From 03fe4081127edfaf692bec0980b0f82b5aa0ac6c Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 17 May 2021 18:42:01 +0100 Subject: [PATCH 01/66] general-functions.pl: Add "safe" system commands Signed-off-by: Michael Tremer --- config/cfgroot/general-functions.pl | 71 +++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index a6656ccf5..96a826a15 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -28,6 +28,77 @@ $General::adminmanualurl = 'http://wiki.ipfire.org'; require "${General::swroot}/network-functions.pl"; +# This function executes a shell command without forking a shell or do any other +# Perl-voodoo before it. It deprecates the "system" command and is the only way +# to call shell commands. +sub safe_system($) { + my @command = @_; + + system { ${command[0]} } @command; + + # Return exit code + return $? >> 8; +} + +# Calls a process in the background and returns nothing +sub system_background($) { + my $pid = fork(); + + unless ($pid) { + my $rc = &system(@_); + exit($rc); + } + + return 0; +} + +# Returns the output of a shell command +sub system_output($) { + my @command = @_; + my $pid; + my @output = (); + + unless ($pid = open(OUTPUT, "-|")) { + open(STDERR, ">&STDOUT"); + exec { ${command[0]} } @command; + die "Could not execute @command: $!"; + } + + waitpid($pid, 0); + + while () { + push(@output, $_); + } + close(OUTPUT); + + return @output; +} + +# Calls a shell command and throws away the output +sub system($) { + my @command = @_; + + open(SAVEOUT, ">&STDOUT"); + open(SAVEERR, ">&STDERR"); + + open(STDOUT, ">/dev/null"); + open(STDERR, ">&STDOUT"); + + select(STDERR); $|=1; + select(STDOUT); $|=1; + + my $rc = &safe_system(@command); + + close(STDOUT); + close(STDERR); + + # Restore + open(STDOUT, ">&SAVEOUT"); + open(STDERR, ">&SAVEERR"); + + return $rc; +} + # Function to remove duplicates from an array sub uniq { my %seen; grep !$seen{$_}++, @_ } From bce859434884b3d147b75eb1ab085b937353d436 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 17 May 2021 19:18:42 +0100 Subject: [PATCH 02/66] pakfire.cgi: Use new system methods Signed-off-by: Michael Tremer --- html/cgi-bin/pakfire.cgi | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi index faaeb4222..631587ce2 100644 --- a/html/cgi-bin/pakfire.cgi +++ b/html/cgi-bin/pakfire.cgi @@ -57,12 +57,10 @@ sub refreshpage{&Header::openbox( 'Waiting', 1, "$Lang::tr{'pakfire install package'}.$cgiparams{'INSPAKS'}.$Lang::tr{'pakfire possible dependency'} 
@@ -97,12 +95,10 @@ END
 
 	$cgiparams{'DELPAKS'} =~ s/\|/\ /g;
 	if ("$cgiparams{'FORCE'}" eq "on") {
-		my $command = "/usr/local/bin/pakfire remove --non-interactive --no-colors $cgiparams{'DELPAKS'} &>/dev/null &";
-		system("$command");
-		system("/bin/sleep 1");
+		&General::system_background("/usr/local/bin/pakfire", "remove", "--non-interactive", "--no-colors", $cgiparams{'DELPAKS'});
 	} else {
 		&Header::openbox("100%", "center", $Lang::tr{'request'});
-		my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $cgiparams{'DELPAKS'}`;
+		my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", $cgiparams{'DELPAKS'});
 		print <$Lang::tr{'pakfire uninstall package'}.$cgiparams{'DELPAKS'}.$Lang::tr{'pakfire possible dependency'}
 		
@@ -135,13 +131,9 @@ END
 	}
 
 } elsif (($cgiparams{'ACTION'} eq 'update') && (! -e $Pakfire::lockfile)) {
-
-	system("/usr/local/bin/pakfire update --force --no-colors &>/dev/null &");
-	system("/bin/sleep 1");
+	&General::system_background("/usr/local/bin/pakfire", "update", "--force", "--no-colors");
 } elsif (($cgiparams{'ACTION'} eq 'upgrade') && (!-e $Pakfire::lockfile)) {
-	my $command = "/usr/local/bin/pakfire upgrade -y --no-colors &>/dev/null &";
-	system("$command");
-	system("/bin/sleep 1");
+	&General::system_background("/usr/local/bin/pakfire", "upgrade", "-y", "--no-colors");
 } elsif ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
 	$pakfiresettings{"TREE"} = $cgiparams{"TREE"};
 
@@ -154,7 +146,7 @@ END
 		&General::writehash("${General::swroot}/pakfire/settings", \%pakfiresettings);
 
 		# Update lists
-		system("/usr/local/bin/pakfire update --force --no-colors &>/dev/null &");
+		&General::system_background("/usr/local/bin/pakfire", "update", "--force", "--no-colors");
 	}
 }
 

From c4391a0181b5bff0ac2db8efcdcefc9e20c3e098 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:20:06 +0100
Subject: [PATCH 03/66] aliases.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/aliases.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi
index 4e61eb65e..85ed27204 100644
--- a/html/cgi-bin/aliases.cgi
+++ b/html/cgi-bin/aliases.cgi
@@ -567,7 +567,7 @@ sub SortDataFile
 #
 sub BuildConfiguration {
     # Restart service associated with this
-    system '/usr/local/bin/setaliases';
+    &General::system('/usr/local/bin/setaliases');
 }
 
 #

From a87366f5f40da94db11dffec2864b3514988fd43 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:28:24 +0100
Subject: [PATCH 04/66] backup.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/backup.cgi | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/html/cgi-bin/backup.cgi b/html/cgi-bin/backup.cgi
index 683f8add4..84c015314 100644
--- a/html/cgi-bin/backup.cgi
+++ b/html/cgi-bin/backup.cgi
@@ -54,7 +54,7 @@ $cgiparams{'BACKUPLOGS'} = '';
 ############################################################################################################################
 ################################################ Workaround for Directories ################################################
 
-system("/usr/local/bin/backupctrl makedirs >/dev/null 2>&1 ") unless ( -e '/var/ipfire/backup/addons/backup') ;
+&General::system("/usr/local/bin/backupctrl", "makedirs") unless ( -e '/var/ipfire/backup/addons/backup') ;
 
 ############################################################################################################################
 ############################################## System calls ohne Http Header ###############################################
@@ -85,7 +85,7 @@ if ($cgiparams{'ACTION'} eq "download") {
 		print UPLOADFILE;
 		}
 		close UPLOADFILE;
-		system("/usr/local/bin/backupctrl restore >/dev/null 2>&1");
+		&General::system("/usr/local/bin/backupctrl", "restore");
 }
 elsif ( $cgiparams{'ACTION'} eq "restoreaddon" )
 {
@@ -99,7 +99,7 @@ elsif ( $cgiparams{'ACTION'} eq "restoreaddon" )
 		print UPLOADFILE;
 		}
 		close UPLOADFILE;
-		system("/usr/local/bin/backupctrl restoreaddon ".$temp[$#temp]." >/dev/null 2>&1");
+		&General::system("/usr/local/bin/backupctrl", "restoreaddon", $temp[$#temp]);
 }
 
 &Header::showhttpheaders();
@@ -115,11 +115,11 @@ sub refreshpage{&Header::openbox( 'Waiting', 1, "/dev/null 2>&1");
+		&General::system("/usr/local/bin/backupctrl", "include");
 	} elsif ( $cgiparams{'BACKUPLOGS'} eq "exclude" ) {
-		system("/usr/local/bin/backupctrl exclude >/dev/null 2>&1");
+		&General::system("/usr/local/bin/backupctrl", "exclude");
 	} elsif ( $cgiparams{'BACKUPLOGS'} eq "iso" ) {
-		system("/usr/local/bin/backupctrl iso >/dev/null 2>&1");
+		&General::system("/usr/local/bin/backupctrl", "iso");
 	}
 }
 if ( $cgiparams{'ACTION'} eq "addonbackup" )
@@ -130,14 +130,14 @@ if ( $cgiparams{'ACTION'} eq "addonbackup" )
 	# Check if the addon exists
 	exit(1) unless (-e "/var/ipfire/backup/addons/includes/$cgiparams{'ADDON'}");
 
-	system("/usr/local/bin/backupctrl addonbackup $cgiparams{'ADDON'} >/dev/null 2>&1");
+	&General::system("/usr/local/bin/backupctrl", "addonbackup", "$cgiparams{'ADDON'}");
 }
 elsif ( $cgiparams{'ACTION'} eq "delete" )
 {
 	my $file = &sanitise_file($cgiparams{'FILE'});
 	exit(1) unless defined($file);
 
-	system("/usr/local/bin/backupctrl $file >/dev/null 2>&1");
+	&General::system("/usr/local/bin/backupctrl", "$file");
 }
 
 ############################################################################################################################

From 32d34774d3d5eb996db063d8d063050280a8eb5a Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:32:50 +0100
Subject: [PATCH 05/66] captive.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/captive.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/captive.cgi b/html/cgi-bin/captive.cgi
index 51c5d45f2..ce666381c 100755
--- a/html/cgi-bin/captive.cgi
+++ b/html/cgi-bin/captive.cgi
@@ -64,7 +64,7 @@ my $errormessage='';
 my $clients="${General::swroot}/captive/clients";
 my %clientshash=();
 my $settingsfile="${General::swroot}/captive/settings";
-unless (-e $settingsfile)	{ system("touch $settingsfile"); }
+unless (-e $settingsfile)	{ &General::system("touch $settingsfile"); }
 
 &Header::getcgihash(\%cgiparams);
 

From ea9ad05e3800a982a9133cabcb23adeb865a8eaa Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:34:15 +0100
Subject: [PATCH 06/66] ddns.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/ddns.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi
index 7e4ddb5b7..e30aa3d4f 100644
--- a/html/cgi-bin/ddns.cgi
+++ b/html/cgi-bin/ddns.cgi
@@ -342,7 +342,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'edit'}) {
 # Handle forced updates.
 #
 if ($settings{'ACTION'} eq $Lang::tr{'instant update'}) {
-    system(@ddnsprog) == 0 or die "@ddnsprog failed: $?\n";
+    &General::system(@ddnsprog) == 0 or die "@ddnsprog failed: $?\n";
 }
 
 #

From dfdf076d71677d0fe2a7d611e56815586f3a0e84 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:37:07 +0100
Subject: [PATCH 07/66] dhcp.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/dhcp.cgi | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
index 388c4d240..58891f9c5 100644
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -1330,7 +1330,7 @@ sub buildconf {
 		print FILE "}\n\n";
 	    }
 
-	    system ('/usr/bin/touch', "${General::swroot}/dhcp/enable_${lc_itf}");
+	    &General::system('/usr/bin/touch', "${General::swroot}/dhcp/enable_${lc_itf}");
 	    &General::log("DHCP on ${itf}: " . $Lang::tr{'dhcp server enabled'})
 	} else {
 	    unlink "${General::swroot}/dhcp/enable_${lc_itf}";
@@ -1357,9 +1357,9 @@ sub buildconf {
     }
     print FILE "include \"${General::swroot}/dhcp/dhcpd.conf.local\";\n";
     close FILE;
-    if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {system '/usr/local/bin/dhcpctrl enable >/dev/null 2>&1';}
-    else {system '/usr/local/bin/dhcpctrl disable >/dev/null 2>&1';}
-    system '/usr/local/bin/dhcpctrl restart >/dev/null 2>&1 &';
+    if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {&General::system('/usr/local/bin/dhcpctrl', 'enable');}
+    else {&General::system('/usr/local/bin/dhcpctrl', 'disable');}
+    &General::system_background('/usr/local/bin/dhcpctrl', 'restart');
 }
 
 #

From 8a1e6afef57f63d8955ddb165395c09227d0b2ac Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:38:18 +0100
Subject: [PATCH 08/66] dns.cgi: Use new system commands

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/dns.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi
index 7dc113582..0a34d3fd6 100755
--- a/html/cgi-bin/dns.cgi
+++ b/html/cgi-bin/dns.cgi
@@ -48,8 +48,8 @@ my $settings_file = "${General::swroot}/dns/settings";
 my $servers_file = "${General::swroot}/dns/servers";
 
 # Create files if the does not exist.
-unless (-f $settings_file) { system("touch $settings_file") };
-unless (-f $servers_file) { system("touch $servers_file") };
+unless (-f $settings_file) { &General::system("touch", "$settings_file") };
+unless (-f $servers_file) { &General::system("touch", "$servers_file") };
 
 # File which stores the ISP assigned DNS servers.
 my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
@@ -844,7 +844,7 @@ sub _handle_unbound_and_more () {
 		&IDS::call_suricatactrl("restart");
 	}
 	# Restart unbound
-	system('/usr/local/bin/unboundctrl reload >/dev/null');
+	&General::system('/usr/local/bin/unboundctrl', 'reload');
 }
 
 # Check if the system is online (RED is connected).

From 761c08a7c7eb89797f8316c8f69af965e7c9d768 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:39:41 +0100
Subject: [PATCH 09/66] dnsforward.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/dnsforward.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/dnsforward.cgi b/html/cgi-bin/dnsforward.cgi
index 749d1216a..e2843a81f 100644
--- a/html/cgi-bin/dnsforward.cgi
+++ b/html/cgi-bin/dnsforward.cgi
@@ -124,7 +124,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
 		}
 	}
 	# Restart unbound
-	system('/usr/local/bin/unboundctrl reload >/dev/null');
+	&General::system('/usr/local/bin/unboundctrl', 'reload');
 }
 
 ###
@@ -142,7 +142,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
 	}
 	close(FILE);
 	# Restart unbound.
-	system('/usr/local/bin/unboundctrl reload >/dev/null');
+	&General::system('/usr/local/bin/unboundctrl', 'reload');
 }
 
 ###
@@ -169,7 +169,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
 	}
 	close(FILE);
 	# Restart unbound.
-	system('/usr/local/bin/unboundctrl reload >/dev/null');
+	&General::system('/usr/local/bin/unboundctrl', 'reload');
 }
 
 ###

From 0483dca6292cfd14a9a37f89e75185520eaeee02 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:41:08 +0100
Subject: [PATCH 10/66] extrahd.cgi: Use new system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/extrahd.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/extrahd.cgi b/html/cgi-bin/extrahd.cgi
index aaf42baff..e277abd51 100644
--- a/html/cgi-bin/extrahd.cgi
+++ b/html/cgi-bin/extrahd.cgi
@@ -53,8 +53,8 @@ my $partitionsfile = "/var/ipfire/extrahd/partitions";
 my @dummy = ( ${Header::colourgreen}, ${Header::colourred} );
 undef (@dummy);
 
-system("/usr/local/bin/extrahdctrl scanhd ide >/dev/null");
-system("/usr/local/bin/extrahdctrl scanhd partitions >/dev/null");
+&General::system("/usr/local/bin/extrahdctrl", "scanhd", "ide");
+&General::system("/usr/local/bin/extrahdctrl", "scanhd", "partitions");
 
 &Header::showhttpheaders();
 
@@ -98,7 +98,7 @@ if ($extrahdsettings{'ACTION'} eq $Lang::tr{'add'})
 UUID=$extrahdsettings{'UUID'};$extrahdsettings{'FS'};$extrahdsettings{'PATH'};
 END
 ;
-	system("/usr/local/bin/extrahdctrl mount $extrahdsettings{'PATH'}");
+	&General::system("/usr/local/bin/extrahdctrl", "mount", "$extrahdsettings{'PATH'}");
 	}
 } 
 elsif ($extrahdsettings{'ACTION'} eq $Lang::tr{'delete'}) 

From f5f181838ffb6556c50995a16112257f6badc30f Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:42:23 +0100
Subject: [PATCH 11/66] fireinfo.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/fireinfo.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/fireinfo.cgi b/html/cgi-bin/fireinfo.cgi
index dfc741fde..c4baa6170 100644
--- a/html/cgi-bin/fireinfo.cgi
+++ b/html/cgi-bin/fireinfo.cgi
@@ -49,14 +49,14 @@ if ( -e "$configfile" ) {
 if ("$fireinfosettings{'ACTION'}" eq "trigger") {
 	if ($fireinfosettings{'ENABLE_FIREINFO'} eq 'off') 	{
 		&General::log($Lang::tr{'fireinfo is enabled'});
-		system ('/usr/bin/touch', $configfile);
+		&General::system('/usr/bin/touch', $configfile);
 		$fireinfosettings{'ENABLE_FIREINFO'} = 'on';
 	} else {
 		&General::log($Lang::tr{'fireinfo is disabled'});
 		unlink "$configfile";
 		$fireinfosettings{'ENABLE_FIREINFO'} = 'off';
 	}
-	system("/usr/local/bin/fireinfoctrl &");
+	&General::system_background("/usr/local/bin/fireinfoctrl");
 }
 
 &Header::openpage('Fireinfo', 1, '');

From 43ecaceb4da5b868f62ae6ff9daf30927fc335e8 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:43:56 +0100
Subject: [PATCH 12/66] firewall.cgi: Use new system commands

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/firewall.cgi | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 4f4d63cc8..70dee8d3c 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -38,11 +38,11 @@ require "${General::swroot}/header.pl";
 require "${General::swroot}/location-functions.pl";
 require "/usr/lib/firewall/firewall-lib.pl";
 
-unless (-d "${General::swroot}/firewall")			{ system("mkdir ${General::swroot}/firewall"); }
-unless (-e "${General::swroot}/firewall/settings")	{ system("touch ${General::swroot}/firewall/settings"); }
-unless (-e "${General::swroot}/firewall/config")	{ system("touch ${General::swroot}/firewall/config"); }
-unless (-e "${General::swroot}/firewall/input")		{ system("touch ${General::swroot}/firewall/input"); }
-unless (-e "${General::swroot}/firewall/outgoing")	{ system("touch ${General::swroot}/firewall/outgoing"); }
+unless (-d "${General::swroot}/firewall")			{ &General::system("mkdir", "${General::swroot}/firewall"); }
+unless (-e "${General::swroot}/firewall/settings")	{ &General::system("touch", "${General::swroot}/firewall/settings"); }
+unless (-e "${General::swroot}/firewall/config")	{ &General::system("touch", "${General::swroot}/firewall/config"); }
+unless (-e "${General::swroot}/firewall/input")		{ &General::system("touch", "${General::swroot}/firewall/input"); }
+unless (-e "${General::swroot}/firewall/outgoing")	{ &General::system("touch", "${General::swroot}/firewall/outgoing"); }
 
 my %fwdfwsettings=();
 my %selected=() ;

From 0b0e6d586bc327dfa5f2b8752e8066a92655a5e7 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:48:26 +0100
Subject: [PATCH 13/66] fwhosts.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/fwhosts.cgi | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 84b018459..35611ac08 100644
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -75,12 +75,12 @@ my $fwoptions 		= "${General::swroot}/optionsfw/settings";
 my $configovpn		= "${General::swroot}/ovpn/settings";
 my $configipsecrw	= "${General::swroot}/vpn/settings";
 
-unless (-e $confignet)    { system("touch $confignet"); }
-unless (-e $confighost)   { system("touch $confighost"); }
-unless (-e $configgrp)    { system("touch $configgrp"); }
-unless (-e $configsrv)    { system("touch $configsrv"); }
-unless (-e $configsrvgrp) { system("touch $configsrvgrp"); }
-unless (-e $configlocationgrp) { system("touch $configlocationgrp"); }
+unless (-e $confignet)    { &General::system("touch", "$confignet"); }
+unless (-e $confighost)   { &General::system("touch", "$confighost"); }
+unless (-e $configgrp)    { &General::system("touch", "$configgrp"); }
+unless (-e $configsrv)    { &General::system("touch", "$configsrv"); }
+unless (-e $configsrvgrp) { &General::system("touch", "$configsrvgrp"); }
+unless (-e $configlocationgrp) { &General::system("touch $configlocationgrp"); }
 
