X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Furlfilter.cgi;h=1e54372f18fc173350ff8ba83376d0da978d103d;hb=66c3619872bcf723d7bac550165ad5658de95644;hp=23410835dc7c5e3aa391604136d56236200fa23a;hpb=62459123fa8adc36984552956648daeec462bf41;p=people%2Fpmueller%2Fipfire-2.x.git

diff --git a/html/cgi-bin/urlfilter.cgi b/html/cgi-bin/urlfilter.cgi
index 23410835dc..1e54372f18 100644
--- a/html/cgi-bin/urlfilter.cgi
+++ b/html/cgi-bin/urlfilter.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2005-2010  IPFire Team                                        #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -59,15 +59,13 @@ my $tcfile = "${General::swroot}/urlfilter/timeconst";
 my $uqfile = "${General::swroot}/urlfilter/userquota";
 my $dbdir = "${General::swroot}/urlfilter/blacklists";
 my $editdir = "${General::swroot}/urlfilter/editor";
-my $repository = "/home/httpd/html/repository";
+my $templatedir = "/srv/web/ipfire/html/redirect-templates";
+my $repository = "/var/urlrepo";
 my $hintcolour = '#FFFFCC';
 
 my $sourceurlfile = "${General::swroot}/urlfilter/autoupdate/autoupdate.urls";
 my $updconffile = "${General::swroot}/urlfilter/autoupdate/autoupdate.conf";
 my $updflagfile = "${General::swroot}/urlfilter/blacklists/.autoupdate.last";
-my $upd_cron_dly = "${General::swroot}/urlfilter/autoupdate/cron.daily";
-my $upd_cron_wly = "${General::swroot}/urlfilter/autoupdate/cron.weekly";
-my $upd_cron_mly = "${General::swroot}/urlfilter/autoupdate/cron.monthly";
 
 my $errormessage='';
 my $updatemessage='';
@@ -97,9 +95,9 @@ my $ldesc='';
 my $gdesc='';
 
 if (! -d $dbdir) { mkdir("$dbdir"); }
-if (! -e $tcfile) { system("touch $tcfile"); }
-if (! -e $uqfile) { system("touch $uqfile"); }
-if (! -e $sourceurlfile) { system("touch $sourceurlfile"); }
+if (! -e $tcfile) { &General::system("touch", "$tcfile"); }
+if (! -e $uqfile) { &General::system("touch", "$uqfile"); }
+if (! -e $sourceurlfile) { &General::system("touch", "$sourceurlfile"); }
 
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
@@ -140,11 +138,11 @@ $filtersettings{'BLOCK_IP_ADDR'} = 'off';
 $filtersettings{'BLOCK_ALL'} = 'off';
 $filtersettings{'ENABLE_EMPTY_ADS'} = 'off';
 $filtersettings{'ENABLE_GLOBAL_WHITELIST'} = 'off';
-$filtersettings{'ENABLE_SAFESEARCH'} = 'off';
 $filtersettings{'ENABLE_LOG'} = 'off';
 $filtersettings{'ENABLE_USERNAME_LOG'} = 'off';
 $filtersettings{'ENABLE_CATEGORY_LOG'} = 'off';
 $filtersettings{'ENABLE_AUTOUPDATE'} = 'off';
+$filtersettings{'REDIRECT_TEMPLATE'} = 'legacy';
 
 $filtersettings{'ACTION'} = '';
 $filtersettings{'VALID'} = '';
@@ -228,7 +226,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 
 		if (!(-d "${General::swroot}/urlfilter/update")) { mkdir("${General::swroot}/urlfilter/update"); }
 
-		my $exitcode = system("/bin/tar --no-same-owner -xzf ${General::swroot}/urlfilter/blacklists.tar.gz -C ${General::swroot}/urlfilter/update");
+		my $exitcode = &General::system("/bin/tar", "--no-same-owner", "-xzf", "${General::swroot}/urlfilter/blacklists.tar.gz", "-C", "${General::swroot}/urlfilter/update");
 
 		if ($exitcode > 0)
 		{
@@ -237,18 +235,19 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 
 			if (-d "${General::swroot}/urlfilter/update/BL")
 			{
-				system("mv ${General::swroot}/urlfilter/update/BL ${General::swroot}/urlfilter/update/blacklists");
+				&General::system("mv", "${General::swroot}/urlfilter/update/BL", "${General::swroot}/urlfilter/update/blacklists");
 			}
 
