X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Furlfilter.cgi;h=eea32bff2226d4df1863b76c03937fb5318ef156;hp=3b3b9aac0f284ae18adb4ac73fb474a17d5078e8;hb=a4883c68c14fbf73474cbcf050d3d99acf5b2cfb;hpb=5433e2c950a4429da23d18cf49d5da07e1714b5c

diff --git a/html/cgi-bin/urlfilter.cgi b/html/cgi-bin/urlfilter.cgi
index 3b3b9aac0f..eea32bff22 100644
--- a/html/cgi-bin/urlfilter.cgi
+++ b/html/cgi-bin/urlfilter.cgi
@@ -1,13 +1,23 @@
 #!/usr/bin/perl
-#
-# SmoothWall CGIs
-#
-# This code is distributed under the terms of the GPL
-#
-# (c) written from scratch
-#
-# $Id: urlfilter.cgi,v 1.7 2006/05/08 00:00:00 marco Exp $
-#
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2005-2010  IPFire Team                                        #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
 
 use strict;
 
@@ -22,6 +32,7 @@ require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 
+my $http_port='81';
 my %netsettings=();
 my %mainsettings=();
 my %proxysettings=();
@@ -48,15 +59,12 @@ my $tcfile = "${General::swroot}/urlfilter/timeconst";
 my $uqfile = "${General::swroot}/urlfilter/userquota";
 my $dbdir = "${General::swroot}/urlfilter/blacklists";
 my $editdir = "${General::swroot}/urlfilter/editor";
-my $repository = "/home/httpd/html/repository";
+my $repository = "/var/urlrepo";
 my $hintcolour = '#FFFFCC';
 
 my $sourceurlfile = "${General::swroot}/urlfilter/autoupdate/autoupdate.urls";
 my $updconffile = "${General::swroot}/urlfilter/autoupdate/autoupdate.conf";
 my $updflagfile = "${General::swroot}/urlfilter/blacklists/.autoupdate.last";
-my $upd_cron_dly = "${General::swroot}/urlfilter/autoupdate/cron.daily";
-my $upd_cron_wly = "${General::swroot}/urlfilter/autoupdate/cron.weekly";
-my $upd_cron_mly = "${General::swroot}/urlfilter/autoupdate/cron.monthly";
 
 my $errormessage='';
 my $updatemessage='';
@@ -74,6 +82,7 @@ my @filtergroups=();
 my @tclist=();
 my @uqlist=();
 my @source_urllist=();
+my @clients=();
 my @temp=();
 
 my $lastslashpos=0;
@@ -132,7 +141,6 @@ $filtersettings{'ENABLE_SAFESEARCH'} = 'off';
 $filtersettings{'ENABLE_LOG'} = 'off';
 $filtersettings{'ENABLE_USERNAME_LOG'} = 'off';
 $filtersettings{'ENABLE_CATEGORY_LOG'} = 'off';
-$filtersettings{'CHILDREN'} = '5';
 $filtersettings{'ENABLE_AUTOUPDATE'} = 'off';
 
 $filtersettings{'ACTION'} = '';
@@ -150,12 +158,25 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
     ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload blacklist'}) ||
     ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter backup'}) ||
     ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter restore'}))
-{ 
-	if (!($filtersettings{'CHILDREN'} =~ /^\d+$/) || ($filtersettings{'CHILDREN'} < 1))
+{
+
+	@clients = split(/\n/,$filtersettings{'UNFILTERED_CLIENTS'});
+	foreach (@clients)
 	{
-		$errormessage = $Lang::tr{'urlfilter invalid num of children'};
-		goto ERROR;
+		s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+		if (/.*-.*-.*/) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; }
+		@temp = split(/-/);
+		foreach (@temp) { unless ((&General::validipormask($_)) || (&General::validipandmask($_))) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; } }
 	}
+	@clients = split(/\n/,$filtersettings{'BANNED_CLIENTS'});
+	foreach (@clients)
+	{
+		s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+		if (/.*-.*-.*/) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; }
+		@temp = split(/-/);
+		foreach (@temp) { unless ((&General::validipormask($_)) || (&General::validipandmask($_))) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; } }
+	}
+	if ($errormessage) { goto ERROR; }
 
 	if ((!($filtersettings{'REDIRECT_PAGE'} eq '')) && (!($filtersettings{'REDIRECT_PAGE'} =~ /^https?:\/\//)))
 	{
@@ -185,7 +206,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 		}
 