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
 &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);

From c1d77628c397e39a00ee0fa2f491b122825418ca Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:50:15 +0100
Subject: [PATCH 14/66] guardian: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/guardian.cgi | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi
index 552c67211..8ffe57f11 100644
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -67,8 +67,8 @@ my $settingsfile = "${General::swroot}/guardian/settings";
 my $ignoredfile = "${General::swroot}/guardian/ignored";
 
 # Create empty settings and ignoredfile if they do not exist yet.
-unless (-e "$settingsfile") { system("touch $settingsfile"); }
-unless (-e "$ignoredfile") { system("touch $ignoredfile"); }
+unless (-e "$settingsfile") { &General::system("touch", "$settingsfile"); }
+unless (-e "$ignoredfile") { &General::system("touch", "$ignoredfile"); }
 
 our %settings = ();
 our %ignored  = ();
@@ -878,7 +878,7 @@ sub BuildConfiguration() {
 	my $configfile = "${General::swroot}/guardian/guardian.conf";
 
 	# Create the configfile if none exists yet.
-	unless (-e "$configfile") { system("touch $configfile"); }
+	unless (-e "$configfile") { &General::system("touch", "$configfile"); }
 
 	# Open configfile for writing.
 	open(FILE, ">$configfile");
@@ -940,11 +940,11 @@ sub BuildConfiguration() {
 			&Guardian::Socket::Client("reload");
 		} else {
 			# Launch guardian.
-			system("/usr/local/bin/addonctrl guardian start &>/dev/null");
+			&General::system("/usr/local/bin/addonctrl", "guardian", "start");
 		}
 	} else {
 		# Stop the daemon.
-		system("/usr/local/bin/addonctrl guardian stop &>/dev/null");
+		&General::system("/usr/local/bin/addonctrl", "guardian", "stop");
 	}
 }
 
@@ -955,7 +955,7 @@ sub GenerateIgnoreFile() {
 	&General::readhasharray($ignoredfile, \%ignored);
 
 	# Create the guardian.ignore file if not exist yet.
-	unless (-e "$ignorefile") { system("touch $ignorefile"); }
+	unless (-e "$ignorefile") { &General::system("touch", "$ignorefile"); }
 
 	# Open ignorefile for writing.
 	open(FILE, ">$ignorefile");

From 305b72cc7520b62f521671b9f88d768954e30529 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:50:59 +0100
Subject: [PATCH 15/66] gui.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/gui.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/gui.cgi b/html/cgi-bin/gui.cgi
index 1b316a2a2..820296fe2 100644
--- a/html/cgi-bin/gui.cgi
+++ b/html/cgi-bin/gui.cgi
@@ -70,7 +70,7 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}")
         # Set flag if index page is to refresh whilst ppp is up.
         # Default is NO refresh.
         if ($cgiparams{'REFRESHINDEX'} ne 'off') {
-            system ('/usr/bin/touch', "${General::swroot}/main/refreshindex");
+            &General::system('/usr/bin/touch', "${General::swroot}/main/refreshindex");
         } else {
             unlink "${General::swroot}/main/refreshindex";
         }
@@ -78,7 +78,7 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}")
         # Beep on ip-up or ip-down. Default is ON.
         if ($cgiparams{'PPPUPDOWNBEEP'} ne 'on') {
             $cgiparams{'PPPUPDOWNBEEP'} = 'off';
-            system ('/usr/bin/touch', "${General::swroot}/red/nobeeps");
+            &General::system('/usr/bin/touch', "${General::swroot}/red/nobeeps");
         } else {
             unlink "${General::swroot}/red/nobeeps";
         }

From 5c9c1ce9bf23539935742f44cda320aea1ef9238 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:52:03 +0100
Subject: [PATCH 16/66] hosts.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/hosts.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/hosts.cgi b/html/cgi-bin/hosts.cgi
index d9e9cb0af..a99d1364a 100644
--- a/html/cgi-bin/hosts.cgi
+++ b/html/cgi-bin/hosts.cgi
@@ -487,6 +487,6 @@ sub SortDataFile
 # Build the configuration file
 #
 sub BuildConfiguration {
-    system '/usr/local/bin/rebuildhosts';
-    system '/usr/local/bin/unboundctrl reload &>/dev/null';
+    &General::system('/usr/local/bin/rebuildhosts');
+    &General::system('/usr/local/bin/unboundctrl', 'reload');
 }

From 15c3570d1c23d764c34a1acaab11fe0751ef69d9 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:55:14 +0100
Subject: [PATCH 17/66] index.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/index.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 4ac237d0f..fafbe0aa1 100644
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -118,10 +118,10 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'dial profile'})
 }
 
 if ($cgiparams{'ACTION'} eq $Lang::tr{'dial'}) {
-	system('/usr/local/bin/redctrl start > /dev/null') == 0
+	&General::system('/usr/local/bin/redctrl', 'start') == 0
 	or &General::log("Dial failed: $?"); sleep 1;
 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'hangup'}) {
-	system('/usr/local/bin/redctrl stop > /dev/null') == 0
+	&General::system('/usr/local/bin/redctrl', 'stop') == 0
 	or &General::log("Hangup failed: $?"); sleep 1;
 }
 

From 751765b732cc914f45ca123f609af7fc09baa208 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Mon, 17 May 2021 19:57:29 +0100
Subject: [PATCH 18/66] mac.cgi: Use new system methods

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/mac.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/mac.cgi b/html/cgi-bin/mac.cgi
index 161be3421..f4c5aa2d4 100644
--- a/html/cgi-bin/mac.cgi
+++ b/html/cgi-bin/mac.cgi
@@ -94,7 +94,7 @@ if ($macsettings{'ACTION'} eq $Lang::tr{'save'}) {
 	}
 }
 if ($macsettings{'ACTION'} eq $Lang::tr{'reconnect'}) {
-	system("/usr/local/bin/redctrl restart >/dev/null 2>&1 &");
+	&General::system_background("/usr/local/bin/redctrl", "restart");
 	&Header::openbox('100%', 'left', $Lang::tr{'mac address recon'} );
 	print "$Lang::tr{'mac address done'}\n";
 	&Header::closebox();	
@@ -107,7 +107,7 @@ if ($macsettings{'ACTION'} eq $Lang::tr{'delete'} ) {
 }
 if ($macsettings{'ACTION'} eq $Lang::tr{'reboot'}) {
 	&General::log($Lang::tr{'rebooting ipfire'});
-	system("/usr/local/bin/ipfirereboot boot");
+	&General::system("/usr/local/bin/ipfirereboot", "boot");
 	&Header::openbox('100%', 'left', $Lang::tr{'rebooting ipfire'} );
 	print "  

";
 	print "";

From d39c7076acf4db959ec2d8b54e09b1479bb7b7e8 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Mon, 17 May 2021 21:43:48 +0200
Subject: [PATCH 19/66] connections.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/connections.cgi | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi
index 8613b9d9b..00038f1a0 100644
--- a/html/cgi-bin/connections.cgi
+++ b/html/cgi-bin/connections.cgi
@@ -146,6 +146,9 @@ if ($netsettings{'RED_DEV'}) {
 	}
 }
 
+# Call safe system_output function to get all available routes.
+my @all_routes = &General::system_output("/sbin/route", "-n");
+
 # Add Green Firewall Interface
 push(@network, $netsettings{'GREEN_ADDRESS'});
 push(@masklen, "255.255.255.255" );
@@ -157,7 +160,7 @@ push(@masklen, $netsettings{'GREEN_NETMASK'} );
 push(@colour, ${Header::colourgreen} );
 
 # Add Green Routes to Array
-my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`;
+my @routes = grep (/$netsettings{'GREEN_DEV'}/, @all_routes);
 foreach my $route (@routes) {
 	chomp($route);
 	my @temp = split(/[\t ]+/, $route);
@@ -178,7 +181,7 @@ if ($netsettings{'BLUE_DEV'}) {
 	push(@colour, ${Header::colourblue} );
 
 	# Add Blue Routes to Array
-	@routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`;
+	@routes = grep(/$netsettings{'BLUE_DEV'}/, @all_routes);
 	foreach my $route (@routes) {
 		chomp($route);
 		my @temp = split(/[\t ]+/, $route);
@@ -199,7 +202,7 @@ if ($netsettings{'ORANGE_DEV'}) {
 	push(@masklen, $netsettings{'ORANGE_NETMASK'} );
 	push(@colour, ${Header::colourorange} );
 	# Add Orange Routes to Array
-	@routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`;
+	@routes = grep(/$netsettings{'ORANGE_DEV'}/, @all_routes);
 	foreach my $route (@routes) {
 		chomp($route);
 		my @temp = split(/[\t ]+/, $route);

From 2bbf176619985f552e2418e167100425163aa5e7 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Mon, 17 May 2021 22:25:44 +0200
Subject: [PATCH 20/66] dhcp.cgi: Use perl built-in grep

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/dhcp.cgi | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
index 58891f9c5..4c9fff835 100644
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -130,6 +130,15 @@ open(FILE, "$filename2") or die 'Unable to open fixed leases file.';
 our @current2 = ;
 close(FILE);
 
+# Open and read-in file which contains the list of allowed advanced options.
+open(FILE, $filename3) or die "Could not open $filename3. $!\n"
+
+# Grab file content.
+my @advoptions_list = ;
+
+# Close file handle.
+close(FILE);
+
 # Check Settings1 first because they are needed by &buildconf
 if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
     foreach my $itf (@ITFs) {
@@ -338,7 +347,7 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'add'}.'1' &&
 	map ($dhcpsettings{"ADVOPT_SCOPE_$_"} = 'off', @ITFs);	# force global
     } elsif (ValidNewOption ($dhcpsettings{'ADVOPT_NAME'} . ' ' . $dhcpsettings{'ADVOPT_DATA'})) {
 	#was a new option
-    } elsif (! `grep "\$option $dhcpsettings{'ADVOPT_NAME'} " $filename3`) {
+    } elsif (! grep(/option $dhcpsettings{'ADVOPT_NAME'}/, @advoptions_list)) {
 	$errormessage=$Lang::tr{'dhcp advopt unknown'}.': '.$dhcpsettings{'ADVOPT_NAME'};
     }
 
@@ -714,7 +723,11 @@ if ($dhcpsettings{'KEY1'} ne '') {
 }
 
 #search if the 'option' is in the list and print the syntax model
-my $opt = `grep "\$option $dhcpsettings{'ADVOPT_NAME'} " $filename3`;
+my @opt = grep(/option $dhcpsettings{'ADVOPT_NAME'}/, @advoptions_list);
+
+# Assign array element to variable and remove newlines.
+my $opt = chomp(@opt[0]);
+
 if ($opt ne '') {
    $opt =~ s/option $dhcpsettings{'ADVOPT_NAME'}/Syntax:/;  # "option xyz abc" => "syntax: abc"
    $opt =~ s/;//;

From 3a69c4fbbc668771a1062a35b2f5262b88401530 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Mon, 17 May 2021 22:32:21 +0200
Subject: [PATCH 21/66] extrahd.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/extrahd.cgi | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/extrahd.cgi b/html/cgi-bin/extrahd.cgi
index e277abd51..154efd7b2 100644
--- a/html/cgi-bin/extrahd.cgi
+++ b/html/cgi-bin/extrahd.cgi
@@ -103,7 +103,7 @@ END
 } 
 elsif ($extrahdsettings{'ACTION'} eq $Lang::tr{'delete'}) 
 {
-	if ( `/usr/local/bin/extrahdctrl umount $extrahdsettings{'PATH'}` ) {
+	if ( &General::system("/usr/local/bin/extrahdctrl", "umount", "$extrahdsettings{'PATH'}")) {
 		open( FILE, "< $devicefile" ) or die "Unable to read $devicefile";
 		@tmp = ;
 		close FILE;
@@ -143,7 +143,11 @@ END
 	{
 		@deviceline = split( /\;/, $deviceentry );
 		my $color="$Header::colourred";
-		if ( ! `/bin/mountpoint $deviceline[2] | grep " not "`  ) {
+
+		# Use safe system_output to get mountpoint details.
+		my @mountpoint = &General::system_output("/bin/mountpoint", "$deviceline[2]");
+
+		if ( ! grep(/not/, @mountpoint)) {
 			$color=$Header::colourgreen;
 		}
 		print <
Date: Mon, 17 May 2021 22:49:15 +0200
Subject: [PATCH 22/66] hardwaregraphs.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/hardwaregraphs.cgi | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/html/cgi-bin/hardwaregraphs.cgi b/html/cgi-bin/hardwaregraphs.cgi
index 813d32f7b..f69bcd27b 100644
--- a/html/cgi-bin/hardwaregraphs.cgi
+++ b/html/cgi-bin/hardwaregraphs.cgi
@@ -38,10 +38,10 @@ my %mainsettings = ();
 my %sensorsettings = ();
 
 my @sensorsgraphs = ();
-my @sensorsdir = `ls -dA $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/`;
+my @sensorsdir = &General::system_output("ls", "-dA", "$mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/");
 foreach (@sensorsdir){
 	chomp($_);chop($_);
-	foreach (`ls $_/*`){
+	foreach (&General::system_output("ls", "$_/*") ){
 		chomp($_);
 		push(@sensorsgraphs,$_);
 	}
@@ -97,6 +97,7 @@ if ( $querry[0] =~ "hwtemp"){
 		&General::writehash("${General::swroot}/sensors/settings", \%sensorsettings);
 	}
 
+	# This should be save, because no user given content will be processed.
 	my @disks = `ls -1 /sys/block | grep -E '^sd|^nvme' | sort | uniq`;
 
 	foreach (@disks){
@@ -109,31 +110,31 @@ if ( $querry[0] =~ "hwtemp"){
 		&Header::closebox();
 	}
 
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/thermal-thermal_zone* 2>/dev/null` ) {
+	if ( &General::system_output("ls", "$mainsettings{'RRDLOG'}/collectd/localhost/thermal-thermal_zone*") ) {
 		&Header::openbox('100%', 'center', "ACPI Thermal-Zone Temp $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","thermaltemp","day");
 		&Header::closebox();
 	}
 
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/temperature-* 2>/dev/null` ) {
+	if ( &General::system_output("ls", "$mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/temperature-*") ) {
 		&Header::openbox('100%', 'center', "hwtemp $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","hwtemp","day");
 		Header::closebox();
 	}
 
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/fanspeed-* 2>/dev/null` ) {
+	if ( &General::system_output("ls", "$mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/fanspeed-*") ) {
 		&Header::openbox('100%', 'center', "hwfan $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","hwfan","day");
 		&Header::closebox();
 	}
 
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/voltage-* 2>/dev/null` ) {
+	if ( &General::system_output("ls", "$mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/voltage-*") ) {
 		&Header::openbox('100%', 'center', "hwvolt $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","hwvolt","day");
 		&Header::closebox();
 	}
 
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-* 2>/dev/null` ) {
+	if ( &General::system_output("ls", "$mainsettings{'RRDLOG'}/collectd/localhost/sensors-*") ) {
 		sensorsbox();
 	}
 	&Header::closebigbox();

From 4353c579248b3016740252009b4ed15a4c6f8fe3 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Mon, 17 May 2021 22:53:23 +0200
Subject: [PATCH 23/66] memory.cgi: Use perl mechanism to check if the rrd file
 for the swap exists.

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/memory.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/memory.cgi b/html/cgi-bin/memory.cgi
index 89fa7d14a..dea7e3668 100644
--- a/html/cgi-bin/memory.cgi
+++ b/html/cgi-bin/memory.cgi
@@ -56,7 +56,7 @@ if ( $querry[0] =~ "memory"){
 	&Graphs::makegraphbox("memory.cgi","memory","day");
 	&Header::closebox();
 
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/swap 2>/dev/null` ) {
+	if (-f $mainsettings{'RRDLOG'}/collectd/localhost/swap) {
 	    &Header::openbox('100%', 'center', "Swap $Lang::tr{'graph'}");
 	    &Graphs::makegraphbox("memory.cgi","swap","day");
 	    &Header::closebox();

From 3f5cb3b7ccdeca87fb5eaaf66436c93aa50280dc Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Mon, 17 May 2021 23:02:53 +0200
Subject: [PATCH 24/66] remote.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/remote.cgi | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/remote.cgi b/html/cgi-bin/remote.cgi
index c76f5129e..576e7628d 100644
--- a/html/cgi-bin/remote.cgi
+++ b/html/cgi-bin/remote.cgi
@@ -254,7 +254,10 @@ sub viewkey
 
   if ( -e $key )
   {
-    my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`);
+    # Use safe system_output function to call ssh-keygen and get the output from the tool.
+    my @ssh_keygen = &General::system_output("/usr/bin/ssh-keygen", "-l", -"-f", "$key");
+
+    my @temp = split(/ /, @ssh_keygen);
     my $keysize = &Header::cleanhtml($temp[0],"y");
     my $fingerprint = &Header::cleanhtml($temp[1],"y");
     print "$key$name$fingerprint$keysize\n";
@@ -264,8 +267,7 @@ sub viewkey
 sub printactivelogins()
 {
 	# print active SSH logins (grep outpout of "who -s")
-	my $command = "who -s";
-	my @output = `$command`;
+	my @output = &General::system_output("who", "-s");
 	chomp(@output);
 
 	my $id = 0;

From 31c46c07585ca71330a97838c2a45933bcb88031 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Mon, 17 May 2021 23:08:01 +0200
Subject: [PATCH 25/66] services.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/services.cgi | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi
index 38b89ef1e..ee4ac185a 100644
--- a/html/cgi-bin/services.cgi
+++ b/html/cgi-bin/services.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2005-2010  IPFire Team                                        #
+# Copyright (C) 2005-2021  IPFire Team                                        #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -221,13 +221,13 @@ sub isautorun{
 	my $cmd = $_[0];
 	my $col = $_[1];
 	my $status = "";
-	my $init = `find /etc/rc.d/rc3.d/S??${cmd} 2>/dev/null`;
-	chomp ($init);
+	my @init = &General::system_output("find", "/etc/rc.d/rc3.d/S??${cmd}");
+	my $init = chomp(@init[0]);
 	if ($init ne ''){
 		$status = "$Lang::tr{";
 	}
-	$init = `find /etc/rc.d/rc3.d/off/S??${cmd} 2>/dev/null`;
-	chomp ($init);
+	@init = &General::system_output("find", "/etc/rc.d/rc3.d/off/S??${cmd}");
+	my $init = chomp (@init[0]);
 	if ($init ne ''){
 		$status = "$Lang::tr{";
 	}
@@ -297,7 +297,8 @@ sub isrunningaddon{
 	my $exename;
 	my @memory;
 
-	my $testcmd = `/usr/local/bin/addonctrl $_ status 2>/dev/null`;
+	my @testcmd = &General::system_output("/usr/local/bin/addonctrl", "$_", "status");
+	my $testcmd = @testcmd[0];
 
 	if ( $testcmd =~ /is\ running/ && $testcmd !~ /is\ not\ running/){
 		$status = "$Lang::tr{'running'}";

From 875041991c838d25ba236e9bd6e253e16411a264 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Mon, 17 May 2021 23:10:32 +0200
Subject: [PATCH 26/66] proxy.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/proxy.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index b6d71db84..aaf04594c 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -32,7 +32,7 @@ require "${General::swroot}/header.pl";
 
 require "${General::swroot}/ids-functions.pl";
 
-my @squidversion = `/usr/sbin/squid -v`;
+my @squidversion = &General::system_output("/usr/sbin/squid", "-v");
 my $http_port='81';
 my $https_port='444';
 
@@ -385,7 +385,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 		$errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
 		goto ERROR;
 	}
-	my @free = `/usr/bin/free`;
+	my @free = &General::system_output("/usr/bin/free");
 	$free[1] =~ m/(\d+)/;
 	$cachemem = int $1 / 2048;
 	if ($proxysettings{'CACHE_MEM'} > $cachemem) {

From 12317449d0cdfde685f4f9d97914a66d5e4982cf Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Mon, 17 May 2021 23:15:42 +0200
Subject: [PATCH 27/66] qos.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/qos.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi
index 1825aca11..db7591473 100644
--- a/html/cgi-bin/qos.cgi
+++ b/html/cgi-bin/qos.cgi
@@ -104,7 +104,7 @@ $qossettings{'TOS'} = '';
 &General::readhash("${General::swroot}/qos/settings", \%qossettings);
 &Header::getcgihash(\%qossettings);
 
-$qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`;
+$qossettings{'RED_DEV'} = &General::get_red_interface();
 
 my %color = ();
 my %mainsettings = ();
@@ -542,8 +542,8 @@ elsif ($qossettings{'ACTION'} eq $Lang::tr{'status'} )
 	&Header::openbox('100%', 'left', 'QoS Status');
 	if ($qossettings{'ENABLED'} eq 'on'){
 		my $output = "";
-		$output = `/usr/local/bin/qosctrl status`;
-		$output = &Header::cleanhtml($output,"y");
+		my @output = &General::system_output("/usr/local/bin/qosctrl", "status");
+		$output = &Header::cleanhtml(@output[0],"y");
 		print "
$output
\n";
 	} else { print "$Lang::tr{'QoS not enabled'}"; }
 	&Header::closebox();

From 1e7c0108abd27f9c970d1719c09927d99c8ffea9 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Mon, 17 May 2021 23:17:43 +0200
Subject: [PATCH 28/66] speed.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/speed.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/speed.cgi b/html/cgi-bin/speed.cgi
index 4468abd90..8acdb2bd8 100644
--- a/html/cgi-bin/speed.cgi
+++ b/html/cgi-bin/speed.cgi
@@ -36,8 +36,8 @@ foreach $field (@fields) {
 	}
 }
 
-my $interface = `cat /var/ipfire/red/iface 2>/dev/null`;
-my @data_now = `ip -s link show $interface 2>/dev/null`;
+my $interface = &General::get_red_interface();
+my @data_now = &General::system_output("ip", "-s", "link", "show", "$interface");
 
 my $lastline;
 my $rxb_now = 0;

From 2a4b9f0eef48c3c60fc60c24b2c7f30ba8ab142e Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Tue, 18 May 2021 19:38:02 +0200
Subject: [PATCH 29/66] gpl.cgi: Grab and GPLv3 license in pure perl.