 			if (-d "${General::swroot}/urlfilter/update/category")
 			{
-				system("mv ${General::swroot}/urlfilter/update/category ${General::swroot}/urlfilter/update/blacklists");
+				&General::system("mv", "${General::swroot}/urlfilter/update/category", "${General::swroot}/urlfilter/update/blacklists");
 			}
 
 			if (!(-d "${General::swroot}/urlfilter/update/blacklists"))
 			{
 				$errormessage = $Lang::tr{'urlfilter invalid content'};
 			} else {
+				# XXX Uses globbing
 				system("cp -r ${General::swroot}/urlfilter/update/blacklists/* $dbdir");
 
 				&readblockcategories;
@@ -257,11 +256,11 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 				&writeconfigfile;
 
 				$updatemessage = $Lang::tr{'urlfilter upload success'};
-				system("${General::swroot}/urlfilter/bin/prebuild.pl &");
-				system("logger -t installpackage[urlfilter] \"URL filter blacklist - Blacklist update from local source completed\"");
+				&General::system_background("${General::swroot}/urlfilter/bin/prebuild.pl");
+				&General::system("logger", "-t", "installpackage[urlfilter]", "URL filter blacklist - Blacklist update from local source completed");
 			}
 		}
-		if (-d "${General::swroot}/urlfilter/update") { system("rm -rf ${General::swroot}/urlfilter/update"); }
+		if (-d "${General::swroot}/urlfilter/update") { &General::system("rm", "-rf", "${General::swroot}/urlfilter/update"); }
 		if (-e "${General::swroot}/urlfilter/blacklists.tar.gz") { unlink("${General::swroot}/urlfilter/blacklists.tar.gz"); }
 		if ($errormessage) { goto ERROR; }
 	}
@@ -269,7 +268,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 	if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter backup'})
 	{
 		$blistbackup = ($filtersettings{'ENABLE_FULLBACKUP'} eq 'on') ? "blacklists" : "blacklists/custom";
-		if (system("/bin/tar -C ${General::swroot}/urlfilter -czf ${General::swroot}/urlfilter/backup.tar.gz settings timeconst userquota autoupdate $blistbackup"))
+		if (&General::system("/bin/tar", "-C", "${General::swroot}/urlfilter", "-czf", "${General::swroot}/urlfilter/backup.tar.gz", "settings", "timeconst", "userquota", "autoupdate", "$blistbackup"))
 		{
 			$errormessage = $Lang::tr{'urlfilter backup error'};
 			goto ERROR;
@@ -308,7 +307,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 			$errormessage = $!;
 		}
 
-		my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf ${General::swroot}/urlfilter/backup.tar.gz -C ${General::swroot}/urlfilter/restore");
+		my $exitcode = &General::system("/bin/tar", "--no-same-owner", "--preserve-permissions", "-xzf", "${General::swroot}/urlfilter/backup.tar.gz", "-C", "${General::swroot}/urlfilter/restore");
 		if ($exitcode > 0)
 		{
 			$errormessage = $Lang::tr{'urlfilter tar error'};
@@ -317,6 +316,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 			{
 				$errormessage = $Lang::tr{'urlfilter invalid restore file'};
 			} else {
+				# XXX uses globbing
 				system("cp -rp ${General::swroot}/urlfilter/restore/* ${General::swroot}/urlfilter/");
 				&readblockcategories;
 				&readcustomlists;
@@ -327,7 +327,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 		}
 
 		if (-e "${General::swroot}/urlfilter/backup.tar.gz") { unlink("${General::swroot}/urlfilter/backup.tar.gz"); }
-		if (-d "${General::swroot}/urlfilter/restore") { system("rm -rf ${General::swroot}/urlfilter/restore"); }
+		if (-d "${General::swroot}/urlfilter/restore") { &General::system("rm", "-rf", "${General::swroot}/urlfilter/restore"); }
 		if ($errormessage) { goto ERROR; }
 	}
 
@@ -353,16 +353,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
               	$filtersettings{'VALID'} = 'yes';
 		&savesettings;
 
