Merge branch 'perl-system' into next

2026-05-01 07:50:23 +02:00 · 2021-06-17 20:11:47 +00:00
parent fa7f2e219a 508547f98d
commit 46443100e0
50 changed files with 907 additions and 475 deletions
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -28,6 +28,77 @@ $General::adminmanualurl = 'http://wiki.ipfire.org';
 require "${General::swroot}/network-functions.pl";
 # This function executes a shell command without forking a shell or do any other
 # Perl-voodoo before it. It deprecates the "system" command and is the only way
 # to call shell commands.
 sub safe_system($) {
 	my @command = @_;
 	system { ${command[0]} } @command;
 	# Return exit code
 	return $? >> 8;
 }
 # Calls a process in the background and returns nothing
 sub system_background($) {
 	my $pid = fork();
 	unless ($pid) {
 		my $rc = &system(@_);
 		exit($rc);
 	}
 	return 0;
 }
 # Returns the output of a shell command
 sub system_output($) {
 	my @command = @_;
 	my $pid;
 	my @output = ();
 	unless ($pid = open(OUTPUT, "-|")) {
 		open(STDERR, ">&STDOUT");
 		exec { ${command[0]} } @command;
 		die "Could not execute @command: $!";
 	}
 	waitpid($pid, 0);
 	while (<OUTPUT>) {
 		push(@output, $_);
 	}
 	close(OUTPUT);
 	return @output;
 }
 # Calls a shell command and throws away the output
 sub system($) {
 	my @command = @_;
 	open(SAVEOUT, ">&STDOUT");
 	open(SAVEERR, ">&STDERR");
 	open(STDOUT, ">/dev/null");
 	open(STDERR, ">&STDOUT");
 	select(STDERR); $|=1;
 	select(STDOUT); $|=1;
 	my $rc = &safe_system(@command);
 	close(STDOUT);
 	close(STDERR);
 	# Restore
 	open(STDOUT, ">&SAVEOUT");
 	open(STDERR, ">&SAVEERR");
 	return $rc;
 }
 # Function to remove duplicates from an array
 sub uniq { my %seen; grep !$seen{$_}++, @_ }
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -118,7 +118,7 @@ sub check_and_create_filelayout() {
 #
 sub checkdiskspace () {
 	# Call diskfree to gather the free disk space of /var.
-	my @df = `/bin/df -B M /var`;
+	my @df = &General::system_output("/bin/df", "-B", "M", "/var");
 	# Loop through the output.
 	foreach my $line (@df) {
@@ -463,7 +463,7 @@ sub call_suricatactrl ($) {
 					# Call the suricatactrl binary and pass the "cron" command
 					# with the requrested interval.
-					system("$suricatactrl $option $interval &>/dev/null");
+					&General::system("$suricatactrl", "$option", "$interval");
 					# Return "1" - True.
 					return 1;
@@ -475,7 +475,7 @@ sub call_suricatactrl ($) {
 		} else {
 			# Call the suricatactrl binary and pass the requrested
 			# option to it.
-			system("$suricatactrl $option &>/dev/null");
+			&General::system("$suricatactrl", "$option");
 			# Return "1" - True.
 			return 1;
--- a/config/cfgroot/network-functions.pl
+++ b/config/cfgroot/network-functions.pl
@@ -360,7 +360,7 @@ sub _get_wireless_status($) {
 	my $intf = shift;
 	if (!$wireless_status{$intf}) {
-		$wireless_status{$intf} = `iwconfig $intf`;
+		$wireless_status{$intf} = &General::system_output("iwconfig", "$intf");
 	}
 	return $wireless_status{$intf};
--- a/html/cgi-bin/aliases.cgi
+++ b/html/cgi-bin/aliases.cgi
@@ -567,7 +567,7 @@ sub SortDataFile
 #
 sub BuildConfiguration {
    # Restart service associated with this
-    system '/usr/local/bin/setaliases';
+    &General::system('/usr/local/bin/setaliases');
 }
 #
--- a/html/cgi-bin/backup.cgi
+++ b/html/cgi-bin/backup.cgi
@@ -54,7 +54,7 @@ $cgiparams{'BACKUPLOGS'} = '';
 ############################################################################################################################
 ################################################ Workaround for Directories ################################################
-system("/usr/local/bin/backupctrl makedirs >/dev/null 2>&1 ") unless ( -e '/var/ipfire/backup/addons/backup') ;
+&General::system("/usr/local/bin/backupctrl", "makedirs") unless ( -e '/var/ipfire/backup/addons/backup') ;
 ############################################################################################################################