 	}
-	
+
 	if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload blacklist'})
 	{
 		&Header::getcgihash(\%filtersettings, {'wantfile' => 1, 'filevar' => 'UPDATEFILE'});
@@ -201,16 +222,21 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 			$errormessage = $!;
 			goto ERROR;
 		}
-		
+
 		if (!(-d "${General::swroot}/urlfilter/update")) { mkdir("${General::swroot}/urlfilter/update"); }
 
 		my $exitcode = system("/bin/tar --no-same-owner -xzf ${General::swroot}/urlfilter/blacklists.tar.gz -C ${General::swroot}/urlfilter/update");
-		
+
 		if ($exitcode > 0)
 		{
 			$errormessage = $Lang::tr{'urlfilter tar error'};
 		} else {
 
+			if (-d "${General::swroot}/urlfilter/update/BL")
+			{
+				system("mv ${General::swroot}/urlfilter/update/BL ${General::swroot}/urlfilter/update/blacklists");
+			}
+
 			if (-d "${General::swroot}/urlfilter/update/category")
 			{
 				system("mv ${General::swroot}/urlfilter/update/category ${General::swroot}/urlfilter/update/blacklists");
@@ -278,7 +304,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 		{
 			$errormessage = $!;
 		}
-		
+
 		my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf ${General::swroot}/urlfilter/backup.tar.gz -C ${General::swroot}/urlfilter/restore");
 		if ($exitcode > 0)
 		{
@@ -310,7 +336,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 
 	if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter save and restart'})
 	{
-		if (!(-e "${General::swroot}/proxy/enable"))
+		if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue")))
 		{
 			$errormessage = $Lang::tr{'urlfilter web proxy service required'};
 			goto ERROR;
@@ -324,36 +350,8 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
               	$filtersettings{'VALID'} = 'yes';
 		&savesettings;
 
-		system("chown -R nobody.nobody $dbdir");
-
-		if (-e "$dbdir/custom/allowed/domains.db") { unlink("$dbdir/custom/allowed/domains.db"); }
-		if (-e "$dbdir/custom/allowed/urls.db")    { unlink("$dbdir/custom/allowed/urls.db"); }
-		if (-e "$dbdir/custom/blocked/domains.db") { unlink("$dbdir/custom/blocked/domains.db"); }
-		if (-e "$dbdir/custom/blocked/urls.db")    { unlink("$dbdir/custom/blocked/urls.db"); }
-
-		foreach (<$dbdir/*>)
-		{
-			if (-d $_){ system("chmod 644 $_/*"); }
-			if (-d $_){ system("chmod 666 $_/*.db"); }
-		}
-		if (-d "$dbdir/custom/allowed")
-		{
-			system("chmod 755 $dbdir/custom/allowed");
-			system("chmod 644 $dbdir/custom/allowed/*");
-		}
-		if (-d "$dbdir/custom/blocked")
-		{
-			system("chmod 755 $dbdir/custom/blocked");
-			system("chmod 644 $dbdir/custom/blocked/*");
-		}
-
-		system('/usr/local/bin/restartsquid');
+		system('/usr/local/bin/squidctrl restart >/dev/null 2>&1');
 	}
-
-ERROR:
-
-	if ($errormessage) { $filtersettings{'VALID'} = 'no'; }
-
 }
 
 if ($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter set time constraints'}) { $tcsettings{'TCMODE'} = 'on'}
@@ -384,6 +382,16 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang
 
 	if (!$errormessage)
 	{
+		# transform to pre1.8 client definitions
+		@clients = split(/\n/,$tcsettings{'SRC'});
+		undef $tcsettings{'SRC'};
+		foreach(@clients)
+		{
+			s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+			$tcsettings{'SRC'} .= "$_ ";
+		}
+		$tcsettings{'SRC'} =~ s/\s+$//;
+
 		if ($tcsettings{'DST'} =~ /^any/) { $tcsettings{'DST'} = 'any'; }
 		if ($tcsettings{'ENABLERULE'} eq 'on') { $tcsettings{'ACTIVE'} = $tcsettings{'ENABLERULE'}; } else { $tcsettings{'ACTIVE'} = 'off'}
 
@@ -418,6 +426,38 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang
 	}
 }
 