-		system("chown -R nobody.nobody $dbdir");
-
-		if (-e "$dbdir/custom/allowed/domains.db") { unlink("$dbdir/custom/allowed/domains.db"); }
-		if (-e "$dbdir/custom/allowed/urls.db")    { unlink("$dbdir/custom/allowed/urls.db"); }
-		if (-e "$dbdir/custom/blocked/domains.db") { unlink("$dbdir/custom/blocked/domains.db"); }
-		if (-e "$dbdir/custom/blocked/urls.db")    { unlink("$dbdir/custom/blocked/urls.db"); }
-
-		&setpermissions ($dbdir);
-
-		system('/usr/local/bin/squidctrl restart >/dev/null 2>&1');
+		&General::system('/usr/local/bin/squidctrl', 'restart');
 	}
 }
 
@@ -496,7 +487,7 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang
 		$errormessage = $Lang::tr{'urlfilter web proxy service required'};
 	}
 
-	if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
+	if (!$errormessage) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
 	$tcsettings{'TCMODE'}='on';
 }
 
@@ -699,7 +690,7 @@ if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{
 		$errormessage = $Lang::tr{'urlfilter web proxy service required'};
 	}
 
-	if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
+	if (!$errormessage) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
 	$uqsettings{'UQMODE'}='on';
 }
 
@@ -783,7 +774,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter import blacklist'}) && ($bese
 			$errormessage = $!;
 		} else {
 
-			my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf $editdir/blacklist.tar.gz -C $editdir");
+			my $exitcode = &General::system("/bin/tar", "--no-same-owner", "--preserve-permissions", "-xzf", "$editdir/blacklist.tar.gz", "-C", "$editdir");
 			if ($exitcode > 0)
 			{
 				$errormessage = $Lang::tr{'urlfilter tar error'};
@@ -830,7 +821,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter import blacklist'}) && ($bese
 				}
 			}
 
-		if (-d $editdir) { system("rm -rf $editdir"); }
+		if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
 
 		}
 	}
@@ -864,7 +855,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter export blacklist'}) && ($bese
 		print FILE "$besettings{'BE_EXPRESSIONS'}\n";
 		close FILE;
 
-		if (system("/bin/tar -C $editdir -czf $editdir/$besettings{'BE_NAME'}.tar.gz blacklists"))
+		if (&General::system("/bin/tar", "-C", "$editdir", "-czf", "$editdir/$besettings{'BE_NAME'}.tar.gz", "blacklists"))
 		{
 			$errormessage = $Lang::tr{'urlfilter export error'};
 		}
@@ -880,7 +871,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter export blacklist'}) && ($bese
 			while (<FILE>) { print; }
 			close (FILE);
 
-			if (-d $editdir) { system("rm -rf $editdir"); }
+			if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
 			exit;
 		}
 	} else {
@@ -944,8 +935,10 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
 		print FILE "}\n";
 		close FILE;
 
+		# XXX uses globbing
 		system("rm -f $dbdir/$besettings{'BE_NAME'}/*.db");
-		system("/usr/sbin/squidGuard -c $editdir/install.conf -C all");
+		&General::system("/usr/bin/squidGuard", "-c", "$editdir/install.conf", "-C", "all");
+		# XXX uses globbing
 		system("chmod a+w $dbdir/$besettings{'BE_NAME'}/*.db");
 
 		&readblockcategories;
@@ -953,9 +946,9 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
 
 		&writeconfigfile;
 
-		system('/usr/local/bin/squidctrl restart >/dev/null 2>&1') unless ($besettings{'NORESTART'} eq 'on');
+		&General::system('/usr/local/bin/squidctrl', 'restart') unless ($besettings{'NORESTART'} eq 'on');
 
-		if (-d $editdir) { system("rm -rf $editdir"); }
+		if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
 	} else {
 		$errormessage = $Lang::tr{'urlfilter category data error'};
 	}
@@ -974,29 +967,20 @@ if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter save schedule'})
 		print FILE "CUSTOM_UPDATE_URL=$filtersettings{'CUSTOM_UPDATE_URL'}\n";
 		close FILE;
 
-		if (-e $upd_cron_dly) { unlink($upd_cron_dly); }
-		if (-e $upd_cron_wly) { unlink($upd_cron_wly); }
-		if (-e $upd_cron_mly) { unlink($upd_cron_mly); }
 
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'daily'))
 		{
-			symlink("../bin/autoupdate.pl",$upd_cron_dly)
-		} else {
-			symlink("/bin/false",$upd_cron_dly)
+			&General::system('/usr/local/bin/urlfilterctrl', 'cron', 'daily');
 		}
 