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/gpl.cgi | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/html/cgi-bin/gpl.cgi b/html/cgi-bin/gpl.cgi
index be1ea2639..140fd2178 100644
--- a/html/cgi-bin/gpl.cgi
+++ b/html/cgi-bin/gpl.cgi
@@ -60,7 +60,19 @@ END
 ;	
 if ( -e "/usr/share/doc/licenses/GPLv3" ) {
 	print '';
 }
 else {

From 2feacd989823aa1dbd5844c315a9abfd49060487 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Wed, 19 May 2021 21:23:47 +0200
Subject: [PATCH 30/66] ovpnmain.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/ovpnmain.cgi | 378 +++++++++++++++++++++++++-------------
 1 file changed, 254 insertions(+), 124 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index b98d88529..077f5ab6c 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -192,10 +192,10 @@ sub newcleanssldatabase
 	close FILE;
     }
     if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
-	system ("touch ${General::swroot}/ovpn/certs/index.txt");
+	&General::system("touch", "${General::swroot}/ovpn/certs/index.txt");
     }
     if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") {
-      system ("touch ${General::swroot}/ovpn/certs/index.txt.attr");
+	&General::system("touch", "${General::swroot}/ovpn/certs/index.txt.attr");
     }
     unlink ("${General::swroot}/ovpn/certs/index.txt.old");
     unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
@@ -220,18 +220,21 @@ sub pkiconfigcheck
 {
 	# Warning if DH parameter is 1024 bit
 	if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
-		my $dhparameter = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}`;
-		my @dhbit = ($dhparameter =~ /(\d+)/);
-		if ($1 < 2048) {
-			$cryptoerror = "$Lang::tr{'ovpn error dh'}";
-			goto CRYPTO_ERROR;
+		my @dhparameter = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
+
+		foreach my $line (@dhparameter) {
+			my @dhbit = ($line =~ /(\d+)/);
+			if ($1 < 2048) {
+				$cryptoerror = "$Lang::tr{'ovpn error dh'}";
+				goto CRYPTO_ERROR;
+			}
 		}
 	}
 
 	# Warning if md5 is in usage
 	if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
-		my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
-		if ($signature =~ /md5WithRSAEncryption/) {
+		my @signature = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+		if (grep(/md5WithRSAEncryption/, @signature) ) {
 			$cryptoerror = "$Lang::tr{'ovpn error md5'}";
 			goto CRYPTO_ERROR;
 		}
@@ -241,8 +244,8 @@ sub pkiconfigcheck
 
 	# Warning if certificate is not compliant to RFC3280 TLS rules
 	if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
-		my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
-		if ($extendkeyusage !~ /TLS Web Server Authentication/) {
+		my @extendkeyusage = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+		if ( ! grep(/TLS Web Server Authentication/, @extendkeyusage)) {
 			$cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
 			goto CRYPTO_WARNING;
 		}
@@ -734,7 +737,7 @@ sub writecollectdconf {
 	close(COLLECTDVPN);
 
 	# Reload collectd afterwards
-	system("/usr/local/bin/collectdctrl restart &>/dev/null");
+	&General::system("/usr/local/bin/collectdctrl", "restart");
 }
 
 #hier die refresh page
@@ -764,11 +767,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
     #start openvpn server
     if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
     	&emptyserverlog();
-	system('/usr/local/bin/openvpnctrl', '-s');
+	&General::system("/usr/local/bin/openvpnctrl", "-s");
     }   
     #stop openvpn server
     if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
-    	system('/usr/local/bin/openvpnctrl', '-k');
+	&General::system("/usr/local/bin/openvpnctrl", "-k");
 	&emptyserverlog();	
     }   
 #    #restart openvpn server
@@ -1075,8 +1078,8 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   # Check host certificate if X509 is RFC3280 compliant.
   # If not, old --ns-cert-type directive will be used.
   # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
-  my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
-  if ($hostcert !~ /TLS Web Server Authentication/) {
+  my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+  if ( ! grep(/TLS Web Server Authentication/, @hostcert)) {
        print CLIENTCONF "ns-cert-type server\n";
   } else {
        print CLIENTCONF "remote-cert-tls server\n";
@@ -1196,7 +1199,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	# Create ta.key for tls-auth if not presant
 	if ($cgiparams{'TLSAUTH'} eq 'on') {
 		if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
-			system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+			# This system call is safe, because all arguements are passed as an array.
+			system("/usr/sbin/openvpn", "--genkey", "--secret", "${General::swroot}/ovpn/certs/ta.key");
 			if ($?) {
 				$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
 				goto SETTINGS_ERROR;
@@ -1219,9 +1223,24 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
     $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
 #wrtie enable
 
-  if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
-  if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
-  if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
+  if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {
+	  &General::system("touch", "${General::swroot}/ovpn/enable_blue");
+  } else {
+	  unlink(${General::swroot}/ovpn/enable_blue);
+  }
+
+  if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {
+	  &General::system("touch", "${General::swroot}/ovpn/enable_orange");
+  } else {
+	  unlink("${General::swroot}/ovpn/enable_orange");
+  }
+
+  if ( $vpnsettings{'ENABLED'} eq 'on' ) {
+	  &General::system("touch", "${General::swroot}/ovpn/enable");
+  } else {
+	  unlink("${General::swroot}/ovpn/enable");
+  }
+
 #new settings for daemon    
     &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
     &writeserverconf();#hier ok
@@ -1234,7 +1253,7 @@ SETTINGS_ERROR:
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
     # Kill all N2N connections
-    system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
+    &General::system("/usr/local/bin/openvpnctrl", "-kn2n");
 
     foreach my $key (keys %confighash) {
 	my $name = $confighash{$cgiparams{'$key'}}[1];
@@ -1243,7 +1262,7 @@ SETTINGS_ERROR:
 	    delete $confighash{$cgiparams{'$key'}};
 	}
 
-	system ("/usr/local/bin/openvpnctrl -drrd $name &>/dev/null");
+	&General::system("/usr/local/bin/openvpnctrl", "-drrd", "$name");
     }
     while ($file = glob("${General::swroot}/ovpn/ca/*")) {
 	unlink $file;
@@ -1282,7 +1301,7 @@ SETTINGS_ERROR:
 	close FILE;
     }
     while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
-	system ("rm -rf $file");
+	unlink($file);
     }
 
     # Remove everything from the collectd configuration
@@ -1328,7 +1347,8 @@ END
         unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
 	}
 	# Create Diffie Hellmann Parameter
-	system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
+	# The system call is safe, because all arguments are passed as an array.
+	system("/usr/bin/openssl", "dhparam", "-out", "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
 	if ($?) {
 		$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
 		unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
@@ -1397,8 +1417,8 @@ END
         $errormessage = $!;
 	goto UPLOADCA_ERROR;
     }
-    my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
-    if ($temp !~ /DH Parameters: \((2048|3072|4096) bit\)/) {
+    my @temp = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "$filename");
+    if ( ! grep(/DH Parameters: \((2048|3072|4096) bit\)/, @temp)) {
         $errormessage = $Lang::tr{'not a valid dh key'};
         unlink ($filename);
         goto UPLOADCA_ERROR;
@@ -1454,8 +1474,8 @@ END
 	$errormessage = $!;
 	goto UPLOADCA_ERROR;
     }
-    my $temp = `/usr/bin/openssl x509 -text -in $filename`;
-    if ($temp !~ /CA:TRUE/i) {
+    my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
+    if ( ! grep(/CA:TRUE/i, @temp )) {
 	$errormessage = $Lang::tr{'not a valid ca certificate'};
 	unlink ($filename);
 	goto UPLOADCA_ERROR;
@@ -1468,11 +1488,19 @@ END
 	}
     }
 
-    my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
-    $casubject    =~ /Subject: (.*)[\n]/;
-    $casubject    = $1;
-    $casubject    =~ s+/Email+, E+;
-    $casubject    =~ s/ ST=/ S=/;
+    @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
+    my $casubject;
+
+    foreach my $line (@casubject) {
+	if ($line =~ /Subject: (.*)[\n]/) {
+		$casubject    = $1;
+		$casubject    =~ s+/Email+, E+;
+		$casubject    =~ s/ ST=/ S=/;
+
+		last;
+	}
+    }
+
     $casubject    = &Header::cleanhtml($casubject);
 
     my $key = &General::findhasharraykey (\%cahash);
@@ -1494,9 +1522,9 @@ END
 	&Header::openpage($Lang::tr{'ovpn'}, 1, '');
 	&Header::openbigbox('100%', 'LEFT', '', $errormessage);
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
-	my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
-	$output = &Header::cleanhtml($output,"y");
-	print "
$output
\n";
+	my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
+	@output = &Header::cleanhtml(@output,"y");
+	print "
@output
\n";
 	&Header::closebox();
 	print "";
 	&Header::closebigbox();
@@ -1515,7 +1543,10 @@ END
     if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
 	print "Content-Type: application/octet-stream\r\n";
 	print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
-	print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
+
+	my @tmp =  &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
+	print "@tmp";
+
 	exit(0);
     } else {
 	$errormessage = $Lang::tr{'invalid key'};
@@ -1530,8 +1561,8 @@ END
 
     if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
 	foreach my $key (keys %confighash) {
-	    my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
-	    if ($test =~ /: OK/) {
+	    my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+	    if (grep(/: OK/, @test)) {
 		# Delete connection
 #		if ($vpnsettings{'ENABLED'} eq 'on' ||
 #		    $vpnsettings{'ENABLED_BLUE'} eq 'on') {
@@ -1561,8 +1592,8 @@ END
     my $assignedcerts = 0;
     if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
 	foreach my $key (keys %confighash) {
-	    my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
-	    if ($test =~ /: OK/) {
+	    my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+	    if (grep(/: OK/, @test)) {
 		$assignedcerts++;
 	    }
 	}
@@ -1601,19 +1632,19 @@ END
 ###
 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
     $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
-    my $output;
+    my @output;
     &Header::showhttpheaders();
     &Header::openpage($Lang::tr{'ovpn'}, 1, '');
     &Header::openbigbox('100%', 'LEFT', '', '');
     if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
-	$output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
+	@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
     } else {
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
-	$output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+	@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
     }
-    $output = &Header::cleanhtml($output,"y");
-    print "
$output
\n";
+    @output = &Header::cleanhtml(@output,"y");
+    print "
@output
\n";
     &Header::closebox();
     print "";
     &Header::closebigbox();
@@ -1627,7 +1658,10 @@ END
     if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
 	print "Content-Type: application/octet-stream\r\n";
 	print "Content-Disposition: filename=cacert.pem\r\n\r\n";
-	print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
+
+	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
+	print "@tmp";
+
 	exit(0);
     }
     
@@ -1638,7 +1672,10 @@ END
     if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
 	print "Content-Type: application/octet-stream\r\n";
 	print "Content-Disposition: filename=servercert.pem\r\n\r\n";
-	print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
+
+	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+	print "@tmp";
+
 	exit(0);
     }
 
@@ -1649,7 +1686,13 @@ END
     if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
 	print "Content-Type: application/octet-stream\r\n";
 	print "Content-Disposition: filename=ta.key\r\n\r\n";
-	print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
+
+	open(FILE, "${General::swroot}/ovpn/certs/ta.key");
+	my @tmp = ;
+	close(FILE);
+
+	print "@tmp";
+
 	exit(0);
     }
 
@@ -1926,6 +1969,7 @@ END
 	}
 	
 	# Sign the host certificate request
+	# This system call is safe, because all argeuments are passed as an array.
 	system('/usr/bin/openssl', 'ca', '-days', '999999',
 		'-batch', '-notext',
 		'-in',  "${General::swroot}/ovpn/certs/serverreq.pem",
@@ -1947,6 +1991,7 @@ END
 	}
 
 	# Create an empty CRL
+	# System call is safe, because all arguments are passed as array.
 	system('/usr/bin/openssl', 'ca', '-gencrl',
 		'-out', "${General::swroot}/ovpn/crls/cacrl.pem",
 		'-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
@@ -1962,6 +2007,7 @@ END
 #	    &cleanssldatabase();
 	}
 	# Create ta.key for tls-auth
+	# This system call is safe, because all arguments are passed as an array.
 	system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
 	if ($?) {
 	    $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
@@ -1969,6 +2015,7 @@ END
 	    goto ROOTCERT_ERROR;
 	}
 	# Create Diffie Hellmann Parameter
+	# The system call is safe, because all arguments are passed as an array.
 	system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
 	if ($?) {
 	    $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
@@ -2083,7 +2130,7 @@ END
     }
 
     ROOTCERT_SUCCESS:
-    system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
+    &General::system("chmod", "600", "${General::swroot}/ovpn/certs/serverkey.pem");
 #    if ($vpnsettings{'ENABLED'} eq 'on' ||
 #	$vpnsettings{'ENABLE_BLUE'} eq 'on') {
 #	system('/usr/local/bin/ipsecctrl', 'S');
@@ -2101,8 +2148,12 @@ END
     
     &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-#    my $n2nactive = '';
-    my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
+    my $n2nactive = '';
+    my @ps = &General::system_output("/bin/ps", "ax");
+
+    if(grep(/$confighash{$cgiparams{'KEY'}}[1]/, @ps)) {
+	$n2nactive = "1";
+    }
     
     if ($confighash{$cgiparams{'KEY'}}) {
 		if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
@@ -2110,7 +2161,7 @@ END
 			&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
 			if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
-				system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+				&General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
 				&writecollectdconf();
 			}
 		} else {
@@ -2120,7 +2171,7 @@ END
 
 			if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
 				if ($n2nactive ne '') {
-					system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+					&General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
 					&writecollectdconf();
 				}
  
@@ -2204,8 +2255,8 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
    # Check host certificate if X509 is RFC3280 compliant.
    # If not, old --ns-cert-type directive will be used.
    # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
-   my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
-   if ($hostcert !~ /TLS Web Server Authentication/) {
+   my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+   if (! grep(/TLS Web Server Authentication/, @hostcert)) {
                print CLIENTCONF "ns-cert-type server\n";
    } else {
                print CLIENTCONF "remote-cert-tls server\n";
@@ -2315,6 +2366,7 @@ else
 		$zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem")  or die "Can't add file cacert.pem\n";
 
 		# Extract the certificate
+		# This system call is safe, because all arguments are passed as an array.
 		system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
 			'-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
 		if ($?) {
@@ -2325,6 +2377,7 @@ else
 		print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
 
 		# Extract the key
+		# This system call is safe, because all arguments are passed as an array.
 		system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
 			'-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
 		if ($?) {
@@ -2361,8 +2414,8 @@ else
 	# Check host certificate if X509 is RFC3280 compliant.
 	# If not, old --ns-cert-type directive will be used.
 	# If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
-	my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
-	if ($hostcert !~ /TLS Web Server Authentication/) {
+	my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+	if (! grep(/TLS Web Server Authentication/, @hostcert)) {
 		print CLIENTCONF "ns-cert-type server\r\n";
 	} else {
 		print CLIENTCONF "remote-cert-tls server\r\n";
@@ -2464,8 +2517,8 @@ else
 
 	if ($confighash{$cgiparams{'KEY'}}) {
 		# Revoke certificate if certificate was deleted and rewrite the CRL
-		my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
-		my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+		&General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf)";
+		&General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
 
 ###
 # m.a.d net2net
@@ -2473,7 +2526,7 @@ else
 
 		if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
 			# Stop the N2N connection before it is removed
-			system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+			&General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
 
 			my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
 			my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
@@ -2515,10 +2568,10 @@ else
 # CCD end
 		# Update collectd configuration and delete all RRD files of the removed connection
 		&writecollectdconf();
-		system ('/usr/local/bin/openvpnctrl', '-drrd', $confighash{$cgiparams{'KEY'}}[1]);
+		&General::system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]");
 
 		delete $confighash{$cgiparams{'KEY'}};
-		my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+		&General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
 		&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
 	} else {
@@ -2534,7 +2587,12 @@ else
 
     print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
     print "Content-Type: application/octet-stream\r\n\r\n";
-    print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
+
+    open(FILE, "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+    my @tmp = ;
+    close(FILE);
+
+    print "@tmp";
     exit (0);
 