+if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter copy rule'}) && (!$errormessage))
+{
+	$id = 0;
+	foreach $line (@tclist)
+	{
+		$id++;
+		if ($tcsettings{'ID'} eq $id)
+		{
+			chomp($line);
+			@temp = split(/\,/,$line);
+			$tcsettings{'DEFINITION'} = $temp[0];
+			$tcsettings{'MON'} = $temp[1];
+			$tcsettings{'TUE'} = $temp[2];
+			$tcsettings{'WED'} = $temp[3];
+			$tcsettings{'THU'} = $temp[4];
+			$tcsettings{'FRI'} = $temp[5];
+			$tcsettings{'SAT'} = $temp[6];
+			$tcsettings{'SUN'} = $temp[7];
+			$tcsettings{'FROM_HOUR'} = $temp[8];
+			$tcsettings{'FROM_MINUTE'} = $temp[9];
+			$tcsettings{'TO_HOUR'} = $temp[10];
+			$tcsettings{'TO_MINUTE'} = $temp[11];
+			$tcsettings{'SRC'} = $temp[12];
+			$tcsettings{'DST'} = $temp[13];
+			$tcsettings{'ACCESS'} = $temp[14];
+			$tcsettings{'ENABLERULE'} = $temp[15];
+			$tcsettings{'COMMENT'} = $temp[16];
+		}
+	}
+	$tcsettings{'TCMODE'}='on';
+}
+
 if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'remove'}))
 {
 	$id = 0;
@@ -439,12 +479,12 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang
 	{
 		$errormessage = $Lang::tr{'urlfilter not enabled'};
 	}
-	if (!(-e "${General::swroot}/proxy/enable"))
+	if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue")))
 	{
 		$errormessage = $Lang::tr{'urlfilter web proxy service required'};
 	}
 
-	if (!$errormessage) { system('/usr/local/bin/restartsquid'); }
+	if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
 	$tcsettings{'TCMODE'}='on';
 }
 
@@ -470,11 +510,6 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang
 	$tcsettings{'TCMODE'}='on';
 }
 
-if (!$errormessage) {
-	$tcsettings{'ENABLERULE'}='on';
-	$tcsettings{'TO_HOUR'}='24';
-}
-
 if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'edit'}) && (!$errormessage))
 {
 	$id = 0;
@@ -507,6 +542,11 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang
 	$tcsettings{'TCMODE'}='on';
 }
 
+if ((!$errormessage) && (!($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter copy rule'})) && (!($tcsettings{'ACTION'} eq $Lang::tr{'edit'}))) {
+	$tcsettings{'ENABLERULE'}='on';
+	$tcsettings{'TO_HOUR'}='24';
+}
+
 if ($uqsettings{'ACTION'} eq $Lang::tr{'urlfilter set user quota'}) { $uqsettings{'UQMODE'} = 'on'}
 
 if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{'add'}))
@@ -642,12 +682,12 @@ if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{
 	{
 		$errormessage = $Lang::tr{'urlfilter not enabled'};
 	}
-	if (!(-e "${General::swroot}/proxy/enable"))
+	if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue")))
 	{
 		$errormessage = $Lang::tr{'urlfilter web proxy service required'};
 	}
 
-	if (!$errormessage) { system('/usr/local/bin/restartsquid'); }
+	if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
 	$uqsettings{'UQMODE'}='on';
 }
 
@@ -730,7 +770,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter import blacklist'}) && ($bese
 		{
 			$errormessage = $!;
 		} else {
-		
+
 			my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf $editdir/blacklist.tar.gz -C $editdir");
 			if ($exitcode > 0)
 			{
@@ -901,7 +941,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
 
 		&writeconfigfile;
 
-		system('/usr/local/bin/restartsquid') unless ($besettings{'NORESTART'} eq 'on');
+		system('/usr/local/bin/squidctrl restart >/dev/null 2>&1') unless ($besettings{'NORESTART'} eq 'on');
 
 		if (-d $editdir) { system("rm -rf $editdir"); }
 	} else {
@@ -922,29 +962,20 @@ if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter save schedule'})
 		print FILE "CUSTOM_UPDATE_URL=$filtersettings{'CUSTOM_UPDATE_URL'}\n";
 		close FILE;
 
-		if (-e $upd_cron_dly) { unlink($upd_cron_dly); }
-		if (-e $upd_cron_wly) { unlink($upd_cron_wly); }
-		if (-e $upd_cron_mly) { unlink($upd_cron_mly); }
 
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'daily'))
 		{
-			symlink("../bin/autoupdate.pl",$upd_cron_dly)
-		} else {
-			symlink("/bin/false",$upd_cron_dly)
+			system('/usr/local/bin/urlfilterctrl cron daily >/dev/null 2>&1');
 		}
 
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'weekly'))
 		{
-			symlink("../bin/autoupdate.pl",$upd_cron_wly)
-		} else {
-			symlink("/bin/false",$upd_cron_wly)
+			system('/usr/local/bin/urlfilterctrl cron weekly >/dev/null 2>&1');
 		}
 