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'weekly'))
 		{
-			symlink("../bin/autoupdate.pl",$upd_cron_wly)
-		} else {
-			symlink("/bin/false",$upd_cron_wly)
+			&General::system('/usr/local/bin/urlfilterctrl', 'cron', 'weekly');
 		}
 
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'monthly'))
 		{
-			symlink("../bin/autoupdate.pl",$upd_cron_mly)
-		} else {
-			symlink("/bin/false",$upd_cron_mly)
+			&General::system('/usr/local/bin/urlfilterctrl', 'cron', 'monthly');
 		}
 	}
 }
@@ -1009,10 +993,10 @@ if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter update now'})
 		{
 			$errormessage = $Lang::tr{'urlfilter custom url required'};
 		} else {
-			system("${General::swroot}/urlfilter/bin/autoupdate.pl $filtersettings{'CUSTOM_UPDATE_URL'} &");
+			&General::system_background("${General::swroot}/urlfilter/bin/autoupdate.pl", "$filtersettings{'CUSTOM_UPDATE_URL'}");
 		}
 	} else {
-		system("${General::swroot}/urlfilter/bin/autoupdate.pl $filtersettings{'UPDATE_SOURCE'} &");
+		&General::system_background("${General::swroot}/urlfilter/bin/autoupdate.pl", "$filtersettings{'UPDATE_SOURCE'}");
 	}
 }
 
@@ -1076,9 +1060,6 @@ $checked{'ENABLE_EMPTY_ADS'}{$filtersettings{'ENABLE_EMPTY_ADS'}} = "checked='ch
 $checked{'ENABLE_GLOBAL_WHITELIST'}{'off'} = '';
 $checked{'ENABLE_GLOBAL_WHITELIST'}{'on'} = '';
 $checked{'ENABLE_GLOBAL_WHITELIST'}{$filtersettings{'ENABLE_GLOBAL_WHITELIST'}} = "checked='checked'";
-$checked{'ENABLE_SAFESEARCH'}{'off'} = '';
-$checked{'ENABLE_SAFESEARCH'}{'on'} = '';
-$checked{'ENABLE_SAFESEARCH'}{$filtersettings{'ENABLE_SAFESEARCH'}} = "checked='checked'";
 $checked{'ENABLE_LOG'}{'off'} = '';
 $checked{'ENABLE_LOG'}{'on'} = '';
 $checked{'ENABLE_LOG'}{$filtersettings{'ENABLE_LOG'}} = "checked='checked'";
@@ -1095,6 +1076,8 @@ foreach $category (@filtergroups) {
 	$checked{$category}{$filtersettings{$category}} = "checked='checked'";
 }
 
+$selected{'REDIRECT_TEMPLATE'}{$filtersettings{'REDIRECT_TEMPLATE'}} = "selected='selected'";
+
 $selected{'DEFINITION'}{$tcsettings{'DEFINITION'}} = "selected='selected'";
 $selected{'FROM_HOUR'}{$tcsettings{'FROM_HOUR'}} = "selected='selected'";
 $selected{'FROM_MINUTE'}{$tcsettings{'FROM_MINUTE'}} = "selected='selected'";
@@ -1187,7 +1170,7 @@ if (!($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter manage repository'})) {
 
 print "<form method='post' action='$ENV{'SCRIPT_NAME'}' enctype='multipart/form-data'>\n";
 