 ############################################## System calls ohne Http Header ###############################################
@@ -85,7 +85,7 @@ if ($cgiparams{'ACTION'} eq "download") {
 		print UPLOADFILE;
 		}
 		close UPLOADFILE;
-		system("/usr/local/bin/backupctrl restore >/dev/null 2>&1");
+		&General::system("/usr/local/bin/backupctrl", "restore");
 }
 elsif ( $cgiparams{'ACTION'} eq "restoreaddon" )
 {
@@ -99,7 +99,7 @@ elsif ( $cgiparams{'ACTION'} eq "restoreaddon" )
 		print UPLOADFILE;
 		}
 		close UPLOADFILE;
-		system("/usr/local/bin/backupctrl restoreaddon ".$temp[$#temp]." >/dev/null 2>&1");
+		&General::system("/usr/local/bin/backupctrl", "restoreaddon", $temp[$#temp]);
 }
 &Header::showhttpheaders();
@@ -115,11 +115,11 @@ sub refreshpage{&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' cont
 if ( $cgiparams{'ACTION'} eq "backup" )
 {
 	if ( $cgiparams{'BACKUPLOGS'} eq "include" ) {
-		system("/usr/local/bin/backupctrl include >/dev/null 2>&1");
+		&General::system("/usr/local/bin/backupctrl", "include");
 	} elsif ( $cgiparams{'BACKUPLOGS'} eq "exclude" ) {
-		system("/usr/local/bin/backupctrl exclude >/dev/null 2>&1");
+		&General::system("/usr/local/bin/backupctrl", "exclude");
 	} elsif ( $cgiparams{'BACKUPLOGS'} eq "iso" ) {
-		system("/usr/local/bin/backupctrl iso >/dev/null 2>&1");
+		&General::system("/usr/local/bin/backupctrl", "iso");
 	}
 }
 if ( $cgiparams{'ACTION'} eq "addonbackup" )
@@ -130,14 +130,14 @@ if ( $cgiparams{'ACTION'} eq "addonbackup" )
 	# Check if the addon exists
 	exit(1) unless (-e "/var/ipfire/backup/addons/includes/$cgiparams{'ADDON'}");
-	system("/usr/local/bin/backupctrl addonbackup $cgiparams{'ADDON'} >/dev/null 2>&1");
+	&General::system("/usr/local/bin/backupctrl", "addonbackup", "$cgiparams{'ADDON'}");
 }
 elsif ( $cgiparams{'ACTION'} eq "delete" )
 {
 	my $file = &sanitise_file($cgiparams{'FILE'});
 	exit(1) unless defined($file);
-	system("/usr/local/bin/backupctrl $file >/dev/null 2>&1");
+	&General::system("/usr/local/bin/backupctrl", "$file");
 }
 ############################################################################################################################
--- a/html/cgi-bin/captive.cgi
+++ b/html/cgi-bin/captive.cgi
@@ -64,7 +64,7 @@ my $errormessage='';
 my $clients="${General::swroot}/captive/clients";
 my %clientshash=();
 my $settingsfile="${General::swroot}/captive/settings";
-unless (-e $settingsfile)	{ system("touch $settingsfile"); }
+unless (-e $settingsfile)	{ &General::system("touch $settingsfile"); }
 &Header::getcgihash(\%cgiparams);
--- a/html/cgi-bin/connections.cgi
+++ b/html/cgi-bin/connections.cgi
@@ -146,6 +146,9 @@ if ($netsettings{'RED_DEV'}) {
 	}
 }
 # Call safe system_output function to get all available routes.
 my @all_routes = &General::system_output("/sbin/route", "-n");
 # Add Green Firewall Interface
 push(@network, $netsettings{'GREEN_ADDRESS'});
 push(@masklen, "255.255.255.255" );
@@ -157,7 +160,7 @@ push(@masklen, $netsettings{'GREEN_NETMASK'} );
 push(@colour, ${Header::colourgreen} );
 # Add Green Routes to Array
-my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`;
+my @routes = grep (/$netsettings{'GREEN_DEV'}/, @all_routes);
 foreach my $route (@routes) {
 	chomp($route);
 	my @temp = split(/[\t ]+/, $route);
@@ -178,7 +181,7 @@ if ($netsettings{'BLUE_DEV'}) {
 	push(@colour, ${Header::colourblue} );
 	# Add Blue Routes to Array
-	@routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`;
+	@routes = grep(/$netsettings{'BLUE_DEV'}/, @all_routes);
 	foreach my $route (@routes) {
 		chomp($route);
 		my @temp = split(/[\t ]+/, $route);
@@ -199,7 +202,7 @@ if ($netsettings{'ORANGE_DEV'}) {
 	push(@masklen, $netsettings{'ORANGE_NETMASK'} );
 	push(@colour, ${Header::colourorange} );
 	# Add Orange Routes to Array
-	@routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`;
+	@routes = grep(/$netsettings{'ORANGE_DEV'}/, @all_routes);
 	foreach my $route (@routes) {
 		chomp($route);
 		my @temp = split(/[\t ]+/, $route);
