is_command apt-get ; then
     # It's useful to separate this from Pi-hole, since the two repos are also setup separately
     PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl")
     # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php
-    if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then
+    if [[ -z "${phpInsMajor}" || "${phpInsMajor}" -lt 8 ]]; then
         PIHOLE_WEB_DEPS+=("${phpVer}-json")
     fi
     # The Web server user,
@@ -1571,18 +1571,18 @@ install_dependent_packages() {
 
 # Install the Web interface dashboard
 installPiholeWeb() {
-    printf "\\n  %b Installing 404 page...\\n" "${INFO}"
+    printf "\\n  %b Installing blocking page...\\n" "${INFO}"
 
-    local str="Creating directory for 404 page, and copying files"
+    local str="Creating directory for blocking page, and copying files"
     printf "  %b %s..." "${INFO}" "${str}"
-    # Install the directory
-    install -d -m 0755 ${PI_HOLE_404_DIR}
-    # and the 404 handler
-    install -D -m 644 ${PI_HOLE_LOCAL_REPO}/advanced/index.php ${PI_HOLE_404_DIR}/
+    # Install the directory,
+    install -d -m 0755 ${PI_HOLE_BLOCKPAGE_DIR}
+    # and the blockpage
+    install -D -m 644 ${PI_HOLE_LOCAL_REPO}/advanced/{index,blockingpage}.* ${PI_HOLE_BLOCKPAGE_DIR}/
 
     # Remove superseded file
-    if [[ -e "${PI_HOLE_404_DIR}/index.js" ]]; then
-        rm "${PI_HOLE_404_DIR}/index.js"
+    if [[ -e "${PI_HOLE_BLOCKPAGE_DIR}/index.js" ]]; then
+        rm "${PI_HOLE_BLOCKPAGE_DIR}/index.js"
     fi
 
     printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
@@ -1914,8 +1914,6 @@ IPv6:	${IPV6_ADDRESS:-"Not Configured"}
 
 If you have not done so already, the above IP should be set to static.
 
-The install log is in /etc/pihole.
-
 ${additional}" "${r}" "${c}"
 }
 

test/_fedora_34.Dockerfile

@@ -1,4 +1,4 @@
-FROM fedora:32
+FROM fedora:34
 
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole

test/test_automated_install.py

@@ -112,9 +112,9 @@ def test_installPiholeWeb_fresh_install_no_errors(Pihole):
     source /opt/pihole/basic-install.sh
     installPiholeWeb
     ''')
-    expected_stdout = info_box + ' Installing 404 page...'
+    expected_stdout = info_box + ' Installing blocking page...'
     assert expected_stdout in installWeb.stdout
-    expected_stdout = tick_box + (' Creating directory for 404 page, '
+    expected_stdout = tick_box + (' Creating directory for blocking page, '
                                   'and copying files')
     assert expected_stdout in installWeb.stdout
     expected_stdout = info_box + ' Backing up index.lighttpd.html'
@@ -126,6 +126,7 @@ def test_installPiholeWeb_fresh_install_no_errors(Pihole):
     assert expected_stdout in installWeb.stdout
     web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
     assert 'index.php' in web_directory
+    assert 'blockingpage.css' in web_directory
 
 
 def test_update_package_cache_success_no_errors(Pihole):

test/tox.fedora_34.ini

@@ -4,5 +4,5 @@ envlist = py37
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
-commands = docker build -f _fedora_32.Dockerfile -t pytest_pihole:test_container ../
+commands = docker build -f _fedora_34.Dockerfile -t pytest_pihole:test_container ../
            pytest {posargs:-vv -n auto} ./test_automated_install.py ./test_centos_fedora_common_support.py ./test_fedora_support.py