-&Header::openbox('100%', 'left', "$Lang::tr{'urlfilter filter settings'}:");
+&Header::openbox('100%', 'left', "$Lang::tr{'urlfilter filter settings'}");
 print <<END
 <table width='100%'>
 <tr>
@@ -1231,8 +1214,12 @@ print <<END
         <td>&nbsp;</td>
 </tr>
 <tr>
-	<td colspan='2'>$Lang::tr{'urlfilter blocked domains'}&nbsp;<img src='/blob.gif' alt='*' /></td>
-	<td colspan='2'>$Lang::tr{'urlfilter blocked urls'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td colspan='2'>$Lang::tr{'urlfilter blocked domains'}</td>
+	<td colspan='2'>$Lang::tr{'urlfilter blocked urls'}</td>
+</tr>
+<tr>
+	<td colspan='2'>$Lang::tr{'urlfilter example'}</td>
+	<td colspan='2'>$Lang::tr{'urlfilter example ads'}</td>
 </tr>
 <tr>
 	<td colspan='2' width='50%'><textarea name='CUSTOM_BLACK_DOMAINS' cols='32' rows='6' wrap='off'>
@@ -1270,8 +1257,12 @@ print <<END
         <td>&nbsp;</td>
 </tr>
 <tr>
-	<td colspan='2'>$Lang::tr{'urlfilter allowed domains'}&nbsp;<img src='/blob.gif' alt='*' /></td>
-	<td colspan='2'>$Lang::tr{'urlfilter allowed urls'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td colspan='2'>$Lang::tr{'urlfilter allowed domains'}</td>
+	<td colspan='2'>$Lang::tr{'urlfilter allowed urls'}</td>
+</tr>
+<tr>
+	<td colspan='2'>$Lang::tr{'urlfilter example'}</td>
+	<td colspan='2'>$Lang::tr{'urlfilter example ads'}</td>
 </tr>
 <tr>
 	<td colspan='2' width='50%'><textarea name='CUSTOM_WHITE_DOMAINS' cols='32' rows='6' wrap='off'>
@@ -1306,7 +1297,7 @@ print <<END
         <td colspan='4'><b>$Lang::tr{'urlfilter custom expression list'}</b></td>
 </tr>
 <tr>
-	<td colspan='4'>$Lang::tr{'urlfilter blocked expressions'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td colspan='4'>$Lang::tr{'urlfilter blocked expressions'}</td>
 </tr>
 <tr>
 	<td colspan='4'><textarea name='CUSTOM_EXPRESSIONS' cols='70' rows='3' wrap='off'>
@@ -1369,8 +1360,8 @@ print <<END
         <td>&nbsp;</td>
 </tr>
 <tr>
-	<td colspan='2'>$Lang::tr{'urlfilter unfiltered clients'}&nbsp;<img src='/blob.gif' alt='*' /></td>
-	<td colspan='2'>$Lang::tr{'urlfilter banned clients'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td colspan='2'>$Lang::tr{'urlfilter unfiltered clients'}</td>
+	<td colspan='2'>$Lang::tr{'urlfilter banned clients'}</td>
 </tr>
 <tr>
 	<td colspan='2' width='50%'><textarea name='UNFILTERED_CLIENTS' cols='32' rows='6' wrap='off'>
@@ -1428,36 +1419,48 @@ print <<END
 <tr>
         <td colspan='4'><b>$Lang::tr{'urlfilter block settings'}</b></td>
 </tr>
+<tr>
+	<td width='25%' class='base'>$Lang::tr{'urlfilter redirect template'}</td>
+	<td width='75%' colspan='2'>
+		<select name='REDIRECT_TEMPLATE'>
+END
+;
+
+	foreach (<$templatedir/*>) {
+		if ((-d "$_") && (-e "$_/template.html")) {
+			my $template = substr($_,rindex($_,"/")+1);
+			print "<option value='$template' $selected{'REDIRECT_TEMPLATE'}{$template}>$template</option>\n";
+		}
+	}
+
+print <<END
+		</select>
+	</td>
+</tr>
 <tr>
 	<td width='25%' class='base'>$Lang::tr{'urlfilter show category'}:</td>
 	<td width='12%'><input type='checkbox' name='SHOW_CATEGORY' $checked{'SHOW_CATEGORY'}{'on'} /></td>
-	<td width='25%' class='base'>$Lang::tr{'urlfilter redirectpage'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td width='25%' class='base'>$Lang::tr{'urlfilter redirectpage'}:</td>
 	<td><input type='text' name='REDIRECT_PAGE' value='$filtersettings{'REDIRECT_PAGE'}' size='40' /></td>