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'monthly'))
 		{
-			symlink("../bin/autoupdate.pl",$upd_cron_mly)
-		} else {
-			symlink("/bin/false",$upd_cron_mly)
+			system('/usr/local/bin/urlfilterctrl cron monthly >/dev/null 2>&1');
 		}
 	}
 }
@@ -969,6 +1000,10 @@ if (-e "${General::swroot}/urlfilter/settings") { &General::readhash("${General:
 
 &readcustomlists;
 
+ERROR:
+
+if ($errormessage) { $filtersettings{'VALID'} = 'no'; }
+
 $checked{'ENABLE_CUSTOM_BLACKLIST'}{'off'} = '';
 $checked{'ENABLE_CUSTOM_BLACKLIST'}{'on'} = '';
 $checked{'ENABLE_CUSTOM_BLACKLIST'}{$filtersettings{'ENABLE_CUSTOM_BLACKLIST'}} = "checked='checked'";
@@ -1313,10 +1348,46 @@ print <<END
         <td>&nbsp;</td>
 </tr>
 <tr>
-        <td class='base'>$Lang::tr{'urlfilter unfiltered clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
-        <td><input type='text' name='UNFILTERED_CLIENTS' value='$filtersettings{'UNFILTERED_CLIENTS'}' size='30' /></td>
-        <td class='base'>$Lang::tr{'urlfilter banned clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
-        <td><input type='text' name='BANNED_CLIENTS' value='$filtersettings{'BANNED_CLIENTS'}' size='30' /></td>
+	<td colspan='2'>$Lang::tr{'urlfilter unfiltered clients'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td colspan='2'>$Lang::tr{'urlfilter banned clients'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+</tr>
+<tr>
+	<td colspan='2' width='50%'><textarea name='UNFILTERED_CLIENTS' cols='32' rows='6' wrap='off'>
+END
+;
+
+# transform from pre1.8 client definitions
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/^\s+//g;
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+$//g;
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+-\s+/-/g;
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+/ /g;
+
+@clients = split(/ /,$filtersettings{'UNFILTERED_CLIENTS'});
+undef $filtersettings{'UNFILTERED_CLIENTS'};
+foreach (@clients) { $filtersettings{'UNFILTERED_CLIENTS'} .= "$_\n"; }
+
+print $filtersettings{'UNFILTERED_CLIENTS'};
+
+print <<END
+</textarea></td>
+	<td colspan='2' width='50%'><textarea name='BANNED_CLIENTS' cols='32' rows='6' wrap='off'>
+END
+;
+
+# transform from pre1.8 client definitions
+$filtersettings{'BANNED_CLIENTS'} =~ s/^\s+//g;
+$filtersettings{'BANNED_CLIENTS'} =~ s/\s+$//g;
+$filtersettings{'BANNED_CLIENTS'} =~ s/\s+-\s+/-/g;
+$filtersettings{'BANNED_CLIENTS'} =~ s/\s+/ /g;
+
+@clients = split(/ /,$filtersettings{'BANNED_CLIENTS'});
+undef $filtersettings{'BANNED_CLIENTS'};
+foreach (@clients) { $filtersettings{'BANNED_CLIENTS'} .= "$_\n"; }
+
+print $filtersettings{'BANNED_CLIENTS'};
+
+print <<END
+</textarea></td>
 </tr>
 </table>
 <hr size='1'>
@@ -1360,12 +1431,6 @@ print <<END
 	<td class='base'>$Lang::tr{'urlfilter msg text 3'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
 	<td><input type='text' name='MSG_TEXT_3' value='$filtersettings{'MSG_TEXT_3'}' size='40' /></td>
 </tr>
-<tr>
-	<td class='base'>$Lang::tr{'urlfilter enable jpeg'}:</td>
-	<td><input type='checkbox' name='ENABLE_JPEG' $checked{'ENABLE_JPEG'}{'on'} /></td>
-	<td>&nbsp;</td>
-	<td>&nbsp;</td>
-</tr>
 </table>
 <hr size='1'>
 <table width='100%'>
@@ -1393,8 +1458,6 @@ print <<END
 <tr>
 	<td class='base'>$Lang::tr{'urlfilter block ip'}:</td>
 	<td><input type='checkbox' name='BLOCK_IP_ADDR' $checked{'BLOCK_IP_ADDR'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'urlfilter children'}:</td>
-	<td><input type='text' name='CHILDREN' value='$filtersettings{'CHILDREN'}' size='5' /></td>
 </tr>
 <tr>
 	<td class='base'>$Lang::tr{'urlfilter block all'}:</td>
@@ -1411,7 +1474,7 @@ print <<END
 	<font class='base'>$Lang::tr{'this field may be blank'}</font>
 	</td>
 	<td align='right'>&nbsp;
-</td>
+	</td>
 </tr>
 </table>
 <table width='100%'>
@@ -1795,10 +1858,28 @@ print <<END
 		<td>&nbsp;</td>
 	</tr>
 	<tr>
-		<td valign='top'><input type='text' name='SRC' value='$tcsettings{'SRC'}' size='32' /></td>
+        <td rowspan='2'><textarea name='SRC' cols='28' rows='5' wrap='off'>
+END
+;
+
+# transform from pre1.8 client definitions
+$tcsettings{'SRC'} =~ s/^\s+//g;
+$tcsettings{'SRC'} =~ s/\s+$//g;
+$tcsettings{'SRC'} =~ s/\s+-\s+/-/g;
+$tcsettings{'SRC'} =~ s/\s+/ /g;
+
+@clients = split(/ /,$tcsettings{'SRC'});
+undef $tcsettings{'SRC'};
+foreach (@clients) { $tcsettings{'SRC'} .= "$_\n"; }
+
+print $tcsettings{'SRC'};
+
+print <<END
+</textarea></td>
+
 		<td>&nbsp;</td>
-		<td class='base' rowspan='3' valign='top'>
-		<select name='DST' size='4' multiple>
+		<td class='base' rowspan='2' valign='top'>
+		<select name='DST' size='6' multiple>
 		<option value='any' $selected{'DST'}{'any'} = "selected='selected'">$Lang::tr{'urlfilter category all'}</option>
 		<option value='in-addr' $selected{'DST'}{'in-addr'} = "selected='selected'">in-addr</option>
 END
@@ -1825,12 +1906,19 @@ print <<END
 		</td>
 		<td>&nbsp;</td>
 	</tr>
+	<tr>
+		<td>&nbsp;</td>
+		<td>&nbsp;</td>
+		<td>&nbsp;</td>
+		<td>&nbsp;</td>
+	</tr>
 	<tr>
 		<td>$Lang::tr{'remark'}&nbsp;<img src='/blob.gif' alt='*'></td>
 		<td>&nbsp;</td>
 		<td>&nbsp;</td>
 		<td>&nbsp;</td>
 		<td>&nbsp;</td>
+		<td>&nbsp;</td>
 	</tr>
 	<tr>
 		<td><input type='text' name='COMMENT' value='$tcsettings{'COMMENT'}' size='32' /></td>
@@ -1838,6 +1926,7 @@ print <<END
 		<td>&nbsp;</td>
 		<td>&nbsp;</td>
 		<td>&nbsp;</td>
+		<td>&nbsp;</td>
 	</tr>
 </table>
 