 ###
@@ -2548,9 +2606,9 @@ else
 	&Header::openpage($Lang::tr{'ovpn'}, 1, '');
 	&Header::openbigbox('100%', 'LEFT', '', '');
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
-	my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
-	$output = &Header::cleanhtml($output,"y");
-	print "
$output
\n";
+	my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+	@output = &Header::cleanhtml(@output,"y");
+	print "
@output
\n";
 	&Header::closebox();
 	print "";
 	&Header::closebigbox();
@@ -2570,9 +2628,9 @@ else
 		&Header::openpage($Lang::tr{'ovpn'}, 1, '');
 		&Header::openbigbox('100%', 'LEFT', '', '');
 		&Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
-		my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
-		$output = &Header::cleanhtml($output,"y");
-		print "
$output
\n";
+		my @output = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
+		@output = &Header::cleanhtml(@output,"y");
+		print "
@output
\n";
 		&Header::closebox();
 		print "";
 		&Header::closebigbox();
@@ -2592,9 +2650,13 @@ else
 		&Header::openpage($Lang::tr{'ovpn'}, 1, '');
 		&Header::openbigbox('100%', 'LEFT', '', '');
 		&Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:");
-		my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
-		$output = &Header::cleanhtml($output,"y");
-		print "
$output
\n";
+
+		open(FILE, "${General::swroot}/ovpn/certs/ta.key");
+		my @output = ;
+		close(FILE);
+
+		@output = &Header::cleanhtml(@output,"y");
+		print "
@output
\n";
 		&Header::closebox();
 		print "";
 		&Header::closebigbox();
@@ -2615,9 +2677,9 @@ else
 	&Header::openpage($Lang::tr{'ovpn'}, 1, '');
 	&Header::openbigbox('100%', 'LEFT', '', '');
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
-	my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
-	$output = &Header::cleanhtml($output,"y");
-	print "
$output
\n";
+	my @output = &General::system_output("/usr/bin/openssl", "crl", "-text", "-noout", "-in", "${General::swroot}/ovpn/crls/cacrl.pem");
+	@output = &Header::cleanhtml(@output,"y");
+	print "
@output
\n";
 	&Header::closebox();
 	print "";
 	&Header::closebigbox();
@@ -3105,7 +3167,12 @@ END
     if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
 	print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
 	print "Content-Type: application/octet-stream\r\n\r\n";
-	print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
+
+	open(FILE, "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+	my @tmp = ;
+	close(FILE);
+
+	print "@tmp";
 	exit (0);
     }
 
@@ -4031,6 +4098,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 
 	    # Sign the certificate request and move it
 	    # Sign the host certificate request
+	    # The system call is safe, because all arguments are passed as an array.
 	    system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
 		'-batch', '-notext',
 		'-in', $filename,
@@ -4047,11 +4115,19 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		&deletebackupcert();
 	    }
 
-	    my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
-	    $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
-	    $temp = $1;
-	    $temp =~ s+/Email+, E+;
-	    $temp =~ s/ ST=/ S=/;
+	    my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
+	    my $temp;
+
+	    foreach my $line (@temp) {
+		if ($line =~ /Subject:.*CN\s?=\s?(.*)[\n]/) {
+			$temp = $1;
+			$temp =~ s+/Email+, E+;
+			$temp =~ s/ ST=/ S=/;
+
+			last;
+		}
+	    }
+		
 	    $cgiparams{'CERT_NAME'} = $temp;
 	    $cgiparams{'CERT_NAME'} =~ s/,//g;
 	    $cgiparams{'CERT_NAME'} =~ s/\'//g;
@@ -4077,13 +4153,13 @@ if ($cgiparams{'TYPE'} eq 'net') {
 
 	    # Verify the certificate has a valid CA and move it
 	    my $validca = 0;
-	    my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
-	    if ($test =~ /: OK/) {
+	    my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/cacert.pem", "$filename");
+	    if (grep(/: OK/, @test)) {
 		$validca = 1;
 	    } else {
 		foreach my $key (keys %cahash) {
-		    $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
-		    if ($test =~ /: OK/) {
+		    @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem", "$filename");
+		    if (grep(/: OK/, @test)) {
 			$validca = 1;
 		    }
 		}
@@ -4101,11 +4177,19 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		}
 	    }
 
-	    my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
-	    $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
-	    $temp = $1;
-	    $temp =~ s+/Email+, E+;
-	    $temp =~ s/ ST=/ S=/;
+	    my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
+	    my $temp;
+
+	    foreach my $line (@temp) {
+		if ($line =~ /Subject:.*CN\s?=\s?(.*)[\n]/) {
+			$temp = $1;
+			$temp =~ s+/Email+, E+;
+			$temp =~ s/ ST=/ S=/;
+
+			last;
+		}
+	    }
+
 	    $cgiparams{'CERT_NAME'} = $temp;
 	    $cgiparams{'CERT_NAME'} =~ s/,//g;
 	    $cgiparams{'CERT_NAME'} =~ s/\'//g;
@@ -4232,6 +4316,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    }
 	
 	    # Sign the host certificate request
+	    # The system call is safe, because all arguments are passed as an array.
 	    system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
 		'-batch', '-notext',
 		'-in',  "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
@@ -4250,6 +4335,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    }
 
 	    # Create the pkcs12 file
+	    # The system call is safe, because all arguments are passed as an array.
 	    system('/usr/bin/openssl', 'pkcs12', '-export', 
 		'-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
 		'-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
@@ -4415,21 +4501,24 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	
 	if ($cgiparams{'TYPE'} eq 'net') {
 	
-	if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
-  system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+		if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
+			&General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
 	
-  &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-	my $key = $cgiparams{'KEY'};
-	if (! $key) {
-	    $key = &General::findhasharraykey (\%confighash);
-	    foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
-	    }
-  $confighash{$key}[0] = 'on';
-  &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+			&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+			my $key = $cgiparams{'KEY'};
+			if (! $key) {
+			    $key = &General::findhasharraykey (\%confighash);
+			    foreach my $i (0 .. 31) {
+				    $confighash{$key}[$i] = "";
+			    }
+			}
+
+			$confighash{$key}[0] = 'on';
+			&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
   
-  system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
-	 }          
-  }
+			&General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
+		}
+	}
 
 ###
 # m.a.d n2n end
@@ -5046,7 +5135,9 @@ END
     &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
-    my @status = `/bin/cat /var/run/ovpnserver.log`;
+    open(FILE, "/var/run/ovpnserver.log");
+    my @status = ;
+    close(FILE);
 
     if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
 		if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
@@ -5358,9 +5449,17 @@ END
 	#} else {
 	    #print " ";
 	#}
-	my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
-	$cavalid    =~ /Not After : (.*)[\n]/;
-	$cavalid    = $1;
+	my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+	my $cavalid;
+
+	foreach my $line (@cavalid) {
+		if ($line =~ /Not After : (.*)[\n]/) {
+			$cavalid    = $1;
+
+			last;
+		}
+	}
+
 	print "$confighash{$key}[25]";
 	$col1="bgcolor='${Header::colourred}'";
 	my $active = "$Lang::tr{'capsclosed'}";
@@ -5571,11 +5670,19 @@ END
     my $col4="bgcolor='$color{'color20'}'";
 
     if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
-		my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
-		$casubject    =~ /Subject: (.*)[\n]/;
-		$casubject    = $1;
-		$casubject    =~ s+/Email+, E+;
-		$casubject    =~ s/ ST=/ S=/;
+		my @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
+		my $casubject;
+
+		foreach my $line (@casubject) {
+			if ($line =~ /Subject: (.*)[\n]/) {
+				$casubject    = $1;
+				$casubject    =~ s+/Email+, E+;
+				$casubject    =~ s/ ST=/ S=/;
+
+				last;
+			}
+		}
+
 		print <
 			$Lang::tr{'root certificate'}
@@ -5605,11 +5712,18 @@ END
     }
 
     if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
-		my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
-		$hostsubject    =~ /Subject: (.*)[\n]/;
-		$hostsubject    = $1;
-		$hostsubject    =~ s+/Email+, E+;
-		$hostsubject    =~ s/ ST=/ S=/;
+		my @hostsubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+		my $hostsubject;
+
+		foreach my $line (@hostsubject) {
+			if ($line =~ /Subject: (.*)[\n]/) {
+				$hostsubject    = $1;
+				$hostsubject    =~ s+/Email+, E+;
+				$hostsubject    =~ s/ ST=/ S=/;
+
+				last;
+			}
+		}
 
 		print <
@@ -5641,10 +5755,16 @@ END
 
     # Adding DH parameter to chart
     if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
-		my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
-		$dhsubject    =~ /    (.*)[\n]/;
-		$dhsubject    = $1;
+		my @dhsubject = &System_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
+		my $dhsubject;
 
+		foreach my $line (@dhsubject) {
+			if ($line =~ /    (.*)[\n]/) {
+				$dhsubject = $1;
+
+				last;
+			}
+		}
 
 	print <
@@ -5674,9 +5794,19 @@ END
 
     # Adding ta.key to chart
     if (-f "${General::swroot}/ovpn/certs/ta.key") {
-		my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
-		$tasubject    =~ /# (.*)[\n]/;
-		$tasubject    = $1;
+		open(FILE, "${General::swroot}/ovpn/certs/ta.key");
+		my @tasubject = ;
+		close(FILE);
+
+		my $tasubject;
+		foreach my $line (@tasubject) {
+			if($line =~ /# (.*)[\n]/) {
+				$tasubject    = $1;
+
+				last;
+			}
+		}
+
 		print <

From 88095fce905a14b9ac1b75290c5fb9d576711128 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 14:32:44 +0100
Subject: [PATCH 31/66] modem.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/modem.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/modem.cgi b/html/cgi-bin/modem.cgi
index a13f8b265..bf5080d01 100644
--- a/html/cgi-bin/modem.cgi
+++ b/html/cgi-bin/modem.cgi
@@ -57,7 +57,7 @@ ERROR:
 
 if ($modemsettings{'ACTION'} eq $Lang::tr{'restore defaults'})
 {
-	system('/bin/cp', "${General::swroot}/modem/defaults", "${General::swroot}/modem/settings", '-f');
+	&General::system("cp", "-f", "${General::swroot}/modem/defaults", "${General::swroot}/modem/settings");
 }
 
 &General::readhash("${General::swroot}/modem/settings", \%modemsettings);

From 88985bcc6ee6bf7fb9ac734b39411e6e013feb44 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 14:33:57 +0100
Subject: [PATCH 32/66] mpfire.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/mpfire.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/mpfire.cgi b/html/cgi-bin/mpfire.cgi
index c8cfc4b11..ea83d1db1 100644
--- a/html/cgi-bin/mpfire.cgi
+++ b/html/cgi-bin/mpfire.cgi
@@ -231,7 +231,7 @@ if ( $mpfiresettings{'ACTION'} eq "scan" ){
 	$mpd->updatedb();
 	refreshpage();
 }elsif ( $mpfiresettings{'ACTION'} eq "playweb" ){
-	$message=system("/usr/local/bin/mpfirectrl","playweb","\"$mpfiresettings{'FILE'}\"","2>/dev/null");
+	$message= &General::system_output("/usr/local/bin/mpfirectrl","playweb","\"$mpfiresettings{'FILE'}\"");
 }elsif ( $mpfiresettings{'ACTION'} eq "playlist" ){
 	$mpd->play();
 }elsif ( $mpfiresettings{'ACTION'} eq "emptyplaylist" ){

From 3be1e3c6f78a166029464de23078e367cc34dfa1 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 14:35:09 +0100
Subject: [PATCH 33/66] optionsfw.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/optionsfw.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi
index 321642e82..1ecf4f180 100644
--- a/html/cgi-bin/optionsfw.cgi
+++ b/html/cgi-bin/optionsfw.cgi
@@ -49,7 +49,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 	if ($settings{'defpol'} ne '1'){
 		$errormessage .= $Lang::tr{'new optionsfw later'};
 		&General::writehash($filename, \%settings);             # Save good settings
-		system("/usr/local/bin/firewallctrl");
+		&General::system("/usr/local/bin/firewallctrl");
 	}else{
 		if ($settings{'POLICY'} ne ''){
 			$fwdfwsettings{'POLICY'} = $settings{'POLICY'};
@@ -64,7 +64,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 		$fwdfwsettings{'POLICY1'} = "$MODE1";
 		&General::writehash("${General::swroot}/firewall/settings", \%fwdfwsettings);
 		&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
-		system("/usr/local/bin/firewallctrl");
+		&General::system("/usr/local/bin/firewallctrl");
 	}
 	&General::readhash($filename, \%settings);             # Load good settings
 }

From d10e04ec9948ad5d43a392a79a9312153690d2b4 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 14:35:56 +0100
Subject: [PATCH 34/66] pppsetup.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/pppsetup.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/pppsetup.cgi b/html/cgi-bin/pppsetup.cgi
index 7597bfbc7..c9c3d668a 100644
--- a/html/cgi-bin/pppsetup.cgi
+++ b/html/cgi-bin/pppsetup.cgi
@@ -962,7 +962,7 @@ sub updatesettings
         unlink("${General::swroot}/ppp/settings");
         link("${General::swroot}/ppp/settings-$pppsettings{'PROFILE'}",
                 "${General::swroot}/ppp/settings");
-        system ("/usr/bin/touch", "${General::swroot}/ppp/updatesettings");
+        &General::system("/usr/bin/touch", "${General::swroot}/ppp/updatesettings");
 }
 
 sub writesecrets

From 661918881ff33de140d643d056296bf2d858c345 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 14:41:24 +0100
Subject: [PATCH 35/66] proxy.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/proxy.cgi | 72 +++++++++++++++++++++---------------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index aaf04594c..83411e4ac 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -131,35 +131,35 @@ unless (-d "$raddir")   { mkdir("$raddir"); }
 unless (-d "$identdir") { mkdir("$identdir"); }
 unless (-d "$credir")   { mkdir("$credir"); }
 
-unless (-e $cre_groups)  { system("touch $cre_groups"); }
-unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
+unless (-e $cre_groups)  { &General::system("touch", "$cre_groups"); }
+unless (-e $cre_svhosts) { &General::system("touch $cre_svhosts"); }
 
-unless (-e $userdb) { system("touch $userdb"); }
-unless (-e $stdgrp) { system("touch $stdgrp"); }
-unless (-e $extgrp) { system("touch $extgrp"); }
-unless (-e $disgrp) { system("touch $disgrp"); }
+unless (-e $userdb) { &General::system("touch", "$userdb"); }
+unless (-e $stdgrp) { &General::system("touch", "$stdgrp"); }
+unless (-e $extgrp) { &General::system("touch", "$extgrp"); }
+unless (-e $disgrp) { &General::system("touch", "$disgrp"); }
 
-unless (-e $acl_src_subnets)    { system("touch $acl_src_subnets"); }
-unless (-e $acl_src_banned_ip)  { system("touch $acl_src_banned_ip"); }
-unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
-unless (-e $acl_src_unrestricted_ip)  { system("touch $acl_src_unrestricted_ip"); }
-unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
-unless (-e $acl_src_noaccess_ip)  { system("touch $acl_src_noaccess_ip"); }
-unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
-unless (-e $acl_dst_noauth)     { system("touch $acl_dst_noauth"); }
-unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
-unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
-unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
-unless (-e $acl_dst_nocache)     { system("touch $acl_dst_nocache"); }
-unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
-unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
-unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
-unless (-e $acl_dst_throttle)  { system("touch $acl_dst_throttle"); }
-unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
-unless (-e $acl_ports_ssl)  { system("touch $acl_ports_ssl"); }
-unless (-e $acl_include) { system("touch $acl_include"); }
+unless (-e $acl_src_subnets)    { &General::system("touch", "$acl_src_subnets"); }
+unless (-e $acl_src_banned_ip)  { &General::system("touch", "$acl_src_banned_ip"); }
+unless (-e $acl_src_banned_mac) { &General::system("touch", "$acl_src_banned_mac"); }
+unless (-e $acl_src_unrestricted_ip)  { &General::system("touch", "$acl_src_unrestricted_ip"); }
+unless (-e $acl_src_unrestricted_mac) { &General::system("touch", "$acl_src_unrestricted_mac"); }
+unless (-e $acl_src_noaccess_ip)  { &General::system("touch", "$acl_src_noaccess_ip"); }
+unless (-e $acl_src_noaccess_mac) { &General::system("touch", "$acl_src_noaccess_mac"); }
+unless (-e $acl_dst_noauth)     { &General::system("touch", "$acl_dst_noauth"); }
+unless (-e $acl_dst_noauth_dom) { &General::system("touch", "$acl_dst_noauth_dom"); }
+unless (-e $acl_dst_noauth_net) { &General::system("touch", "$acl_dst_noauth_net"); }
+unless (-e $acl_dst_noauth_url) { &General::system("touch", "$acl_dst_noauth_url"); }
+unless (-e $acl_dst_nocache)     { &General::system("touch", "$acl_dst_nocache"); }
+unless (-e $acl_dst_nocache_dom) { &General::system("touch", "$acl_dst_nocache_dom"); }
+unless (-e $acl_dst_nocache_net) { &General::system("touch", "$acl_dst_nocache_net"); }
+unless (-e $acl_dst_nocache_url) { &General::system("touch", "$acl_dst_nocache_url"); }
+unless (-e $acl_dst_throttle)  { &General::system("touch", "$acl_dst_throttle"); }
+unless (-e $acl_ports_safe) { &General::system("touch", "$acl_ports_safe"); }
+unless (-e $acl_ports_ssl)  { &General::system("touch", "$acl_ports_ssl"); }
+unless (-e $acl_include) { &General::system("touch", "$acl_include"); }
 
-unless (-e $mimetypes) { system("touch $mimetypes"); }
+unless (-e $mimetypes) { &General::system("touch", "$mimetypes"); }
 
 my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
 
@@ -632,25 +632,25 @@ ERROR:
 
 		if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
 
-		system ('/usr/local/bin/squidctrl', 'disable');
+		&General::system ('/usr/local/bin/squidctrl', 'disable');
 		unlink "${General::swroot}/proxy/enable";
 		unlink "${General::swroot}/proxy/transparent";
 		unlink "${General::swroot}/proxy/enable_blue";
 		unlink "${General::swroot}/proxy/transparent_blue";
 
 		if ($proxysettings{'ENABLE'} eq 'on') {
-			system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
-			system ('/usr/local/bin/squidctrl', 'enable'); }
+			&General::system('/usr/bin/touch', "${General::swroot}/proxy/enable");
+			&General::system('/usr/local/bin/squidctrl', 'enable'); }
 		if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
-			system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
+			&General::system('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
 		if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
-			system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
-			system ('/usr/local/bin/squidctrl', 'enable'); }
+			&General::system('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
+			&General::system('/usr/local/bin/squidctrl', 'enable'); }
 		if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
-			system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
+			&General::system('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
 
-		if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
-		if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
+		if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
+		if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { &General::system('/usr/local/bin/squidctrl', 'reconfigure'); }
 
 		# Check if the suricata_proxy_ports_changed flag has been set.
 		if ($suricata_proxy_ports_changed) {
@@ -665,7 +665,7 @@ ERROR:
 
 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
 {
-	system('/usr/local/bin/squidctrl flush >/dev/null 2>&1');
+	&General::system('/usr/local/bin/squidctrl', 'flush');
 }
 
 if (!$errormessage)

From 5b8ecec9e8ff95251397ec057881859e3a36eef8 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 14:45:27 +0100
Subject: [PATCH 36/66] qos.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/qos.cgi | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi
index db7591473..fa566b523 100644
--- a/html/cgi-bin/qos.cgi
+++ b/html/cgi-bin/qos.cgi
@@ -232,7 +232,7 @@ END
 	open( FILE, "< $level7file" ) or die "Unable to read $level7file";
 	@l7rules = ;
 	close FILE;
-  system("rm $level7file");
+	&General::system("rm", "$level7file");
   	foreach $l7ruleentry (sort @l7rules)
   	{
   		@l7ruleline = split( /\;/, $l7ruleentry );
@@ -244,13 +244,13 @@ END
 	        close FILE;
         }
 	  }
-	open( FILE, "< $level7file" ) or system("touch $level7file");close FILE;
+	open( FILE, "< $level7file" ) or &General::system("touch", "$level7file");close FILE;
 	} elsif ($qossettings{'DOLEVEL7'} eq $Lang::tr{'edit'})
 {
 	open( FILE, "< $level7file" ) or die "Unable to read $level7file";
 	@l7rules = ;
 	close FILE;
-	system("rm $level7file");
+	&General::system("rm", "$level7file");
   	foreach $l7ruleentry (sort @l7rules)
   	{
   		@l7ruleline = split( /\;/, $l7ruleentry );
@@ -263,7 +263,7 @@ END
       }
     }
   &level7rule;
-  open( FILE, "< $level7file" ) or system("touch $level7file");close FILE;
+  open( FILE, "< $level7file" ) or &General::system("touch", "$level7file");close FILE;
  }
 