 </tr>
 <tr>
 	<td class='base'>$Lang::tr{'urlfilter show url'}:</td>
 	<td><input type='checkbox' name='SHOW_URL' $checked{'SHOW_URL'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'urlfilter msg text 1'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td class='base'>$Lang::tr{'urlfilter msg text 1'}:</td>
 	<td><input type='text' name='MSG_TEXT_1' value='$filtersettings{'MSG_TEXT_1'}' size='40' /></td>
 </tr>
 <tr>
 	<td class='base'>$Lang::tr{'urlfilter show ip'}:</td>
 	<td><input type='checkbox' name='SHOW_IP' $checked{'SHOW_IP'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'urlfilter msg text 2'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td class='base'>$Lang::tr{'urlfilter msg text 2'}:</td>
 	<td><input type='text' name='MSG_TEXT_2' value='$filtersettings{'MSG_TEXT_2'}' size='40' /></td>
 </tr>
 <tr>
 	<td class='base'>$Lang::tr{'urlfilter show dnserror'}:</td>
 	<td><input type='checkbox' name='ENABLE_DNSERROR' $checked{'ENABLE_DNSERROR'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'urlfilter msg text 3'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td class='base'>$Lang::tr{'urlfilter msg text 3'}:</td>
 	<td><input type='text' name='MSG_TEXT_3' value='$filtersettings{'MSG_TEXT_3'}' size='40' /></td>
 </tr>
-<tr>
-	<td class='base'>$Lang::tr{'urlfilter enable jpeg'}:</td>
-	<td><input type='checkbox' name='ENABLE_JPEG' $checked{'ENABLE_JPEG'}{'on'} /></td>
-	<td>&nbsp;</td>
-	<td>&nbsp;</td>
-</tr>
 </table>
 <hr size='1'>
 <table width='100%'>
@@ -1470,21 +1473,17 @@ print <<END
 	<td width='25%' class='base'>$Lang::tr{'urlfilter enable log'}:</td>
 	<td><input type='checkbox' name='ENABLE_LOG' $checked{'ENABLE_LOG'}{'on'} /></td>
 </tr>
-<tr>
-	<td class='base'>$Lang::tr{'urlfilter safesearch'}:</td>
-	<td><input type='checkbox' name='ENABLE_SAFESEARCH' $checked{'ENABLE_SAFESEARCH'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'urlfilter username log'}:</td>
-	<td><input type='checkbox' name='ENABLE_USERNAME_LOG' $checked{'ENABLE_USERNAME_LOG'}{'on'} /></td>
-</tr>
 <tr>
 	<td class='base'>$Lang::tr{'urlfilter empty ads'}:</td>
 	<td><input type='checkbox' name='ENABLE_EMPTY_ADS' $checked{'ENABLE_EMPTY_ADS'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'urlfilter category log'}:</td>
-	<td><input type='checkbox' name='ENABLE_CATEGORY_LOG' $checked{'ENABLE_CATEGORY_LOG'}{'on'} /></td>
+	<td class='base'>$Lang::tr{'urlfilter username log'}:</td>
+	<td><input type='checkbox' name='ENABLE_USERNAME_LOG' $checked{'ENABLE_USERNAME_LOG'}{'on'} /></td>
 </tr>
 <tr>
 	<td class='base'>$Lang::tr{'urlfilter block ip'}:</td>
 	<td><input type='checkbox' name='BLOCK_IP_ADDR' $checked{'BLOCK_IP_ADDR'}{'on'} /></td>
+	<td class='base'>$Lang::tr{'urlfilter category log'}:</td>
+	<td><input type='checkbox' name='ENABLE_CATEGORY_LOG' $checked{'ENABLE_CATEGORY_LOG'}{'on'} /></td>
 </tr>
 <tr>
 	<td class='base'>$Lang::tr{'urlfilter block all'}:</td>
@@ -1496,12 +1495,8 @@ print <<END
 <hr size='1'>
 <table width='100%'>
 <tr>
-	<td>
-	<img src='/blob.gif' align='top' alt='*' />&nbsp;
-	<font class='base'>$Lang::tr{'this field may be blank'}</font>
-	</td>
-	<td align='right'>&nbsp;
-	</td>
+	<td><img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'required field'}</font></td>
+	<td align='right'>&nbsp;</td>
 </tr>
 </table>
 <table width='100%'>
@@ -1521,7 +1516,7 @@ print "</form>\n";
 