@@ -1890,7 +1979,7 @@ print <<END
 		<td width='10%' class='boldbase' align='center'><b>$Lang::tr{'urlfilter time space'}</b></td>
 		<td width='15%' class='boldbase' align='center'><b>$Lang::tr{'urlfilter src'}</b></td>
 		<td width='5%' class='boldbase' align='center'><b>$Lang::tr{'urlfilter dst'}</b></td>
-		<td width='10%' class='boldbase' colspan='4' align='center'>&nbsp;</td>
+		<td width='10%' class='boldbase' colspan='5' align='center'>&nbsp;</td>
 	</tr>
 END
 ;
@@ -1959,6 +2048,15 @@ print <<END
 
 		<td align='center'>
 		<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
+		<input type='image' name='$Lang::tr{'urlfilter copy rule'}' src='/images/urlfilter/copy.gif' title='$Lang::tr{'urlfilter copy rule'}' alt='$Lang::tr{'urlfilter copy rule'}' />
+		<input type='hidden' name='MODE' value='TIMECONSTRAINT' />
+		<input type='hidden' name='ID' value='$id' />
+		<input type='hidden' name='ACTION' value='$Lang::tr{'urlfilter copy rule'}' />
+		</form>
+		</td>
+
+		<td align='center'>
+		<form method='post' name='frmd$id' action='$ENV{'SCRIPT_NAME'}'>
 		<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
 		<input type='hidden' name='MODE' value='TIMECONSTRAINT' />
 		<input type='hidden' name='ID' value='$id' />
@@ -1978,7 +2076,7 @@ END
 print <<END
 		<td align='center' colspan='4'>$temp[16]
 		</td>
-		<td align='center' colspan='4'>
+		<td align='center' colspan='5'>
 		</td>
 	</tr>
 END
@@ -2004,6 +2102,8 @@ print <<END
 		<td class='base'>$Lang::tr{'click to enable'}</td>
 		<td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
 		<td class='base'>$Lang::tr{'edit'}</td>
+		<td>&nbsp; &nbsp; <img src='/images/urlfilter/copy.gif' alt='$Lang::tr{'urlfilter copy rule'}' /></td>
+		<td class='base'>$Lang::tr{'urlfilter copy rule'}</td>
 		<td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
 		<td class='base'>$Lang::tr{'remove'}</td>
 	</tr>
@@ -2385,6 +2485,26 @@ print "</form>\n";
 