 ############################################################################################################################
@@ -323,7 +323,7 @@ END
 	open( FILE, "< $portfile" ) or die "Unable to read $portfile";
 	@portrules = ;
 	close FILE;
-	system("rm $portfile");
+	&General::system("rm", "$portfile");
   	foreach $portruleentry (sort @portrules)
   	{
   		@portruleline = split( /\;/, $portruleentry );
@@ -336,7 +336,7 @@ END
       }
     }
    &portrule;
-  open( FILE, "< $portfile" ) or system("touch $portfile");close FILE;
+  open( FILE, "< $portfile" ) or &General::system("touch", "$portfile");close FILE;
  }
 
 ############################################################################################################################
@@ -408,25 +408,25 @@ if ($qossettings{'ACTION'} eq $Lang::tr{'start'})
 {
 	$qossettings{'ENABLED'} = 'on';
 	&General::writehash("${General::swroot}/qos/settings", \%qossettings);
-	system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
-	system("/usr/local/bin/qosctrl start >/dev/null 2>&1");
-	system("logger -t ipfire 'QoS started'");
+	&General::system("/usr/local/bin/qosctrl", "generate");
+	&General::system("/usr/local/bin/qosctrl", "start");
+	&General::system("logger", "-t", "ipfire", "QoS started");
 }
 elsif ($qossettings{'ACTION'} eq $Lang::tr{'stop'})
 {
 	$qossettings{'ENABLED'} = 'off';
 	&General::writehash("${General::swroot}/qos/settings", \%qossettings);
-	system("/usr/local/bin/qosctrl stop >/dev/null 2>&1");
-	system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
-	system("logger -t ipfire 'QoS stopped'");
+	&General::system("/usr/local/bin/qosctrl", "stop");
+	&General::system("/usr/local/bin/qosctrl", "generate");
+	&General::system("logger", "-t", "ipfire", "QoS stopped");
 }
 elsif ($qossettings{'ACTION'} eq $Lang::tr{'restart'})
 {
 	if ($qossettings{'ENABLED'} eq 'on'){
-		system("/usr/local/bin/qosctrl stop >/dev/null 2>&1");
-		system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
-		system("/usr/local/bin/qosctrl start >/dev/null 2>&1");
-		system("logger -t ipfire 'QoS restarted'");
+		&General::system("/usr/local/bin/qosctrl", "stop");
+		&General::system("/usr/local/bin/qosctrl", "generate");
+		&General::system("/usr/local/bin/qosctrl", "start");
+		&General::system("logger", "-t", "ipfire", "QoS restarted");
 	}
 }
 elsif ($qossettings{'ACTION'} eq $Lang::tr{'save'})
@@ -530,9 +530,9 @@ END
 		$qossettings{'ACK'} ="101";
 		$qossettings{'ENABLED'} = 'on';
 		&General::writehash("${General::swroot}/qos/settings", \%qossettings);
-		system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
-		system("/usr/local/bin/qosctrl start >/dev/null 2>&1");
-		system("logger -t ipfire 'QoS started'");
+		&General::system("/usr/local/bin/qosctrl", "generate");
+		&General::system("/usr/local/bin/qosctrl", "start");
+		&General::system("logger", "-t", "ipfire", "QoS started");
 	} else {
 		$message = $Lang::tr{'qos enter bandwidths'};
 	}

From d57cecaafc4a7e86411c0e28768b2ef67919bb19 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 14:46:04 +0100
Subject: [PATCH 37/66] remote.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/remote.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/remote.cgi b/html/cgi-bin/remote.cgi
index 576e7628d..9dc6d5aa5 100644
--- a/html/cgi-bin/remote.cgi
+++ b/html/cgi-bin/remote.cgi
@@ -65,7 +65,7 @@ if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTI
 		{
 			$errormessage = $Lang::tr{'ssh no auth'};
 		}
-		system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+		&General::system('/usr/bin/touch', "${General::swroot}/remote/enablessh");
 	}
 	else
 	{
@@ -85,8 +85,8 @@ if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTI
 if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
 	if ($remotesettings{'ENABLE_SSH'} eq 'off')
 	{
-			system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
-			system('/usr/local/bin/sshctrl');
+			&General::system('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+			&General::system('/usr/local/bin/sshctrl');
 	}
   if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
   elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}

From ed863076029882a786f0c9608eb21e921146a22c Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 14:46:29 +0100
Subject: [PATCH 38/66] routing.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/routing.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/routing.cgi b/html/cgi-bin/routing.cgi
index d2d3bdd26..e69dc425a 100644
--- a/html/cgi-bin/routing.cgi
+++ b/html/cgi-bin/routing.cgi
@@ -474,5 +474,5 @@ sub SortDataFile
 # Build the configuration file
 #
 sub BuildConfiguration {
-    system '/usr/local/bin/rebuildroutes';
+    &General::system('/usr/local/bin/rebuildroutes');
 }

From 0fd1f8bba66a25f215b49521c7125d51d846ba5d Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 14:54:52 +0100
Subject: [PATCH 39/66] samba.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/samba.cgi | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/html/cgi-bin/samba.cgi b/html/cgi-bin/samba.cgi
index 72e8ac63e..9289b4519 100644
--- a/html/cgi-bin/samba.cgi
+++ b/html/cgi-bin/samba.cgi
@@ -85,14 +85,14 @@ delete $sambasettings{'__CGI__'};delete $sambasettings{'x'};delete $sambasetting
 ############################################################################################################################
 ############################################# Samba Rootskript aufrufe fr SU-Actions #######################################
 
-if ($sambasettings{'ACTION'} eq 'smbuserdisable'){system("/usr/local/bin/sambactrl smbuserdisable $sambasettings{'NAME'}");}
-if ($sambasettings{'ACTION'} eq 'smbuserenable'){system("/usr/local/bin/sambactrl smbuserenable $sambasettings{'NAME'}");}
-if ($sambasettings{'ACTION'} eq 'smbuseradd'){system("/usr/local/bin/sambactrl smbuseradd $sambasettings{'USERNAME'} $sambasettings{'PASSWORD'}");}
-if ($sambasettings{'ACTION'} eq 'smbchangepw'){system("/usr/local/bin/sambactrl smbchangepw $sambasettings{'USERNAME'} $sambasettings{'PASSWORD'}");}
-if ($sambasettings{'ACTION'} eq 'smbrestart'){system("/usr/local/bin/sambactrl smbrestart");}
-if ($sambasettings{'ACTION'} eq 'smbstart'){system("/usr/local/bin/sambactrl smbstart");}
-if ($sambasettings{'ACTION'} eq 'smbstop'){system("/usr/local/bin/sambactrl smbstop");}
-if ($sambasettings{'ACTION'} eq 'smbreload'){system("/usr/local/bin/sambactrl smbreload");}
+if ($sambasettings{'ACTION'} eq 'smbuserdisable'){&General::system("/usr/local/bin/sambactrl", "smbuserdisable", "$sambasettings{'NAME'}");}
+if ($sambasettings{'ACTION'} eq 'smbuserenable'){&General::system("/usr/local/bin/sambactrl", "smbuserenable", "$sambasettings{'NAME'}");}
+if ($sambasettings{'ACTION'} eq 'smbuseradd'){&General::system("/usr/local/bin/sambactrl", "smbuseradd", "$sambasettings{'USERNAME'}", "$sambasettings{'PASSWORD'}");}
+if ($sambasettings{'ACTION'} eq 'smbchangepw'){&General::system("/usr/local/bin/sambactrl", "smbchangepw", "$sambasettings{'USERNAME'}", "$sambasettings{'PASSWORD'}");}
+if ($sambasettings{'ACTION'} eq 'smbrestart'){&General::system("/usr/local/bin/sambactrl", "smbrestart");}
+if ($sambasettings{'ACTION'} eq 'smbstart'){&General::system("/usr/local/bin/sambactrl", "smbstart");}
+if ($sambasettings{'ACTION'} eq 'smbstop'){&General::system("/usr/local/bin/sambactrl", "smbstop");}
+if ($sambasettings{'ACTION'} eq 'smbreload'){&General::system("/usr/local/bin/sambactrl", "smbreload");}
 if ($sambasettings{'ACTION'} eq 'join') {
 	$message .= &joindomain($sambasettings{'USERNAME'}, $sambasettings{'PASSWORD'});
 }
@@ -124,7 +124,7 @@ if ($sambasettings{'ACTION'} eq 'smbsharechange') {
 ############################################################################################################################
 ########################################### Samba Benutzer oder PC l�chen #################################################
 
-if ($sambasettings{'ACTION'} eq 'userdelete'){system("/usr/local/bin/sambactrl smbuserdelete $sambasettings{'NAME'}");}
+if ($sambasettings{'ACTION'} eq 'userdelete'){&General::system("/usr/local/bin/sambactrl", "smbuserdelete", "$sambasettings{'NAME'}");}
 
 ############################################################################################################################
 ##################################### Umsetzen der Werte von Checkboxen und Dropdowns ######################################
@@ -138,7 +138,7 @@ if ($sambasettings{'ACTION'} eq $Lang::tr{'save'}) {
 	# Write configuration to file
 	&writeconfiguration();
 
-	system("/usr/local/bin/sambactrl smbreload");
+	&General::system("/usr/local/bin/sambactrl", "smbreload");
 }
 
 &General::readhash("${General::swroot}/samba/settings", \%sambasettings);
@@ -334,11 +334,11 @@ if ($sambasettings{'ROLE'} eq 'standalone') {
 			
 END
 
-	system('/usr/local/bin/sambactrl readsmbpasswd');
+	&General::system("/usr/local/bin/sambactrl", "readsmbpasswd");
 	open(FILE, "<${General::swroot}/samba/private/smbpasswd") or die "Can't read user file: $!";
 	my @users = ;
 	close(FILE);
-	system('/usr/local/bin/sambactrl locksmbpasswd');
+	&General::system("/usr/local/bin/sambactrl", "locksmbpasswd");
 
 	my $lines = 0;
 	foreach $userentry (sort @users) {
@@ -734,8 +734,8 @@ if ( $smb eq 'shares')
 
 close FILE;
 
-system("/usr/local/bin/sambactrl smbsafeconf");
-system("/usr/local/bin/sambactrl smbreload");
+&General::system("/usr/local/bin/sambactrl", "smbsafeconf");
+&General::system("/usr/local/bin/sambactrl", "smbreload");
 }
 
 sub isrunning
@@ -844,7 +844,7 @@ printable = yes
 END
 close FILE;
 
-	system("/usr/local/bin/sambactrl smbsafeconf");
+	&General::system("/usr/local/bin/sambactrl", "smbsafeconf");
 }
 
 sub joindomain {

From 150fadab40f740e834a28c768ceb333167e8d76e Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 14:55:52 +0100
Subject: [PATCH 40/66] services.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/services.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi
index ee4ac185a..e25201c1c 100644
--- a/html/cgi-bin/services.cgi
+++ b/html/cgi-bin/services.cgi
@@ -141,7 +141,7 @@ END
 	my $paramstr=$ENV{QUERY_STRING};
 	my @param=split(/!/, $paramstr);
 	if ($param[1] ne ''){
-		system("/usr/local/bin/addonctrl @param[0] @param[1] > /dev/null 2>&1");
+		&General::system("/usr/local/bin/addonctrl", "$param[0]", "$param[1]");
 	}
 
 	print <
Date: Thu, 10 Jun 2021 14:56:40 +0100
Subject: [PATCH 41/66] shutdown.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/shutdown.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/shutdown.cgi b/html/cgi-bin/shutdown.cgi
index 998f9f8f4..e0a2c9da0 100644
--- a/html/cgi-bin/shutdown.cgi
+++ b/html/cgi-bin/shutdown.cgi
@@ -29,11 +29,11 @@ $cgiparams{'ACTION'} = '';
 if ($cgiparams{'ACTION'} eq $Lang::tr{'shutdown'}) {
 	$death = 1;
 	&General::log($Lang::tr{'shutting down ipfire'});
-	system '/usr/local/bin/ipfirereboot down';
+	&General::system('/usr/local/bin/ipfirereboot', 'down');
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reboot'}) {
 	$rebirth = 1;
 	&General::log($Lang::tr{'rebooting ipfire'});
-	system '/usr/local/bin/ipfirereboot boot';
+	&General::system('/usr/local/bin/ipfirereboot', 'boot');
 }
 if ($death == 0 && $rebirth == 0) {
 

From 5b057b3f31450f1692fa9edd104a97e560f4693c Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 15:00:54 +0100
Subject: [PATCH 42/66] time.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/time.cgi | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/html/cgi-bin/time.cgi b/html/cgi-bin/time.cgi
index 8363b9951..09ef2aa84 100644
--- a/html/cgi-bin/time.cgi
+++ b/html/cgi-bin/time.cgi
@@ -125,8 +125,8 @@ ERROR:
 
 	if ($timesettings{'ENABLENTP'} eq 'on' && $timesettings{'VALID'} eq 'yes')
 	{
-		system ('/usr/bin/touch', "${General::swroot}/time/enable");
-		system ('/usr/local/bin/timectrl enable >/dev/null 2>&1');
+		&General::system('/usr/bin/touch', "${General::swroot}/time/enable");
+		&General::system('/usr/local/bin/timectrl', 'enable');
 		&General::log($Lang::tr{'ntp syncro enabled'});
 		unlink "/var/lock/time/counter";
 		if ($timesettings{'UPDATE_METHOD'} eq 'periodically')
@@ -138,7 +138,7 @@ ERROR:
 		}
 		if ($timesettings{'ENABLECLNTP'} eq 'on') # DPC added to 1.3.1
 		{
-			system ('/usr/bin/touch', "${General::swroot}/time/allowclients"); # DPC added to 1.3.1
+			&General::system('/usr/bin/touch', "${General::swroot}/time/allowclients"); # DPC added to 1.3.1
 			&General::log($Lang::tr{'ntpd restarted'}); # DPC added to 1.3.1
 		} else {
 			unlink "${General::swroot}/time/allowclients";
@@ -150,11 +150,11 @@ ERROR:
 		unlink "${General::swroot}/time/enable";
 		unlink "/var/lock/time/settimenow";
 		unlink "${General::swroot}/time/allowclients"; # DPC added to 1.3.1
-		system ('/usr/local/bin/timectrl disable >/dev/null 2>&1');
+		&General::system('/usr/local/bin/timectrl', 'disable');
 		&General::log($Lang::tr{'ntp syncro disabled'})
 	}
 	if (! $errormessage) {
-		system ('/usr/local/bin/timectrl restart >/dev/null 2>&1'); # DPC added to 1.3.1
+		&General::system('/usr/local/bin/timectrl', 'restart'); # DPC added to 1.3.1
 	}
 }
 
@@ -163,7 +163,7 @@ ERROR:
 $timesettings{'ACTION'} = &Header::cleanhtml ($timesettings{'ACTION'});
 if ($timesettings{'ACTION'} eq $Lang::tr{'set time now'} && $timesettings{'ENABLENTP'} eq 'on')
 {
-	system ('/usr/bin/touch', "/var/lock/time/settimenow");
+	&General::system('/usr/bin/touch', "/var/lock/time/settimenow");
 }
 
 &General::readhash("${General::swroot}/time/settings", \%timesettings);

From c4a54c419d48d1d89a87a26164061df2a4cb633d Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 15:01:36 +0100
Subject: [PATCH 43/66] tor.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/tor.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
index f39c0d8da..3349336ae 100644
--- a/html/cgi-bin/tor.cgi
+++ b/html/cgi-bin/tor.cgi
@@ -873,9 +873,9 @@ sub BuildConfiguration() {
 
 	# Restart the service.
 	if (($settings{'TOR_ENABLED'} eq 'on') || ($settings{'TOR_RELAY_ENABLED'} eq 'on')) {
-		system("/usr/local/bin/torctrl restart &>/dev/null");
+		&General::system("/usr/local/bin/torctrl", "restart");
 	} else {
-		system("/usr/local/bin/torctrl stop &>/dev/null");
+		&General::system("/usr/local/bin/torctrl", "stop");
 	}
 	# Update pid and memory
 	daemonstats();

From 3404ea7df8a99818961a3d41c0f2e3fc69fc6092 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 15:05:05 +0100
Subject: [PATCH 44/66] traffic.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/traffic.cgi | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/html/cgi-bin/traffic.cgi b/html/cgi-bin/traffic.cgi
index 4846cfdf9..2f28537d0 100644
--- a/html/cgi-bin/traffic.cgi
+++ b/html/cgi-bin/traffic.cgi
@@ -87,17 +87,17 @@ sub display_vnstat
 		print"No data for $device !
";
 	} else {
 	    # Summary
-	    system("/usr/bin/vnstati -c 1 -s -i $device -o /srv/web/ipfire/html/graphs/vnstat-s-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-s", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-s-$device.png");
 	    # 5-minute graphs
-	    system("/usr/bin/vnstati -c 1 -5 -i $device -o /srv/web/ipfire/html/graphs/vnstat-5-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-5", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-5-$device.png");
 	    # Hour graph
-	    system("/usr/bin/vnstati -c 1 -h -i $device -o /srv/web/ipfire/html/graphs/vnstat-h-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-h", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-h-$device.png");
 	    # Day graph
-	    system("/usr/bin/vnstati -c 1 -d -i $device -o /srv/web/ipfire/html/graphs/vnstat-d-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-d", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-d-$device.png");
 	    # Month graph
-	    system("/usr/bin/vnstati -c 1 -m -i $device -o /srv/web/ipfire/html/graphs/vnstat-m-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-m", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-m-$device.png");
 	    # Top10 graph
-	    system("/usr/bin/vnstati -c 1 -t -i $device -o /srv/web/ipfire/html/graphs/vnstat-t-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-t", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-t-$device.png");
 
 # Generate HTML-Table with the graphs
 print <
Date: Thu, 10 Jun 2021 15:08:23 +0100
Subject: [PATCH 45/66] updatexlrator.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/updatexlrator.cgi | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/html/cgi-bin/updatexlrator.cgi b/html/cgi-bin/updatexlrator.cgi
index ec7b75228..9cfe08f4e 100644
--- a/html/cgi-bin/updatexlrator.cgi
+++ b/html/cgi-bin/updatexlrator.cgi
@@ -192,33 +192,33 @@ if ($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr purge'})
 
 			if (($xlratorsettings{'REMOVE_NOSOURCE'} eq 'on') && ($status == $sfNoSource))
 			{
-				if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+				if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 			}
 			if (($xlratorsettings{'REMOVE_OUTDATED'} eq 'on') && ($status == $sfOutdated))
 			{
-				if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+				if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 			}
 			if ($xlratorsettings{'REMOVE_OBSOLETE'} eq 'on')
 			{
 				if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'week') && ($lastaccess < (time - 604800)))
 				{
-					if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+					if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 				}
 				if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'month1') && ($lastaccess < (time - 2505600)))
 				{
-					if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+					if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 				}
 				if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'month3') && ($lastaccess < (time - 7516800)))
 				{
-					if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+					if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 				}
 				if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'month6') && ($lastaccess < (time - 15033600)))
 				{
-					if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+					if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 				}
 				if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'year') && ($lastaccess < (time - 31536000)))
 				{
-					if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+					if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 				}
 			}
 		}
@@ -266,7 +266,7 @@ if ($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr save and restart'})
 
 	&savesettings;
 
-	system('/usr/local/bin/squidctrl restart >/dev/null 2>&1');
+	&General::system('/usr/local/bin/squidctrl', 'restart');
 }
 
 if ($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr remove file'})
@@ -278,7 +278,7 @@ if ($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr remove file'})
 	unless ($updatefile =~ /^download\//)
 	{
 		($vendorid,$uuid,$updatefile) = split('/',$updatefile);
-		if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+		if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 	}
 }
 