 print "<form method='post' action='$ENV{'SCRIPT_NAME'}' enctype='multipart/form-data'>\n";
 
-&Header::openbox('100%', 'left', "$Lang::tr{'urlfilter maintenance'}:");
+&Header::openbox('100%', 'left', "$Lang::tr{'urlfilter maintenance'}");
 
 print <<END
 <table width='100%'>
@@ -1877,9 +1872,9 @@ print <<END
 
 <table width='100%'>
 	<tr>
-		<td width='5%'>$Lang::tr{'urlfilter source'}</td>
+		<td width='5%'>$Lang::tr{'urlfilter source'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 		<td width='1%'>&nbsp;&nbsp;</td>
-		<td width='5%'>$Lang::tr{'urlfilter dst'}&nbsp;<img src='/blob.gif' alt='*'><img src='/blob.gif' alt='*'></td>
+		<td width='5%'>$Lang::tr{'urlfilter dst'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 		<td width='1%'>&nbsp;&nbsp;</td>
 		<td width='5%'>$Lang::tr{'urlfilter access'}</td>
 		<td>&nbsp;</td>
@@ -1940,7 +1935,7 @@ print <<END
 		<td>&nbsp;</td>
 	</tr>
 	<tr>
-		<td>$Lang::tr{'remark'}&nbsp;<img src='/blob.gif' alt='*'></td>
+		<td>$Lang::tr{'remark'}</td>
 		<td>&nbsp;</td>
 		<td>&nbsp;</td>
 		<td>&nbsp;</td>
@@ -1979,10 +1974,10 @@ print <<END
 <table width='100%'>
 	<tr>
 		<td width='1%' align='right'> <img src='/blob.gif' align='top' alt='*' />&nbsp;</td>
-		<td><font class='base'>$Lang::tr{'this field may be blank'}</font></td>
+		<td><font class='base'>$Lang::tr{'required field'}</font></td>
 	</tr>
 	<tr>
-		<td width='1%' align='right'><img src='/blob.gif' align='top' alt='*' /><img src='/blob.gif' align='top' alt='*' />&nbsp;</td>
+		<td width='1%' align='right'>&nbsp;</td>
 		<td><font class='base'>$Lang::tr{'urlfilter select multi'}</font></td>
 	</tr>
 </table>
@@ -2165,7 +2160,7 @@ print <<END
 	<td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
 </tr>
 <tr>
-        <td class='base'>$Lang::tr{'urlfilter user time quota'}:</td>
+        <td class='base'>$Lang::tr{'urlfilter user time quota'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
         <td><input type='text' name='TIME_QUOTA' value='$uqsettings{'TIME_QUOTA'}' size='5' /></td>
 	<td colspan='2' rowspan= '5' valign='top' class='base'>
 		<table cellpadding='0' cellspacing='0'>
@@ -2173,7 +2168,7 @@ print <<END
 				<!-- intentionally left empty -->
 			</tr>
 			<tr>
-			<td>$Lang::tr{'urlfilter assigned quota users'}:</td>
+			<td>$Lang::tr{'urlfilter assigned quota users'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
 			</tr>
 			<tr>
 				<!-- intentionally left empty -->
@@ -2371,7 +2366,7 @@ print <<END
        	<td class='base'><b>$Lang::tr{'urlfilter blacklist name'}</b></td>
 </tr>
 <tr>
-       	<td class='base'>$Lang::tr{'urlfilter blacklist category name'}:</td>
+       	<td class='base'>$Lang::tr{'urlfilter blacklist category name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
 	<td><input type='text' name='BE_NAME' value='$besettings{'BE_NAME'}' size='12' /></td>
 </tr>
 </table>
@@ -2381,7 +2376,7 @@ print <<END
 	<td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='20%'></td>
 </tr>
 <tr>
-       	<td class='base' colspan='4'><b>$Lang::tr{'urlfilter edit domains urls expressions'}</b></td>
+       	<td class='base' colspan='4'><b>$Lang::tr{'urlfilter edit domains urls expressions'}</b>&nbsp;<img src='/blob.gif' alt='*' /></td>
 </tr>
 <tr>
 	<td colspan='2'>$Lang::tr{'urlfilter domains'}</td>
@@ -2542,6 +2537,13 @@ sub savesettings
 	delete $filtersettings{'BACKGROUND'};
 	delete $filtersettings{'UPDATEFILE'};
 
+	&General::system("chown", "-R", "nobody.nobody", "$dbdir");
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/allowed/domains');
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/allowed/urls');
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/blocked/domains');
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/blocked/urls');
+	&setpermissions ($dbdir);
+
 	&General::writehash("${General::swroot}/urlfilter/settings", \%filtersettings);
 }
 