 sub savesettings
 {
+	# transform to pre1.8 client definitions
+	@clients = split(/\n/,$filtersettings{'UNFILTERED_CLIENTS'});
+	undef $filtersettings{'UNFILTERED_CLIENTS'};
+	foreach(@clients)
+	{
+		s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+		$filtersettings{'UNFILTERED_CLIENTS'} .= "$_ ";
+	}
+	$filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+$//;
+
+	# transform to pre1.8 client definitions
+	@clients = split(/\n/,$filtersettings{'BANNED_CLIENTS'});
+	undef $filtersettings{'BANNED_CLIENTS'};
+	foreach(@clients)
+	{
+		s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+		$filtersettings{'BANNED_CLIENTS'} .= "$_ ";
+	}
+	$filtersettings{'BANNED_CLIENTS'} =~ s/\s+$//;
+
 	&writeconfigfile;
 
 	delete $filtersettings{'CUSTOM_BLACK_DOMAINS'};
@@ -2395,6 +2515,13 @@ sub savesettings
 	delete $filtersettings{'BACKGROUND'};
 	delete $filtersettings{'UPDATEFILE'};
 
+	system("chown -R nobody.nobody $dbdir");
+	system('/usr/bin/squidGuard -C custom/allowed/domains >/dev/null 2>&1');
+	system('/usr/bin/squidGuard -C custom/allowed/urls >/dev/null 2>&1');
+	system('/usr/bin/squidGuard -C custom/blocked/domains >/dev/null 2>&1');
+	system('/usr/bin/squidGuard -C custom/blocked/urls >/dev/null 2>&1 ');
+	&setpermissions ($dbdir);
+
 	&General::writehash("${General::swroot}/urlfilter/settings", \%filtersettings);
 }
 
@@ -2403,20 +2530,15 @@ sub savesettings
 sub readblockcategories
 {
 	undef(@categories);
-	foreach $blacklist (<$dbdir/*>) {
-	  if (-d $blacklist) {
-	    $lastslashpos = rindex($blacklist,"/");
-	    if ($lastslashpos > -1) {
-	      $section = substr($blacklist,$lastslashpos+1);
-	    } else {
-	      $section = $blacklist;
-	    }
-	    if (!($section eq 'custom')) { push(@categories,$section) };
-	  }
-	}
+
+	&getblockcategory ($dbdir);
+
+	foreach (@categories) { $_ = substr($_,length($dbdir)+1); }
 
 	@filtergroups = @categories;
+
 	foreach (@filtergroups) {
+		s/\//_/g;
         	tr/a-z/A-Z/;
 	        $_ = "FILTER_".$_;
 	}
@@ -2424,6 +2546,23 @@ sub readblockcategories
 
 # -------------------------------------------------------------------
 
+sub getblockcategory
+{
+	foreach $category (<$_[0]/*>)
+	{
+		if (-d $category)
+		{
+			if ((-e "$category/domains") || (-e "$category/urls"))
+			{
+				unless ($category =~ /\bcustom\b/) { push(@categories,$category); }
+			}
+			&getblockcategory ($category);
+		}
+	}
+}
+
+# -------------------------------------------------------------------
+
 sub readcustomlists
 {
 	if (-e "$dbdir/custom/blocked/domains") {
@@ -2488,7 +2627,7 @@ sub aggregatedconstraints
 			foreach (@new)
 			{
 				@tmp2 = split(/\,/);
-				if ($tmp2[15] eq 'on')
+				if (($tmp1[15] eq 'on') && ($tmp2[15] eq 'on'))
 				{
 					if (($tmp1[0] eq $tmp2[0]) && ($tmp1[12] eq $tmp2[12]) && ($tmp1[13] eq $tmp2[13]) && ($tmp1[14] eq $tmp2[14]))
 					{
@@ -2530,10 +2669,31 @@ sub aggregatedconstraints
 