@@ -295,16 +295,16 @@ if (($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr cancel download'}) || ($x
 			&General::readhash("$repository/download/$vendorid/$updatefile.info", \%dlinfo);
 
 			$id = &getPID("\\s${General::swroot}/updatexlrator/bin/download\\s.*\\s".quotemeta($dlinfo{'SRCURL'})."\\s\\d\\s\\d\$");
-			if ($id) { system("/bin/kill -9 $id"); }
+			if ($id) { &General::system("/bin/kill", "-9", "$id"); }
 			$id = &getPID("\\s/usr/bin/wget\\s.*\\s".quotemeta($dlinfo{'SRCURL'})."\$");
-			if ($id) { system("/bin/kill -9 $id"); }
+			if ($id) { &General::system("/bin/kill", "-9", "$id"); }
 
-			system("rm $repository/download/$vendorid/$updatefile.info");
+			&General::system("rm", "$repository/download/$vendorid/$updatefile.info");
 		}
 
 		if (-e "$repository/download/$vendorid/$updatefile")
 		{
-			system("rm $repository/download/$vendorid/$updatefile");
+			&General::system("rm", "$repository/download/$vendorid/$updatefile");
 		}
 	}
 
@@ -1478,15 +1478,15 @@ sub savesettings
 
 	if (($xlratorsettings{'ENABLE_AUTOCHECK'} eq 'on') && ($xlratorsettings{'AUTOCHECK_SCHEDULE'} eq 'daily'))
 	{
-		system('/usr/local/bin/updxlratorctrl cron daily >/dev/null 2>&1');
+		&General::system('/usr/local/bin/updxlratorctrl', 'cron', 'daily');
 	}
 	if (($xlratorsettings{'ENABLE_AUTOCHECK'} eq 'on') && ($xlratorsettings{'AUTOCHECK_SCHEDULE'} eq 'weekly'))
 	{
-		system('/usr/local/bin/updxlratorctrl cron weekly >/dev/null 2>&1');
+		&General::system('/usr/local/bin/updxlratorctrl', 'cron', 'weekly');
 	}
 	if (($xlratorsettings{'ENABLE_AUTOCHECK'} eq 'on') && ($xlratorsettings{'AUTOCHECK_SCHEDULE'} eq 'monthly'))
 	{
-		system('/usr/local/bin/updxlratorctrl cron monthly >/dev/null 2>&1');
+		&General::system('/usr/local/bin/updxlratorctrl', 'cron', 'monthly');
 	}
 
 	# don't save those variable to the settings file,

From 7b7b3bb96292c388d4849c5d6ec36ff6c55a245d Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 15:23:06 +0100
Subject: [PATCH 46/66] urlfilter.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/urlfilter.cgi | 75 ++++++++++++++++++++------------------
 1 file changed, 40 insertions(+), 35 deletions(-)

diff --git a/html/cgi-bin/urlfilter.cgi b/html/cgi-bin/urlfilter.cgi
index 28ffc8114..3a28721a9 100644
--- a/html/cgi-bin/urlfilter.cgi
+++ b/html/cgi-bin/urlfilter.cgi
@@ -95,9 +95,9 @@ my $ldesc='';
 my $gdesc='';
 
 if (! -d $dbdir) { mkdir("$dbdir"); }
-if (! -e $tcfile) { system("touch $tcfile"); }
-if (! -e $uqfile) { system("touch $uqfile"); }
-if (! -e $sourceurlfile) { system("touch $sourceurlfile"); }
+if (! -e $tcfile) { &General::system("touch", "$tcfile"); }
+if (! -e $uqfile) { &General::system("touch", "$uqfile"); }
+if (! -e $sourceurlfile) { &General::system("touch", "$sourceurlfile"); }
 
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
@@ -226,7 +226,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 
 		if (!(-d "${General::swroot}/urlfilter/update")) { mkdir("${General::swroot}/urlfilter/update"); }
 
-		my $exitcode = system("/bin/tar --no-same-owner -xzf ${General::swroot}/urlfilter/blacklists.tar.gz -C ${General::swroot}/urlfilter/update");
+		my $exitcode = &General::system("/bin/tar", "--no-same-owner", "-xzf", "${General::swroot}/urlfilter/blacklists.tar.gz", "-C", "${General::swroot}/urlfilter/update");
 
 		if ($exitcode > 0)
 		{
@@ -235,18 +235,19 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 
 			if (-d "${General::swroot}/urlfilter/update/BL")
 			{
-				system("mv ${General::swroot}/urlfilter/update/BL ${General::swroot}/urlfilter/update/blacklists");
+				&General::system("mv", "${General::swroot}/urlfilter/update/BL", "${General::swroot}/urlfilter/update/blacklists");
 			}
 
 			if (-d "${General::swroot}/urlfilter/update/category")
 			{
-				system("mv ${General::swroot}/urlfilter/update/category ${General::swroot}/urlfilter/update/blacklists");
+				&General::system("mv", "${General::swroot}/urlfilter/update/category", "${General::swroot}/urlfilter/update/blacklists");
 			}
 
 			if (!(-d "${General::swroot}/urlfilter/update/blacklists"))
 			{
 				$errormessage = $Lang::tr{'urlfilter invalid content'};
 			} else {
+				# XXX Uses globbing
 				system("cp -r ${General::swroot}/urlfilter/update/blacklists/* $dbdir");
 
 				&readblockcategories;
@@ -255,11 +256,11 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 				&writeconfigfile;
 
 				$updatemessage = $Lang::tr{'urlfilter upload success'};
-				system("${General::swroot}/urlfilter/bin/prebuild.pl &");
-				system("logger -t installpackage[urlfilter] \"URL filter blacklist - Blacklist update from local source completed\"");
+				&General::system_background("${General::swroot}/urlfilter/bin/prebuild.pl");
+				&General::system("logger", "-t", "installpackage[urlfilter]", "URL filter blacklist - Blacklist update from local source completed");
 			}
 		}
-		if (-d "${General::swroot}/urlfilter/update") { system("rm -rf ${General::swroot}/urlfilter/update"); }
+		if (-d "${General::swroot}/urlfilter/update") { &General::system("rm", "-rf", "${General::swroot}/urlfilter/update"); }
 		if (-e "${General::swroot}/urlfilter/blacklists.tar.gz") { unlink("${General::swroot}/urlfilter/blacklists.tar.gz"); }
 		if ($errormessage) { goto ERROR; }
 	}
@@ -267,7 +268,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 	if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter backup'})
 	{
 		$blistbackup = ($filtersettings{'ENABLE_FULLBACKUP'} eq 'on') ? "blacklists" : "blacklists/custom";
-		if (system("/bin/tar -C ${General::swroot}/urlfilter -czf ${General::swroot}/urlfilter/backup.tar.gz settings timeconst userquota autoupdate $blistbackup"))
+		if (&General::system("/bin/tar", "-C", "${General::swroot}/urlfilter", "-czf", "${General::swroot}/urlfilter/backup.tar.gz", "settings", "timeconst", "userquota", "autoupdate", "$blistbackup"))
 		{
 			$errormessage = $Lang::tr{'urlfilter backup error'};
 			goto ERROR;
@@ -306,7 +307,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 			$errormessage = $!;
 		}
 
-		my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf ${General::swroot}/urlfilter/backup.tar.gz -C ${General::swroot}/urlfilter/restore");
+		my $exitcode = &General::system("/bin/tar", "--no-same-owner", "--preserve-permissions", "-xzf", "${General::swroot}/urlfilter/backup.tar.gz", "-C", "${General::swroot}/urlfilter/restore");
 		if ($exitcode > 0)
 		{
 			$errormessage = $Lang::tr{'urlfilter tar error'};
@@ -315,6 +316,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 			{
 				$errormessage = $Lang::tr{'urlfilter invalid restore file'};
 			} else {
+				# XXX uses globbing
 				system("cp -rp ${General::swroot}/urlfilter/restore/* ${General::swroot}/urlfilter/");
 				&readblockcategories;
 				&readcustomlists;
@@ -325,7 +327,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 		}
 
 		if (-e "${General::swroot}/urlfilter/backup.tar.gz") { unlink("${General::swroot}/urlfilter/backup.tar.gz"); }
-		if (-d "${General::swroot}/urlfilter/restore") { system("rm -rf ${General::swroot}/urlfilter/restore"); }
+		if (-d "${General::swroot}/urlfilter/restore") { &General::system("rm", "-rf", "${General::swroot}/urlfilter/restore"); }
 		if ($errormessage) { goto ERROR; }
 	}
 
@@ -351,7 +353,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
               	$filtersettings{'VALID'} = 'yes';
 		&savesettings;
 
-		system('/usr/local/bin/squidctrl restart >/dev/null 2>&1');
+		&General::system('/usr/local/bin/squidctrl', 'restart');
 	}
 }
 
@@ -485,7 +487,7 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang
 		$errormessage = $Lang::tr{'urlfilter web proxy service required'};
 	}
 
-	if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
+	if (!$errormessage) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
 	$tcsettings{'TCMODE'}='on';
 }
 
@@ -688,7 +690,7 @@ if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{
 		$errormessage = $Lang::tr{'urlfilter web proxy service required'};
 	}
 
-	if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
+	if (!$errormessage) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
 	$uqsettings{'UQMODE'}='on';
 }
 
@@ -772,7 +774,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter import blacklist'}) && ($bese
 			$errormessage = $!;
 		} else {
 
-			my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf $editdir/blacklist.tar.gz -C $editdir");
+			my $exitcode = &General::system("/bin/tar", "--no-same-owner", "--preserve-permissions", "-xzf", "$editdir/blacklist.tar.gz", "-C", "$editdir");
 			if ($exitcode > 0)
 			{
 				$errormessage = $Lang::tr{'urlfilter tar error'};
@@ -819,7 +821,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter import blacklist'}) && ($bese
 				}
 			}
 
-		if (-d $editdir) { system("rm -rf $editdir"); }
+		if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
 
 		}
 	}
@@ -853,7 +855,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter export blacklist'}) && ($bese
 		print FILE "$besettings{'BE_EXPRESSIONS'}\n";
 		close FILE;
 
-		if (system("/bin/tar -C $editdir -czf $editdir/$besettings{'BE_NAME'}.tar.gz blacklists"))
+		if (&General::system("/bin/tar", "-C", "$editdir", "-czf", "$editdir/$besettings{'BE_NAME'}.tar.gz", "blacklists"))
 		{
 			$errormessage = $Lang::tr{'urlfilter export error'};
 		}
@@ -869,7 +871,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter export blacklist'}) && ($bese
 			while () { print; }
 			close (FILE);
 
-			if (-d $editdir) { system("rm -rf $editdir"); }
+			if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
 			exit;
 		}
 	} else {
@@ -933,8 +935,10 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
 		print FILE "}\n";
 		close FILE;
 
+		# XXX uses globbing
 		system("rm -f $dbdir/$besettings{'BE_NAME'}/*.db");
-		system("/usr/bin/squidGuard -c $editdir/install.conf -C all");
+		&General::system("/usr/bin/squidGuard", "-c", "$editdir/install.conf", "-C", "all");
+		# XXX uses globbing
 		system("chmod a+w $dbdir/$besettings{'BE_NAME'}/*.db");
 
 		&readblockcategories;
@@ -942,9 +946,9 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
 
 		&writeconfigfile;
 
-		system('/usr/local/bin/squidctrl restart >/dev/null 2>&1') unless ($besettings{'NORESTART'} eq 'on');
+		&General::system('/usr/local/bin/squidctrl', 'restart') unless ($besettings{'NORESTART'} eq 'on');
 
-		if (-d $editdir) { system("rm -rf $editdir"); }
+		if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
 	} else {
 		$errormessage = $Lang::tr{'urlfilter category data error'};
 	}
@@ -966,17 +970,17 @@ if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter save schedule'})
 
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'daily'))
 		{
-			system('/usr/local/bin/urlfilterctrl cron daily >/dev/null 2>&1');
+			&General::system('/usr/local/bin/urlfilterctrl', 'cron', 'daily');
 		}
 
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'weekly'))
 		{
-			system('/usr/local/bin/urlfilterctrl cron weekly >/dev/null 2>&1');
+			&General::system('/usr/local/bin/urlfilterctrl', 'cron', 'weekly');
 		}
 
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'monthly'))
 		{
-			system('/usr/local/bin/urlfilterctrl cron monthly >/dev/null 2>&1');
+			&General::system('/usr/local/bin/urlfilterctrl', 'cron', 'monthly');
 		}
 	}
 }
@@ -989,10 +993,10 @@ if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter update now'})
 		{
 			$errormessage = $Lang::tr{'urlfilter custom url required'};
 		} else {
-			system("${General::swroot}/urlfilter/bin/autoupdate.pl $filtersettings{'CUSTOM_UPDATE_URL'} &");
+			&General::system_background("${General::swroot}/urlfilter/bin/autoupdate.pl", "$filtersettings{'CUSTOM_UPDATE_URL'}");
 		}
 	} else {
-		system("${General::swroot}/urlfilter/bin/autoupdate.pl $filtersettings{'UPDATE_SOURCE'} &");
+		&General::system_background("${General::swroot}/urlfilter/bin/autoupdate.pl", "$filtersettings{'UPDATE_SOURCE'}");
 	}
 }
 
@@ -2533,11 +2537,11 @@ sub savesettings
 	delete $filtersettings{'BACKGROUND'};
 	delete $filtersettings{'UPDATEFILE'};
 
-	system("chown -R nobody.nobody $dbdir");
-	system('/usr/bin/squidGuard -C custom/allowed/domains >/dev/null 2>&1');
-	system('/usr/bin/squidGuard -C custom/allowed/urls >/dev/null 2>&1');
-	system('/usr/bin/squidGuard -C custom/blocked/domains >/dev/null 2>&1');
-	system('/usr/bin/squidGuard -C custom/blocked/urls >/dev/null 2>&1 ');
+	&General::system("chown", "-R", "nobody.nobody", "$dbdir");
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/allowed/domains');
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/allowed/urls');
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/blocked/domains');
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/blocked/urls');
 	&setpermissions ($dbdir);
 
 	&General::writehash("${General::swroot}/urlfilter/settings", \%filtersettings);
@@ -2694,12 +2698,13 @@ sub setpermissions
 	foreach $category (<$bldir/*>)
 	{
         	 if (-d $category){
-			system("chmod 755 $category &> /dev/null");
+			&General::system("chmod", "755", "$category");
 			foreach $blacklist (<$category/*>)
 			{
-         			if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); }
-         			if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); }
+         			if (-f $blacklist) { &General::system("chmod", "644", "$blacklist"); }
+         			if (-d $blacklist) { &General::system("chmod", "755", "$blacklist"); }
 			}
+			# XXX uses globbing
         	 	system("chmod 666 $category/*.db &> /dev/null");
 			&setpermissions ($category);
 		}

From d22c7c106293bc5ea3bee8d1df4058cdc33467f6 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 15:23:52 +0100
Subject: [PATCH 47/66] vpnmain.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/vpnmain.cgi | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 9c5532d68..805738288 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -208,10 +208,10 @@ sub newcleanssldatabase {
 		close FILE;
 	}
 	if (! -s ">${General::swroot}/certs/index.txt") {
-		system ("touch ${General::swroot}/certs/index.txt");
+		&General::system("touch", "${General::swroot}/certs/index.txt");
 	}
 	if (! -s ">${General::swroot}/certs/index.txt.attr") {
-		system ("touch ${General::swroot}/certs/index.txt.attr");
+		&General::system("touch", "${General::swroot}/certs/index.txt.attr");
 	}
 	unlink ("${General::swroot}/certs/index.txt.old");
 	unlink ("${General::swroot}/certs/index.txt.attr.old");
@@ -568,9 +568,9 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	&General::writehash("${General::swroot}/vpn/settings", \%vpnsettings);
 	&writeipsecfiles();
 	if (&vpnenabled) {
-		system('/usr/local/bin/ipsecctrl', 'S');
+		&General::system('/usr/local/bin/ipsecctrl', 'S');
 	} else {
-		system('/usr/local/bin/ipsecctrl', 'D');
+		&General::system('/usr/local/bin/ipsecctrl', 'D');
 	}
 	sleep $sleepDelay;
 	SAVE_ERROR:

From f57e1628f6d66dea2c212d7bfc17ce8e1bf2520b Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 15:24:29 +0100
Subject: [PATCH 48/66] wakeonlan.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/wakeonlan.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/wakeonlan.cgi b/html/cgi-bin/wakeonlan.cgi
index 289dc224a..164cec2de 100644
--- a/html/cgi-bin/wakeonlan.cgi
+++ b/html/cgi-bin/wakeonlan.cgi
@@ -171,7 +171,7 @@ if ( $cgiparams{'ACTION'} eq 'wakeup' )
 
   undef %cgiparams;
 
-  system("/usr/sbin/etherwake -i $iface $mac");
+  &General::system("/usr/sbin/etherwake", "-i", "$iface", "$mac");
 
   # make a box with info, 'refresh' to normal screen after 5 seconds
   if ( $refresh eq 'yes' )

From 5617cb0d42a59920b9a9c0d76352319f9a717cc4 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 15:25:02 +0100
Subject: [PATCH 49/66] webaccess.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/webaccess.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/webaccess.cgi b/html/cgi-bin/webaccess.cgi
index 0d50f01b1..934fe6beb 100644
--- a/html/cgi-bin/webaccess.cgi
+++ b/html/cgi-bin/webaccess.cgi
@@ -86,7 +86,7 @@ if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor))
 		((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))
 	{
 		&write_acl;
-		system("/usr/local/bin/squidctrl restart >/dev/null 2>&1");
+		&General::system("/usr/local/bin/squidctrl", "restart");
 	}
 }
 

From d87928c091dfb6918564d76bd16ad48d6114d575 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 15:25:44 +0100
Subject: [PATCH 50/66] wireless.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/wireless.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/wireless.cgi b/html/cgi-bin/wireless.cgi
index d4592a2a4..19f666b1f 100644
--- a/html/cgi-bin/wireless.cgi
+++ b/html/cgi-bin/wireless.cgi
@@ -133,7 +133,7 @@ ADDERROR:
 		close(FILE);
 		undef %cgiparams;
 		&General::log($Lang::tr{'wireless config added'});
-		system('/usr/local/bin/wirelessctrl');
+		&General::system('/usr/local/bin/wirelessctrl');
 	}
 ADDEXIT:
 }
@@ -157,7 +157,7 @@ if ($cgiparams{'ACTION'} eq 'edit')
 		}
 	}
 	&General::log($Lang::tr{'wireless config changed'});
-	system('/usr/local/bin/wirelessctrl');
+	&General::system('/usr/local/bin/wirelessctrl');
 }
 
 if ($cgiparams{'ACTION'} eq 'remove' || $cgiparams{'ACTION'} eq 'toggle')
@@ -178,7 +178,7 @@ if ($cgiparams{'ACTION'} eq 'remove' || $cgiparams{'ACTION'} eq 'toggle')
 	}
 	close(FILE);
 	&General::log($Lang::tr{'wireless config changed'});
-	system('/usr/local/bin/wirelessctrl');
+	&General::system('/usr/local/bin/wirelessctrl');
 }
 
 