@@ -2558,7 +2560,7 @@ sub readblockcategories
 	@filtergroups = @categories;
 
 	foreach (@filtergroups) {
-		s/\//_SLASH_/g;
+		s/\//_/g;
         	tr/a-z/A-Z/;
 	        $_ = "FILTER_".$_;
 	}
@@ -2696,12 +2698,13 @@ sub setpermissions
 	foreach $category (<$bldir/*>)
 	{
         	 if (-d $category){
-			system("chmod 755 $category &> /dev/null");
+			&General::system("chmod", "755", "$category");
 			foreach $blacklist (<$category/*>)
 			{
-         			if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); }
-         			if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); }
+         			if (-f $blacklist) { &General::system("chmod", "644", "$blacklist"); }
+         			if (-d $blacklist) { &General::system("chmod", "755", "$blacklist"); }
 			}
+			# XXX uses globbing
         	 	system("chmod 666 $category/*.db &> /dev/null");
 			&setpermissions ($category);
 		}
@@ -2712,9 +2715,9 @@ sub setpermissions
 
 sub writeconfigfile
 {
-	my $executables = "\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
-	my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$";
-	my $archives = "\\.\(bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
+	my $executables = "/[^/]*\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
+	my $audiovideo = "/[^/]*\\.\(aiff|asf|avi|dif|divx|flv|mkv|mov|movie|mp3|mp4|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$";
+	my $archives = "/[^/]*\\.\(7z|bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
 
 	my $ident = " anonymous";
 
@@ -2828,45 +2831,15 @@ sub writeconfigfile
 		}
 	}
 
-	if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
-	{
+	if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) {
 		print FILE "rewrite rew-rule-1 {\n";
 
-		if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
+		print FILE "    # rewrite localfiles\n";
+		foreach (@repositoryfiles)
 		{
-			print FILE "    # rewrite localfiles\n";
-			foreach (@repositoryfiles)
-			{
-				print FILE "    s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
-			}
-		}
-
-		if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
-		{
-			print FILE "    # rewrite safesearch\n";
-			print FILE "    s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|frghp|froogle)\\?)(.*)(\\bsafe=\\w+)(.*)\@\\1\\3safe=strict\\5\@i\n";
-			print FILE "    s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|frghp|froogle)\\?)(.*)\@\\1safe=strict\\\&\\3\@i\n";
-			print FILE "    s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W)(.*)(\\bvm=\\w+)(.*)\@\\1\\2vm=r\\4\@i\n";
-			print FILE "    s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W.*)\@\\1\\\&vm=r\@i\n";
-			print FILE "    s@(.*\\Walltheweb\\.com/customize\\?)(.*)(\\bcopt_offensive=\\w+)(.*)\@\\1\\2copt_offensive=on\\4\@i\n";
+			print FILE "    s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
 		}
-
 		print FILE "}\n\n";
-
-		if ((!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) && ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) {
-			print FILE "rewrite rew-rule-2 {\n";
-			if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
-			{
-				print FILE "    # rewrite localfiles\n";
-				foreach (@repositoryfiles)
-				{
-					print FILE "    s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
-				}
-			} else {
-				print FILE "    # rewrite nothing\n";
-			}
-			print FILE "}\n\n";
-		}
 	}
 
 	if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
@@ -2981,7 +2954,24 @@ sub writeconfigfile
 	foreach $category (@categories) {
 		$blacklist = $category;
 		$category =~ s/\//_/g;
-		if ( $filtersettings{"FILTER_".uc($category)} ne "on" ){next;}
+
+		if ( $filtersettings{"FILTER_".uc($category)} ne "on" ){
+			my $constraintrule = "false";
+
+			foreach (@tclist){
+				chomp;
+				@tc = split(/\,/);
+				$tc[13] =~ s/\//_/g;
+				if ($tc[15] eq 'on' && $tc[13] =~ $category){
+					$constraintrule = "true";
+				}
+			}
+
+			if ( $constraintrule eq "false"){
+				next;
+			}
+		}
+
 		print FILE "dest $category {\n";
 		if (-e "$dbdir/$blacklist/domains") {
 			print FILE "    domainlist     $blacklist\/domains\n";
@@ -3058,10 +3048,6 @@ sub writeconfigfile
 	if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
 		print FILE "    unfiltered {\n";
 		print FILE "        pass all\n";
-		if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
-		{
-			print FILE "        rewrite rew-rule-2\n";
-		}
 		print FILE "    }\n\n";
 	}
 	if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
@@ -3190,7 +3176,7 @@ sub writeconfigfile
 			print FILE "        logfile".$ident." urlfilter.log\n";
 		}
 	}
-	if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
+	if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
 	{
 		print FILE "        rewrite rew-rule-1\n";
 	}