 # -------------------------------------------------------------------
 
+sub setpermissions
+{
+	my $bldir = $_[0];
+
+	foreach $category (<$bldir/*>)
+	{
+        	 if (-d $category){
+			system("chmod 755 $category &> /dev/null");
+			foreach $blacklist (<$category/*>)
+			{
+         			if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); }
+         			if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); }
+			}
+        	 	system("chmod 666 $category/*.db &> /dev/null");
+			&setpermissions ($category);
+		}
+	 }
+}
+
+# -------------------------------------------------------------------
+
 sub writeconfigfile
 {
 	my $executables = "\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
-	my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv\)\$";
+	my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$";
 	my $archives = "\\.\(bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
 
 	my $ident = " anonymous";
@@ -2583,9 +2743,9 @@ sub writeconfigfile
 			if ($filtersettings{'SHOW_URL'} eq 'on') { $redirect .= "&url=%u"; }
 			if ($filtersettings{'SHOW_IP'} eq 'on') { $redirect .= "&ip=%a"; }
 			$redirect  =~ s/^&/?/;
-			$redirect = "http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/redirect.cgi".$redirect; 
+			$redirect = "http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/redirect.cgi".$redirect;
 		} else {
-			$redirect="http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/redirect.cgi";
+			$redirect="http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/redirect.cgi";
 		}
 	} else { $redirect=$filtersettings{'REDIRECT_PAGE'}; }
 
@@ -2630,6 +2790,8 @@ sub writeconfigfile
 		$defaultrule .= "any";
 	}
 
+	$defaultrule =~ s/\//_/g;
+
 	open(FILE, ">${General::swroot}/urlfilter/squidGuard.conf") or die "Unable to write squidGuard.conf file";
 	flock(FILE, 2);
 
@@ -2648,14 +2810,14 @@ sub writeconfigfile
 
 	if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
 	{
-		print FILE "rewrite rew-rule-0 {\n";
+		print FILE "rewrite rew-rule-1 {\n";
 
 		if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
 		{
 			print FILE "    # rewrite localfiles\n";
 			foreach (@repositoryfiles)
 			{
-				print FILE "    s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:81/repository/$_\@i\n";
+				print FILE "    s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
 			}
 		}
 
@@ -2672,13 +2834,13 @@ sub writeconfigfile
 		print FILE "}\n\n";
 
 		if ((!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) && ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) {
-			print FILE "rewrite rew-rule-1 {\n";
+			print FILE "rewrite rew-rule-2 {\n";
 			if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
 			{
 				print FILE "    # rewrite localfiles\n";
 				foreach (@repositoryfiles)
 				{
-					print FILE "    s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:81/repository/$_\@i\n";
+					print FILE "    s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
 				}
 			} else {
 				print FILE "    # rewrite nothing\n";
@@ -2687,6 +2849,26 @@ sub writeconfigfile
 		}
 	}
 
+	if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
+		print FILE "src unfiltered {\n";
+		print FILE "    ip $filtersettings{'UNFILTERED_CLIENTS'}\n";
+		print FILE "}\n\n";
+	}
+	if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
+		print FILE "src banned {\n";
+		print FILE "    ip $filtersettings{'BANNED_CLIENTS'}\n";
+		if ($filtersettings{'ENABLE_LOG'} eq 'on')
+		{
+			if ($filtersettings{'ENABLE_CATEGORY_LOG'} eq 'on')
+			{
+				print FILE "    logfile       ".$ident." banned.log\n";
+			} else {
+				print FILE "    logfile       ".$ident." urlfilter.log\n";
+			}
+		}
+		print FILE "}\n\n";
+	}
+
 	if (-e $uqfile)
 	{
 		open(UQ, $uqfile);
@@ -2733,7 +2915,30 @@ sub writeconfigfile
 			{
 				$idx++;
 				print FILE "src network-$idx {\n";
-				print FILE "    ip $tc[12]\n";
+				@clients = split(/ /,$tc[12]);
+				@temp = split(/-/,$clients[0]);
+				if ( (&General::validipormask($temp[0])) || (&General::validipandmask($temp[0])))
+				{
+					print FILE "    ip $tc[12]\n";
+				} else {
+					print FILE "    user";
+					@clients = split(/ /,$tc[12]);
+					foreach $line (@clients)
+					{
+						$line =~ s/(^\w+)\\(\w+$)/$1%5c$2/;
+						print FILE " $line";
+					}
+					print FILE "\n";
+				}
+				if (($filtersettings{'ENABLE_LOG'} eq 'on') && ($tc[14] eq 'block') && ($tc[13] eq 'any'))
+				{
+					if ($filtersettings{'ENABLE_CATEGORY_LOG'} eq 'on')
+					{
+						print FILE "    logfile       ".$ident." timeconst.log\n";
+					} else {
+						print FILE "    logfile       ".$ident." urlfilter.log\n";
+					}
+				}
 				print FILE "}\n\n";
 			}
 		}
@@ -2753,31 +2958,40 @@ sub writeconfigfile
 		}
 	}
 