From 3eb7c08b89ba3af79e70396e6cba5273857f3186 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 15:26:19 +0100
Subject: [PATCH 51/66] wirelessclient.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/wirelessclient.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/wirelessclient.cgi b/html/cgi-bin/wirelessclient.cgi
index a7a9881b8..7cd23aed4 100644
--- a/html/cgi-bin/wirelessclient.cgi
+++ b/html/cgi-bin/wirelessclient.cgi
@@ -796,7 +796,7 @@ END
 }
 
 sub BuildConfiguration() {
-	system("/usr/local/bin/wirelessclient restart");
+	&General::system("/usr/local/bin/wirelessclient", "restart");
 }
 
 sub NextID() {

From 90d81a4b8a85130514a6912c0c700bc4618b8519 Mon Sep 17 00:00:00 2001
From: Michael Tremer 
Date: Thu, 10 Jun 2021 15:28:53 +0100
Subject: [PATCH 52/66] wlanap.cgi: Use new perl system functions

Signed-off-by: Michael Tremer 
---
 html/cgi-bin/wlanap.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi
index 602d4d3c1..eba5fe774 100644
--- a/html/cgi-bin/wlanap.cgi
+++ b/html/cgi-bin/wlanap.cgi
@@ -148,16 +148,16 @@ if ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'save'}" ){
 		&General::writehash("/var/ipfire/wlanap/settings", \%wlanapsettings);
 		&WriteConfig_hostapd();
 
-		system("/usr/local/bin/wlanapctrl restart >/dev/null 2>&1");
+		&General::system("/usr/local/bin/wlanapctrl", "restart");
 		pid();
 	}
 }elsif ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'wlanap interface'}" ){
 	&General::writehash("/var/ipfire/wlanap/settings", \%wlanapsettings);
 }elsif ( ($wlanapsettings{'ACTION'} eq "$Lang::tr{'start'}") && ($memory == 0) ){
-	system("/usr/local/bin/wlanapctrl start >/dev/null 2>&1");
+	&General::system("/usr/local/bin/wlanapctrl", "start");
 	pid();
 }elsif ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'stop'}" ){
-	system("/usr/local/bin/wlanapctrl stop >/dev/null 2>&1");
+	&General::system("/usr/local/bin/wlanapctrl", "stop");
 	$memory=0;
 }
 

From 4abd5cd00e3d70b200dfa2bbe2cc72a805c1fecb Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 20 May 2021 17:45:30 +0200
Subject: [PATCH 53/66] wireless.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/wireless.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/wireless.cgi b/html/cgi-bin/wireless.cgi
index 19f666b1f..35bdaaa60 100644
--- a/html/cgi-bin/wireless.cgi
+++ b/html/cgi-bin/wireless.cgi
@@ -277,7 +277,7 @@ my @curhosts = ;
 close (HOSTFILE);
 
 my $connstate = &Header::connectionstatus();
-my @arp = `/sbin/arp -n`;
+my @arp = &General::system_output("/sbin/arp", "-n");
 shift @arp;
 
 foreach my $line (@current)

From 1366526c0b96a0004ad96888ec32744fc6fc286b Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 20 May 2021 17:58:24 +0200
Subject: [PATCH 54/66] pppsetup.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/pppsetup.cgi | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/pppsetup.cgi b/html/cgi-bin/pppsetup.cgi
index c9c3d668a..519a062bc 100644
--- a/html/cgi-bin/pppsetup.cgi
+++ b/html/cgi-bin/pppsetup.cgi
@@ -39,6 +39,8 @@ my %checked=();
 my @profilenames=();
 my $errormessage = '';
 my $maxprofiles = 5;
+
+# This call is safe, because no user input will be processed.
 my $kernel=`/bin/uname -r | /usr/bin/tr -d '\012'`;
 
 my %color = ();
@@ -177,7 +179,12 @@ elsif ($pppsettings{'ACTION'} eq $Lang::tr{'save'})
                 $errormessage = $Lang::tr{'invalid input'};
                 goto ERROR; }
 
-        if( $pppsettings{'RECONNECTION'} eq 'dialondemand' && `/bin/cat ${General::swroot}/ddns/config` =~ /,on$/m ) {
+	# Read-in ddns config file, to check if at least one provider is enabled.
+	open(FILE, "${General::swroot}/ddns/config)";
+	my @ddns_config = 
+	close(FILE);
+
+        if( $pppsettings{'RECONNECTION'} eq 'dialondemand' && grep(/on/, @ddns_config) ) {
                 $errormessage = $Lang::tr{'dod not compatible with ddns'};
                 goto ERROR; }
 
@@ -520,7 +527,12 @@ print </dev/null | grep 0`;
+# Read-in atm devices from proc.
+open(PROC, "/proc/net/atm/devices");
+my @patm_devices = ;
+close(PROC);
+
+my $atmdev = grep(/0/, @atm_devices);
 chomp ($atmdev);
 if ($atmdev ne '') {
         print </${General::swroot}/ppp/updatesettings");
+	close(FILE);
 }
 
 sub writesecrets

From a81cbf61273536ee36f3d26504aabdcd65d39cca Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 20 May 2021 18:36:44 +0200
Subject: [PATCH 55/66] vpnmain.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/vpnmain.cgi | 154 ++++++++++++++++++++++++---------------
 1 file changed, 96 insertions(+), 58 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 805738288..29b8c8070 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -208,10 +208,12 @@ sub newcleanssldatabase {
 		close FILE;
 	}
 	if (! -s ">${General::swroot}/certs/index.txt") {
-		&General::system("touch", "${General::swroot}/certs/index.txt");
+		open(FILE, ">${General::swroot}/certs/index.txt");
+		close(FILE);
 	}
 	if (! -s ">${General::swroot}/certs/index.txt.attr") {
-		&General::system("touch", "${General::swroot}/certs/index.txt.attr");
+		open(FILE, ">${General::swroot}/certs/index.txt.attr");
+		close(FILE);
 	}
 	unlink ("${General::swroot}/certs/index.txt.old");
 	unlink ("${General::swroot}/certs/index.txt.attr.old");
@@ -224,9 +226,13 @@ sub newcleanssldatabase {
 ###
 sub callssl ($) {
 	my $opt = shift;
-	my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr
+
+	# Split the given argument string into single pieces and assign them to an array.
+	my @opts = split(/ /, $opt);
+
+	my @retssl = &General::system_output("/usr/bin/openssl", @opts); #redirect stderr
 	my $ret = '';
-	foreach my $line (split (/\n/, $retssl)) {
+	foreach my $line (split (/\n/, @retssl)) {
 		&General::log("ipsec", "$line") if (0); # 1 for verbose logging
 		$ret .= '
'.$line if ( $line =~ /error|unknown/ );
 	}
@@ -240,13 +246,21 @@ sub callssl ($) {
 ###
 sub getCNfromcert ($) {
 	#&General::log("ipsec", "Extracting name from $_[0]...");
-	my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
-	$temp =~ /Subject:.*CN = (.*)[\n]/;
-	$temp = $1;
-	$temp =~ s+/Email+, E+;
-	$temp =~ s/ ST = / S = /;
-	$temp =~ s/,//g;
-	$temp =~ s/\'//g;
+	my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
+	my $temp;
+
+	foreach my $line (@temp) {
+		if ($line =~ /Subject:.*CN = (.*)[\n]/) {
+			$temp = $1;
+			$temp =~ s+/Email+, E+;
+			$temp =~ s/ ST = / S = /;
+			$temp =~ s/,//g;
+			$temp =~ s/\'//g;
+
+			last;
+		}
+	}
+
 	return $temp;
 }
 ###
@@ -254,11 +268,19 @@ sub getCNfromcert ($) {
 ###
 sub getsubjectfromcert ($) {
 	#&General::log("ipsec", "Extracting subject from $_[0]...");
-	my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
-	$temp =~ /Subject: (.*)[\n]/;
-	$temp = $1;
-	$temp =~ s+/Email+, E+;
-	$temp =~ s/ ST = / S = /;
+	my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
+	my $temp;
+
+	foreach my $line (@temp) {
+		if($line =~ /Subject: (.*)[\n]/) {
+			$temp = $1;
+			$temp =~ s+/Email+, E+;
+			$temp =~ s/ ST = / S = /;
+
+			last;
+		}
+	}
+
 	return $temp;
 }
 ###
@@ -595,7 +617,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	}
 	&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 	&writeipsecfiles();
-	system('/usr/local/bin/ipsecctrl', 'R');
+	&General::system('/usr/local/bin/ipsecctrl', 'R');
 	sleep $sleepDelay;
 
 ###
@@ -667,8 +689,8 @@ END
 		$errormessage = $!;
 		goto UPLOADCA_ERROR;
 	}
-	my $temp = `/usr/bin/openssl x509 -text -in $filename`;
-	if ($temp !~ /CA:TRUE/i) {
+	my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
+	if (! grep(/CA:TRUE/, @temp)) {
 		$errormessage = $Lang::tr{'not a valid ca certificate'};
 		unlink ($filename);
 		goto UPLOADCA_ERROR;
@@ -686,7 +708,7 @@ END
 	$cahash{$key}[1] = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem"));
 	&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
 
-	system('/usr/local/bin/ipsecctrl', 'R');
+	&General::system('/usr/local/bin/ipsecctrl', 'R');
 	sleep $sleepDelay;
 
 	UPLOADCA_ERROR:
@@ -702,9 +724,9 @@ END
 		&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 		&Header::openbigbox('100%', 'left', '', '');
 		&Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:");
-		my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
-		$output = &Header::cleanhtml($output,"y");
-		print "
$output
\n";
+		my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
+		@output = &Header::cleanhtml(@output,"y");
+		print "
@output
\n";
 		&Header::closebox();
 		print "";
 		&Header::closebigbox();
@@ -724,7 +746,9 @@ END
 		print "Content-Type: application/force-download\n";
 		print "Content-Type: application/octet-stream\r\n";
 		print "Content-Disposition: attachment; filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
-		print `/usr/bin/openssl x509 -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
+
+		my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
+		print "@cert";
 		exit(0);
 	} else {
 		$errormessage = $Lang::tr{'invalid key'};
@@ -739,21 +763,21 @@ END
 
 	if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
 		foreach my $key (keys %confighash) {
-			my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`;
-			if ($test =~ /: OK/) {
+			my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/certs/$confighash{$key}[1]cert.pem");
+			if (grep(/: OK/, @test)) {
 				# Delete connection
 				unlink ("${General::swroot}/certs/$confighash{$key}[1]cert.pem");
 				unlink ("${General::swroot}/certs/$confighash{$key}[1].p12");
 				delete $confighash{$key};
 				&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 				&writeipsecfiles();
-				system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
+				&General::system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
 			}
 		}
 		unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
 		delete $cahash{$cgiparams{'KEY'}};
 		&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
-		system('/usr/local/bin/ipsecctrl', 'R');
+		&General::system('/usr/local/bin/ipsecctrl', 'R');
 		sleep $sleepDelay;
 	} else {
 		$errormessage = $Lang::tr{'invalid key'};
@@ -768,8 +792,8 @@ END
 	my $assignedcerts = 0;
 	if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
 		foreach my $key (keys %confighash) {
-			my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`;
-			if ($test =~ /: OK/) {
+			my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/certs/$confighash{$key}[1]cert.pem");
+			if (grep(/: OK/, @test)) {
 				$assignedcerts++;
 			}
 		}
@@ -805,7 +829,7 @@ END
 			unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
 			delete $cahash{$cgiparams{'KEY'}};
 			&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
-			system('/usr/local/bin/ipsecctrl', 'R');
+			&General::system('/usr/local/bin/ipsecctrl', 'R');
 			sleep $sleepDelay;
 		}
 	} else {
@@ -817,19 +841,19 @@ END
 ###
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
 	$cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
-	my $output;
+	my @output;
 	&Header::showhttpheaders();
 	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', '');
 	if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
 		&Header::openbox('100%', 'left', "$Lang::tr{'root certificate'}:");
-		$output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/cacert.pem`;
+		@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/cacert.pem");
 	} else {
 		&Header::openbox('100%', 'left', "$Lang::tr{'host certificate'}:");
-		$output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/hostcert.pem`;
+		@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/hostcert.pem");
 	}
-	$output = &Header::cleanhtml($output,"y");
-	print "
$output
\n";
+	@output = &Header::cleanhtml(@output,"y");
+	print "
@output
\n";
 	&Header::closebox();
 	print "";
 	&Header::closebigbox();
@@ -843,7 +867,9 @@ END
 	if ( -f "${General::swroot}/ca/cacert.pem" ) {
 		print "Content-Type: application/force-download\n";
 		print "Content-Disposition: attachment; filename=cacert.pem\r\n\r\n";
-		print `/usr/bin/openssl x509 -in ${General::swroot}/ca/cacert.pem`;
+
+		my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ca/cacert.pem");
+		print "@cert";
 		exit(0);
 	}
 ###
@@ -853,7 +879,9 @@ END
 	if ( -f "${General::swroot}/certs/hostcert.pem" ) {
 		print "Content-Type: application/force-download\n";
 		print "Content-Disposition: attachment; filename=hostcert.pem\r\n\r\n";
-		print `/usr/bin/openssl x509 -in ${General::swroot}/certs/hostcert.pem`;
+
+		my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/certs/hostcert.pem");
+		print "@cert";
 		exit(0);
 	}
 ###
@@ -1216,7 +1244,7 @@ END
 
 	ROOTCERT_SUCCESS:
 	if (&vpnenabled) {
-		system('/usr/local/bin/ipsecctrl', 'S');
+		&General::system('/usr/local/bin/ipsecctrl', 'S');
 		sleep $sleepDelay;
 	}
 	ROOTCERT_SKIP:
@@ -1228,7 +1256,12 @@ END
 	print "Content-Type: application/force-download\n";
 	print "Content-Disposition: attachment; filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
 	print "Content-Type: application/octet-stream\r\n\r\n";
-	print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
+
+	open(FILE, "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+	my @p12 = ;
+	close(FILE);
+	print "@file";
+
 	exit (0);
 
 # Export Apple profile to browser
@@ -1507,9 +1540,9 @@ END
 		&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 		&Header::openbigbox('100%', 'left', '', '');
 		&Header::openbox('100%', 'left', "$Lang::tr{'cert'}:");
-		my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
-		$output = &Header::cleanhtml($output,"y");
-		print "
$output
\n";
+		my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+		@output = &Header::cleanhtml(@output,"y");
+		print "
@output
\n";
 		&Header::closebox();
 		print "";
 		&Header::closebigbox();
@@ -1526,7 +1559,12 @@ END
 	if ( -f "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
 		print "Content-Type: application/force-download\n";
 		print "Content-Disposition: attachment; filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\n\n";
-		print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
+
+		open(FILE, "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+		my @pem = ;
+		close(FILE);
+		print "@pem";
+
 		exit (0);
 	}
 
@@ -1543,12 +1581,12 @@ END
 			$confighash{$cgiparams{'KEY'}}[0] = 'on';
 			&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 			&writeipsecfiles();
-			system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
+			&General::system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
 		} else {
 			$confighash{$cgiparams{'KEY'}}[0] = 'off';
 			&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 			&writeipsecfiles();
-			system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
+			&General::system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
 		}
 		sleep $sleepDelay;
 	} else {
@@ -1564,7 +1602,7 @@ END
 
 	if ($confighash{$cgiparams{'KEY'}}) {
 		if (&vpnenabled) {
-			system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
+			&General::system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
 			sleep $sleepDelay;
 		}
 	} else {
@@ -1584,7 +1622,7 @@ END
 		delete $confighash{$cgiparams{'KEY'}};
 		&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 		&writeipsecfiles();
-		system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
+		&General::system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
 	} else {
 		$errormessage = $Lang::tr{'invalid key'};
 	}
@@ -1952,8 +1990,8 @@ END
 				unshift (@names,$cahash{$x}[0]);
 			}
 			if ($casubject) { # a new one!
-				my $temp = `/usr/bin/openssl x509 -text -in /tmp/newcacert`;
-				if ($temp !~ /CA:TRUE/i) {
+				my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "/tmp/newcacert");
+				if (! grep(/CA:TRUE/, @temp)) {
 					$errormessage = $Lang::tr{'not a valid ca certificate'};
 				} else {
 					#compute a name for it
@@ -1968,7 +2006,7 @@ END
 						$cahash{$key}[0] = $cgiparams{'CA_NAME'};
 						$cahash{$key}[1] = $casubject;
 						&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
-						system('/usr/local/bin/ipsecctrl', 'R');
+						&General::system('/usr/local/bin/ipsecctrl', 'R');
 					}
 				}
 			}
@@ -2008,12 +2046,12 @@ END
 		# Verify the certificate has a valid CA and move it
 		&General::log("ipsec", "Validating imported cert against our known CA...");
 		my $validca = 1; #assume ok
-		my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/cacert.pem $filename`;
-		if ($test !~ /: OK/) {
+		my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/cacert.pem", "$filename");
+		if (! grep(/: OK/, @test)) {
 			my $validca = 0;
 			foreach my $key (keys %cahash) {
-				$test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$key}[0]cert.pem $filename`;
-				if ($test =~ /: OK/) {
+				@test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/$cahash{$key}[0]cert.pem", "$filename");
+				if (grep(/: OK/, @test)) {
 					$validca = 1;
 					last;
 				}
@@ -2276,7 +2314,7 @@ END
 	&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 	&writeipsecfiles();
 	if (&vpnenabled) {
-		system('/usr/local/bin/ipsecctrl', 'S', $key);
+		&General::system('/usr/local/bin/ipsecctrl', 'S', $key);
 		sleep $sleepDelay;
 	}
 	if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
@@ -2822,7 +2860,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 		&writeipsecfiles();
 		if (&vpnenabled) {
-			system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
+			&General::system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
 			sleep $sleepDelay;
 		}
 		goto ADVANCED_END;
@@ -3271,7 +3309,7 @@ EOF
 	&General::readhasharray("${General::swroot}/vpn/config", \%confighash);
 	$cgiparams{'CA_NAME'} = '';
 
-	my @status = `/usr/local/bin/ipsecctrl I 2>/dev/null`;
+	my @status = &General::system_output("/usr/local/bin/ipsecctrl", "I");
 
 	$checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : '';
 

From 2ccb63bce8b63efe3e7b1ce72dff115692c3becd Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 20 May 2021 19:43:10 +0200
Subject: [PATCH 56/66] fireinfo.cgi: Use new system methods

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/fireinfo.cgi | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/html/cgi-bin/fireinfo.cgi b/html/cgi-bin/fireinfo.cgi
index c4baa6170..99952be2e 100644
--- a/html/cgi-bin/fireinfo.cgi
+++ b/html/cgi-bin/fireinfo.cgi
@@ -49,7 +49,11 @@ if ( -e "$configfile" ) {
 if ("$fireinfosettings{'ACTION'}" eq "trigger") {
 	if ($fireinfosettings{'ENABLE_FIREINFO'} eq 'off') 	{
 		&General::log($Lang::tr{'fireinfo is enabled'});
-		&General::system('/usr/bin/touch', $configfile);
+
+		# Write empty configfile.
+		open(FILE, ">$configfile");
+		close(FILE);
+
 		$fireinfosettings{'ENABLE_FIREINFO'} = 'on';
 	} else {
 		&General::log($Lang::tr{'fireinfo is disabled'});
@@ -84,9 +88,13 @@ if ($errormessage) {
 	&Header::closebox();
 }
 
-my $ipfire_version = `cat /etc/system-release`;
+# Get IPFire version string.
+open(FILE, "/etc/system-release");
+my $ipfire_version = ;
+close(FILE);
+
 my $pakfire_version = &Pakfire::make_version();
-my $kernel_version = `uname -a`;
+my $kernel_version = &General::system_output("uname", "-a");
 
 &Header::openbox('100%', 'left', $Lang::tr{'fireinfo system version'});
 print <;
+close(FILE);
+chomp($profile);
 
 print "
\n";
 
 # Read profile ID from file
-my $profile_id = `cat /var/ipfire/fireinfo/public_id`;
+open(FILE, "/var/ipfire/fireinfo/public_id");
+my $profile_id = ;
+close(FILE);
 chomp($profile_id);
 