-	if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
-		print FILE "src unfiltered {\n";
-		print FILE "    ip $filtersettings{'UNFILTERED_CLIENTS'}\n";
-		print FILE "}\n\n";
-	}
-	if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
-		print FILE "src banned {\n";
-		print FILE "    ip $filtersettings{'BANNED_CLIENTS'}\n";
-		print FILE "}\n\n";
-	}
-
 	foreach $category (@categories) {
+		$blacklist = $category;
+		$category =~ s/\//_/g;
+		
+		if ( $filtersettings{"FILTER_".uc($category)} ne "on" ){
+			my $constraintrule = "false";
+			
+			foreach (@tclist){
+				chomp;
+				@tc = split(/\,/);
+				$tc[13] =~ s/\//_/g;
+				if ($tc[15] eq 'on' && $tc[13] =~ $category){
+					$constraintrule = "true";
+				}
+			}
+			
+			if ( $constraintrule eq "false"){
+				next;
+			}
+		}
+		
 		print FILE "dest $category {\n";
-		if (-e "$dbdir/$category/domains") {
-			print FILE "    domainlist     $category\/domains\n";
+		if (-e "$dbdir/$blacklist/domains") {
+			print FILE "    domainlist     $blacklist\/domains\n";
 		}
-		if (-e "$dbdir/$category/urls") {
-			print FILE "    urllist        $category\/urls\n";
+		if (-e "$dbdir/$blacklist/urls") {
+			print FILE "    urllist        $blacklist\/urls\n";
 		}
-		if ((-e "$dbdir/$category/expressions") && ($filtersettings{'ENABLE_EXPR_LISTS'} eq 'on')) {
-			print FILE "    expressionlist $category\/expressions\n";
+		if ((-e "$dbdir/$blacklist/expressions") && ($filtersettings{'ENABLE_EXPR_LISTS'} eq 'on')) {
+			print FILE "    expressionlist $blacklist\/expressions\n";
 		}
-		if (($category eq 'ads') && ($filtersettings{'ENABLE_EMPTY_ADS'} eq 'on'))
+		if ((($category eq 'ads') || ($category eq 'adv')) && ($filtersettings{'ENABLE_EMPTY_ADS'} eq 'on'))
 		{
-			print FILE "    redirect       http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/images/urlfilter/1x1.gif\n";
+			print FILE "    redirect       http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/images/urlfilter/1x1.gif\n";
 		}
 		if ($filtersettings{'ENABLE_LOG'} eq 'on')
 		{
@@ -2789,8 +3003,9 @@ sub writeconfigfile
 			}
 		}
 		print FILE "}\n\n";
+		$category = $blacklist;
 	}
-	
+
 	print FILE "dest files {\n";
 	print FILE "    expressionlist custom\/blocked\/files\n";
 	if ($filtersettings{'ENABLE_LOG'} eq 'on')
@@ -2842,7 +3057,7 @@ sub writeconfigfile
 		print FILE "        pass all\n";
 		if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
 		{
-			print FILE "        rewrite rew-rule-1\n";
+			print FILE "        rewrite rew-rule-2\n";
 		}
 		print FILE "    }\n\n";
 	}
@@ -2894,6 +3109,7 @@ sub writeconfigfile
 			chomp;
 			@tc = split(/\,/);
 			@ec = split(/\|/,$tc[13]);
+			foreach (@ec) { s/\//_/g; }
 			if ($tc[15] eq 'on')
 			{
 				$idx++;
@@ -2939,12 +3155,17 @@ sub writeconfigfile
 						print FILE $tcrule unless ((@ec == 1) && ($ec[0] eq 'any'));
 					} else {
 						$tcrule = $defaultrule;
-						foreach (@ec)
+						if ((@ec == 1) && ($ec[0] eq 'any'))
 						{
-							$tcrule =~ s/!$_ //;
-							print FILE "$_ " if ($_ eq 'any');
+							print FILE "any";
+						} else {
+							foreach (@ec)
+							{
+								$tcrule = "$_ ".$tcrule unless (index($defaultrule,"!".$_." ") ge 0);
+								$tcrule =~ s/!$_ //;
+							}
+							print FILE $tcrule;
 						}
-						print FILE $tcrule unless ((@ec == 1) && ($ec[0] eq 'any'));
 					}
 				}
 
@@ -2968,7 +3189,7 @@ sub writeconfigfile
 	}
 	if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
 	{
-		print FILE "        rewrite rew-rule-0\n";
+		print FILE "        rewrite rew-rule-1\n";
 	}
 	print FILE "        redirect $redirect\n";
 	print FILE "    }\n";