 &Header::openbox('100%', 'left', $Lang::tr{'fireinfo settings'});

From 17ee1f135f67b91fe0d57189a2f2b57186e4c81e Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 20 May 2021 19:46:59 +0200
Subject: [PATCH 57/66] mdstat.cgi: Print mdstat status in pure perl

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/mdstat.cgi | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/html/cgi-bin/mdstat.cgi b/html/cgi-bin/mdstat.cgi
index d476e074d..9ee2b15a1 100644
--- a/html/cgi-bin/mdstat.cgi
+++ b/html/cgi-bin/mdstat.cgi
@@ -42,7 +42,13 @@ my %mainsettings = ();
 &Header::openbox('100%', 'left',"MD Raid State");
 
 print '';
 
 &Header::closebox();

From f3e3cb371dc3a279b30510eb56c263b3d2a093ce Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 20 May 2021 19:50:01 +0200
Subject: [PATCH 58/66] network-functions.pl: Use new system methods

Signed-off-by: Stefan Schantl 
---
 config/cfgroot/network-functions.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl
index 2f704dfbf..b7a840559 100644
--- a/config/cfgroot/network-functions.pl
+++ b/config/cfgroot/network-functions.pl
@@ -360,7 +360,7 @@ sub _get_wireless_status($) {
 	my $intf = shift;
 
 	if (!$wireless_status{$intf}) {
-		$wireless_status{$intf} = `iwconfig $intf`;
+		$wireless_status{$intf} = &General::system_output("iwconfig", "$intf");
 	}
 
 	return $wireless_status{$intf};

From 8163192065545987ce9e515b8d1bd7f0b6ba705c Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 20 May 2021 19:53:00 +0200
Subject: [PATCH 59/66] ids-functions.pl: Use new system methods

Signed-off-by: Stefan Schantl 
---
 config/cfgroot/ids-functions.pl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 2fdae4a7a..0e397ca19 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -118,7 +118,7 @@ sub check_and_create_filelayout() {
 #
 sub checkdiskspace () {
 	# Call diskfree to gather the free disk space of /var.
-	my @df = `/bin/df -B M /var`;
+	my @df = &General::system_output("/bin/df", "-B", "M", "/var");
 
 	# Loop through the output.
 	foreach my $line (@df) {
@@ -463,7 +463,7 @@ sub call_suricatactrl ($) {
 
 					# Call the suricatactrl binary and pass the "cron" command
 					# with the requrested interval.
-					system("$suricatactrl $option $interval &>/dev/null");
+					&General::system("$suricatactrl", "$option", "$interval");
 
 					# Return "1" - True.
 					return 1;
@@ -475,7 +475,7 @@ sub call_suricatactrl ($) {
 		} else {
 			# Call the suricatactrl binary and pass the requrested
 			# option to it.
-			system("$suricatactrl $option &>/dev/null");
+			&General::system("$suricatactrl", "$option");
 
 			# Return "1" - True.
 			return 1;

From 82215f2d5fa4e654314edc73e6adc28a02043530 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 20 May 2021 20:31:33 +0200
Subject: [PATCH 60/66] netexternal.cgi: Grab DNS servers in pure perl

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/netexternal.cgi | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/html/cgi-bin/netexternal.cgi b/html/cgi-bin/netexternal.cgi
index a31502dd0..1e3760c2b 100644
--- a/html/cgi-bin/netexternal.cgi
+++ b/html/cgi-bin/netexternal.cgi
@@ -86,8 +86,7 @@ if ( $querry[0] ne~ ""){
 
 			&General::readhash("${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info", \%dhcpinfo);
 
-			my $DNS1=`echo $dhcpinfo{'domain_name_servers'} | cut -f 1 -d " "`;
-			my $DNS2=`echo $dhcpinfo{'domain_name_servers'} | cut -f 2 -d " "`;
+			my ($DNS1, $DNS2) = split(/ /, $dhcpinfo{'domain_name_servers'});
 
 			my $lsetme=0;
 			my $leasetime="";

From 276f938b09075debb6f2aab517f03010c1a4a4a8 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 20 May 2021 21:13:50 +0200
Subject: [PATCH 61/66] time.cgi: Get and manipuate date and time in pure perl

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/time.cgi | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/html/cgi-bin/time.cgi b/html/cgi-bin/time.cgi
index 09ef2aa84..6bf3dcc84 100644
--- a/html/cgi-bin/time.cgi
+++ b/html/cgi-bin/time.cgi
@@ -20,6 +20,7 @@
 ###############################################################################
 
 use strict;
+use POSIX qw(strftime);
 
 # enable only the following on debugging purpose
 #use warnings;
@@ -180,11 +181,18 @@ if ($timesettings{'VALID'} eq '')
 }
 
 unless ($errormessage) {
-	$timesettings{'SETMONTH'} = `date +'%m %e %Y %H %M'|cut -c 1-2`;
-	$timesettings{'SETDAY'} = `date +'%m %e %Y %H %M'|cut -c 4-5`;
-	$timesettings{'SETYEAR'} = `date +'%m %e %Y %H %M'|cut -c 7-10`;
-	$timesettings{'SETHOUR'} = `date +'%m %e %Y %H %M'|cut -c 12-13`;
-	$timesettings{'SETMINUTES'} = `date +'%m %e %Y %H %M'|cut -c 15-16`;
+	# Get date and time.
+	my $date = strftime("%m %e %Y %H %M", localtime);
+
+	# Split date string into single values.
+	my ($month, $day, $year, $hour, $minute) = split(/ /, $date);
+
+	# Assign values to the hash.
+	$timesettings{'SETMONTH'} = $month;
+	$timesettings{'SETDAY'} = $day;
+	$timesettings{'SETYEAR'} = $year;
+	$timesettings{'SETHOUR'} = $hour;
+	$timesettings{'SETMINUTES'} = $minute;
 	$_=$timesettings{'SETDAY'};
 	$timesettings{'SETDAY'}=~ tr/ /0/;
 }

From 5153fcc9f114f96ea2b84d78123dd5941f2cc8dc Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Tue, 8 Jun 2021 18:03:30 +0200
Subject: [PATCH 62/66] fireinfo.cgi: Fix read-in profile data.

To read-in the whole file content the data type needs to be an array.

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/fireinfo.cgi | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/fireinfo.cgi b/html/cgi-bin/fireinfo.cgi
index 99952be2e..e0221c5be 100644
--- a/html/cgi-bin/fireinfo.cgi
+++ b/html/cgi-bin/fireinfo.cgi
@@ -117,9 +117,8 @@ END
 
 # Read pregenerated profile data
 open(FILE, "/var/ipfire/fireinfo/profile");
-my $profile = ;
+my @profile = ;
 close(FILE);
-chomp($profile);
 
 print "\n";
 
@@ -170,7 +169,7 @@ print <
 	
 		
-			
+			
 		
 	
 

From 5410fcbc452fe06a4a7de3789ad83f5a9b4a4660 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Mon, 14 Jun 2021 21:38:42 +0200
Subject: [PATCH 63/66] dhcp.cgi: Fix typo and displaying advanced options
 syntax.

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/dhcp.cgi | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
index 4c9fff835..f1fbfd235 100644
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -131,7 +131,7 @@ our @current2 = ;
 close(FILE);
 
 # Open and read-in file which contains the list of allowed advanced options.
-open(FILE, $filename3) or die "Could not open $filename3. $!\n"
+open(FILE, $filename3) or die "Could not open $filename3. $!\n";
 
 # Grab file content.
 my @advoptions_list = ;
@@ -723,10 +723,19 @@ if ($dhcpsettings{'KEY1'} ne '') {
 }
 
 #search if the 'option' is in the list and print the syntax model
-my @opt = grep(/option $dhcpsettings{'ADVOPT_NAME'}/, @advoptions_list);
+my $opt;
 
-# Assign array element to variable and remove newlines.
-my $opt = chomp(@opt[0]);
+# Check if a advanced option name is set.
+if ($dhcpsettings{'ADVOPT_NAME'}) {
+	# Check if the name is part of the list and grab syntax.
+	my @opt = grep(/option $dhcpsettings{'ADVOPT_NAME'}/, @advoptions_list);
+
+	# Assign array element to variable.
+	$opt = @opt[0];
+
+	# Remove newlines.
+	chomp($opt);
+}
 
 if ($opt ne '') {
    $opt =~ s/option $dhcpsettings{'ADVOPT_NAME'}/Syntax:/;  # "option xyz abc" => "syntax: abc"

From e2839b1a2cd0bb60a91931cb2e427370a7e5e206 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Tue, 15 Jun 2021 19:19:24 +0200
Subject: [PATCH 64/66] remote.cgi: Fix splitting output from ssh-keygen.

The split function requires an string as input.

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/remote.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/remote.cgi b/html/cgi-bin/remote.cgi
index 9dc6d5aa5..2bb85851d 100644
--- a/html/cgi-bin/remote.cgi
+++ b/html/cgi-bin/remote.cgi
@@ -255,9 +255,9 @@ sub viewkey
   if ( -e $key )
   {
     # Use safe system_output function to call ssh-keygen and get the output from the tool.
-    my @ssh_keygen = &General::system_output("/usr/bin/ssh-keygen", "-l", -"-f", "$key");
+    my @ssh_keygen = &General::system_output("/usr/bin/ssh-keygen", "-l", "-f", "$key");
 
-    my @temp = split(/ /, @ssh_keygen);
+    my @temp = split(/ /, $ssh_keygen[0]);
     my $keysize = &Header::cleanhtml($temp[0],"y");
     my $fingerprint = &Header::cleanhtml($temp[1],"y");
     print "$key$name$fingerprint$keysize\n";

From f6340997aa216e00fef0f7c7951a4d4084a95d36 Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 17 Jun 2021 18:54:17 +0200
Subject: [PATCH 65/66] services.cgi: Redesign isautorun() because shell
 globbing cannot used anymore.

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/services.cgi | 64 ++++++++++++++++++++++++++++-----------
 1 file changed, 47 insertions(+), 17 deletions(-)

diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi
index e25201c1c..237475735 100644
--- a/html/cgi-bin/services.cgi
+++ b/html/cgi-bin/services.cgi
@@ -163,6 +163,8 @@ END
 	# Generate list of installed addon pak's
 	opendir (DIR, "/opt/pakfire/db/installed") || die "Cannot opendir /opt/pakfire/db/installed/: $!";
 	my @pak = sort readdir DIR;
+	closedir(DIR);
+
 	foreach (@pak){
 		chomp($_);
 		next unless (m/^meta-/);
@@ -187,6 +189,7 @@ END
 					print "";
 					$col="bgcolor='$color{'color20'}'";
 				}
+
 				print "$_ ";
 				my $status = isautorun($_,$col);
 				print "$status ";
@@ -217,27 +220,54 @@ END
 	&Header::closepage();
 }
 
-sub isautorun{
-	my $cmd = $_[0];
-	my $col = $_[1];
+sub isautorun (@) {
+	my ($cmd, $col) = @_;
+
+	# Init directory.
+	my $initdir = "/etc/rc.d/rc3.d/";
+
 	my $status = "";
-	my @init = &General::system_output("find", "/etc/rc.d/rc3.d/S??${cmd}");
-	my $init = chomp(@init[0]);
-	if ($init ne ''){
+
+	# Check if autorun for the given cmd is enabled.
+	if ( &find_init("$cmd", "$initdir") ) {
+		# Adjust status.
 		$status = "$Lang::tr{";
-	}
-	@init = &General::system_output("find", "/etc/rc.d/rc3.d/off/S??${cmd}");
-	my $init = chomp (@init[0]);
-	if ($init ne ''){
+	} else {
+		# Adjust status.
 		$status = "$Lang::tr{";
 	}
 
+	# Return the status.
 	return $status;
 }
 
-sub isrunning{
-	my $cmd = $_[0];
-	my $col = $_[1];
+sub find_init (@) {
+	my ($cmd, $dir) = @_;
+
+	# Open given init directory.
+	opendir (INITDIR, "$dir") || die "Cannot opendir $dir: $!";
+
+	# Read-in init files from directory.
+	my @inits = readdir(INITDIR);
+
+	# Close directory handle.
+	closedir(INITDIR);
+
+	# Loop through the directory.
+	foreach my $init (@inits) {
+		# Check if the current processed file belongs to the given command.
+		if ($init =~ /S\d+\d+$cmd\z/) {
+			# Found, return "1" - True.
+			return "1";
+		}
+        }
+
+	# Nothing found, return nothing.
+	return;
+}
+
+sub isrunning (@) {
+	my ($cmd, $col) = @_;
 	my $status = "$Lang::tr{'stopped'}";
 	my $pid = '';
 	my $testcmd = '';
@@ -288,16 +318,16 @@ sub isrunning{
 	return $status;
 }
 
-sub isrunningaddon{
-	my $cmd = $_[0];
-	my $col = $_[1];
+sub isrunningaddon (@) {
+	my ($cmd, $col) = @_;
+
 	my $status = "$Lang::tr{'stopped'}";
 	my $pid = '';
 	my $testcmd = '';
 	my $exename;
 	my @memory;
 
-	my @testcmd = &General::system_output("/usr/local/bin/addonctrl", "$_", "status");
+	my @testcmd = &General::system_output("/usr/local/bin/addonctrl", "$cmd", "status");
 	my $testcmd = @testcmd[0];
 
 	if ( $testcmd =~ /is\ running/ && $testcmd !~ /is\ not\ running/){

From 508547f98d15c824a2ecf9fd9d4aa0a41a963a6a Mon Sep 17 00:00:00 2001
From: Stefan Schantl 
Date: Thu, 17 Jun 2021 21:52:00 +0200
Subject: [PATCH 66/66] hardwaregraphs.cgi: Perform all sensor lookups in pure
 perl.

Signed-off-by: Stefan Schantl 
---
 html/cgi-bin/hardwaregraphs.cgi | 105 ++++++++++++++++++++++++++++----
 1 file changed, 93 insertions(+), 12 deletions(-)

diff --git a/html/cgi-bin/hardwaregraphs.cgi b/html/cgi-bin/hardwaregraphs.cgi
index f69bcd27b..e8f0fa362 100644
--- a/html/cgi-bin/hardwaregraphs.cgi
+++ b/html/cgi-bin/hardwaregraphs.cgi
@@ -38,12 +38,55 @@ my %mainsettings = ();
 my %sensorsettings = ();
 
 my @sensorsgraphs = ();
-my @sensorsdir = &General::system_output("ls", "-dA", "$mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/");
-foreach (@sensorsdir){
-	chomp($_);chop($_);
-	foreach (&General::system_output("ls", "$_/*") ){
-		chomp($_);
-		push(@sensorsgraphs,$_);
+
+# Main directory where rrdlog puts the sensor data.
+my $sensorsdir = "$mainsettings{'RRDLOG'}/collectd/localhost";
+
+# Open sensors directory.
+opendir(SENSORS, "$sensorsdir") or die "Could not opendir $sensorsdir: $!\n";
+
+# Read-in all sensors.
+my @sensor_dirs = readdir(SENSORS);
+
+# Close directory handle.
+closedir(SENSORS);
+
+# Loop through the grabbed sensors.
+foreach my $sensor_dir (@sensor_dirs) {
+	# Skip everything which does not start with "sensors-".
+	next unless $sensor_dir =~ /^sensors-/;
+
+	# Check if the omitet element is a directory.
+	next unless (-d "$sensorsdir/$sensor_dir");
+
+	# Open sensor directory and lookup for sensors.
+	opendir(SENSOR_DIR, "$sensorsdir/$sensor_dir") or die "Could not opendir $sensorsdir/$sensor_dir: $!\n";
+
+	# Grab single sensors from the directory.
+	my @sensors = readdir(SENSOR_DIR);
+
+	# Close directory handle.
+	closedir(SENSOR_DIR);
+
+	# Loop through the omited sensors.
+	foreach my $sensor (@sensors) {
+		# Skip everything which is not a regular file.
+		next unless (-f "$sensorsdir/$sensor_dir/$sensor");
+
+		# Add sensor to the array of sensorsgrapghs.
+		push(@sensorsgraphs, "$sensorsdir/$sensor_dir/$sensor");
+	}
+}
+
+# Look for ACPI Thermal Zone sensors.
+my @thermal_zone_sensors = grep(/thermal-thermal_zone/, @sensor_dirs);
+
+# If a thermal zone sensor has been found add it to the sensorsgraphs array.
+if (@thermal_zone_sensors) {
+	# Loop through the array of thermal zone sensors.
+	foreach my $thermal_zone_sensor (@thermal_zone_sensors) {
+		# Add the sensor to the array.
+		push(@sensorsgraphs, "$sensorsdir/$thermal_zone_sensor");
 	}
 }
 
@@ -98,7 +141,8 @@ if ( $querry[0] =~ "hwtemp"){
 	}
 
 	# This should be save, because no user given content will be processed.
-	my @disks = `ls -1 /sys/block | grep -E '^sd|^nvme' | sort | uniq`;
+	#my @disks = `ls -1 /sys/block | grep -E '^sd|^nvme' | sort | uniq`;
+	my @disks = &get_disks();
 
 	foreach (@disks){
 		my $disk = $_;
@@ -110,31 +154,31 @@ if ( $querry[0] =~ "hwtemp"){
 		&Header::closebox();
 	}
 
-	if ( &General::system_output("ls", "$mainsettings{'RRDLOG'}/collectd/localhost/thermal-thermal_zone*") ) {
+	if ( grep(/thermal-thermal_zone/, @sensorsgraphs) ) {
 		&Header::openbox('100%', 'center', "ACPI Thermal-Zone Temp $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","thermaltemp","day");
 		&Header::closebox();
 	}
 
-	if ( &General::system_output("ls", "$mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/temperature-*") ) {
+	if ( grep(/temperature-/, @sensorsgraphs) ) {
 		&Header::openbox('100%', 'center', "hwtemp $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","hwtemp","day");
 		Header::closebox();
 	}
 
-	if ( &General::system_output("ls", "$mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/fanspeed-*") ) {
+	if ( grep(/fanspeed-/, @sensorsgraphs) ) {
 		&Header::openbox('100%', 'center', "hwfan $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","hwfan","day");
 		&Header::closebox();
 	}
 
-	if ( &General::system_output("ls", "$mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/voltage-*") ) {
+	if ( grep(/voltage-/, @sensorsgraphs) ) {
 		&Header::openbox('100%', 'center', "hwvolt $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","hwvolt","day");
 		&Header::closebox();
 	}
 
-	if ( &General::system_output("ls", "$mainsettings{'RRDLOG'}/collectd/localhost/sensors-*") ) {
+	if ( @sensorsgraphs ) {
 		sensorsbox();
 	}
 	&Header::closebigbox();
@@ -176,3 +220,40 @@ END
 ;
 	&Header::closebox();
 }
+
+sub get_disks () {
+	my @disks;
+
+	# Open virtal sys FS and grab block devices.
+	opendir(SYS, "/sys/block") or die "Could not opendir /sys/block/: $!\n";
+
+	# Grab all available block devices.
+	my @blockdevs = readdir(SYS);
+
+	# Close directory handle.
+	closedir(SYS);
+
+	# Loop through the array of blockdevs.
+	foreach my $dev (@blockdevs) {
+		# Skip all devices which does not start with "sd" or "nvme".
+		next unless (( $dev =~ /^sd/) || ($dev =~ /^nvme/));
+
+		# Add the device to the array of disks.
+		push(@disks, $dev);
+	}
+
+	# Remove duplicates.
+	my @disks = &uniq(@disks);
+
+	# Sort the array.
+	my @disks = sort(@disks);
+
+	# Return the array.
+	return @disks;
+}
+
+# Tiny code snipped to get a uniq() like function.
+sub uniq {
+	my %seen;
+	return grep { !$seen{$_}++ } @_;
+}