--- a/html/cgi-bin/ddns.cgi
+++ b/html/cgi-bin/ddns.cgi
@@ -342,7 +342,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'edit'}) {
 # Handle forced updates.
 #
 if ($settings{'ACTION'} eq $Lang::tr{'instant update'}) {
-    system(@ddnsprog) == 0 or die "@ddnsprog failed: $?\n";
+    &General::system(@ddnsprog) == 0 or die "@ddnsprog failed: $?\n";
 }
 #
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -130,6 +130,15 @@ open(FILE, "$filename2") or die 'Unable to open fixed leases file.';
 our @current2 = <FILE>;
 close(FILE);
 # Open and read-in file which contains the list of allowed advanced options.
 open(FILE, $filename3) or die "Could not open $filename3. $!\n";
 # Grab file content.
 my @advoptions_list = <FILE>;
 # Close file handle.
 close(FILE);
 # Check Settings1 first because they are needed by &buildconf
 if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
    foreach my $itf (@ITFs) {
@@ -338,7 +347,7 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'add'}.'1' &&
 	map ($dhcpsettings{"ADVOPT_SCOPE_$_"} = 'off', @ITFs);	# force global
    } elsif (ValidNewOption ($dhcpsettings{'ADVOPT_NAME'} . ' ' . $dhcpsettings{'ADVOPT_DATA'})) {
 	#was a new option
-    } elsif (! `grep "\$option $dhcpsettings{'ADVOPT_NAME'} " $filename3`) {
+    } elsif (! grep(/option $dhcpsettings{'ADVOPT_NAME'}/, @advoptions_list)) {
 	$errormessage=$Lang::tr{'dhcp advopt unknown'}.': '.$dhcpsettings{'ADVOPT_NAME'};
    }
@@ -714,7 +723,20 @@ if ($dhcpsettings{'KEY1'} ne '') {
 }
 #search if the 'option' is in the list and print the syntax model
-my $opt = `grep "\$option $dhcpsettings{'ADVOPT_NAME'} " $filename3`;
+my $opt;
 # Check if a advanced option name is set.
 if ($dhcpsettings{'ADVOPT_NAME'}) {
 	# Check if the name is part of the list and grab syntax.
 	my @opt = grep(/option $dhcpsettings{'ADVOPT_NAME'}/, @advoptions_list);
 	# Assign array element to variable.
 	$opt = @opt[0];
 	# Remove newlines.
 	chomp($opt);
 }
 if ($opt ne '') {
   $opt =~ s/option $dhcpsettings{'ADVOPT_NAME'}/Syntax:/;  # "option xyz abc" => "syntax: abc"
   $opt =~ s/;//;
@@ -1330,7 +1352,7 @@ sub buildconf {
 		print FILE "}\n\n";
 	    }
-	    system ('/usr/bin/touch', "${General::swroot}/dhcp/enable_${lc_itf}");
+	    &General::system('/usr/bin/touch', "${General::swroot}/dhcp/enable_${lc_itf}");
 	    &General::log("DHCP on ${itf}: " . $Lang::tr{'dhcp server enabled'})
 	} else {
 	    unlink "${General::swroot}/dhcp/enable_${lc_itf}";
@@ -1357,9 +1379,9 @@ sub buildconf {
    }
    print FILE "include \"${General::swroot}/dhcp/dhcpd.conf.local\";\n";
    close FILE;
-    if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {system '/usr/local/bin/dhcpctrl enable >/dev/null 2>&1';}
+    if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {&General::system('/usr/local/bin/dhcpctrl', 'enable');}
-    else {system '/usr/local/bin/dhcpctrl disable >/dev/null 2>&1';}
+    else {&General::system('/usr/local/bin/dhcpctrl', 'disable');}
-    system '/usr/local/bin/dhcpctrl restart >/dev/null 2>&1 &';
+    &General::system_background('/usr/local/bin/dhcpctrl', 'restart');
 }
 #
--- a/html/cgi-bin/dns.cgi
+++ b/html/cgi-bin/dns.cgi
@@ -48,8 +48,8 @@ my $settings_file = "${General::swroot}/dns/settings";
 my $servers_file = "${General::swroot}/dns/servers";
 # Create files if the does not exist.
-unless (-f $settings_file) { system("touch $settings_file") };
+unless (-f $settings_file) { &General::system("touch", "$settings_file") };
-unless (-f $servers_file) { system("touch $servers_file") };
+unless (-f $servers_file) { &General::system("touch", "$servers_file") };
 # File which stores the ISP assigned DNS servers.
 my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
@@ -844,7 +844,7 @@ sub _handle_unbound_and_more () {
 		&IDS::call_suricatactrl("restart");
 	}
 	# Restart unbound
-	system('/usr/local/bin/unboundctrl reload >/dev/null');
+	&General::system('/usr/local/bin/unboundctrl', 'reload');
 }
 # Check if the system is online (RED is connected).
--- a/html/cgi-bin/dnsforward.cgi
+++ b/html/cgi-bin/dnsforward.cgi
@@ -124,7 +124,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
 		}
 	}
 	# Restart unbound
-	system('/usr/local/bin/unboundctrl reload >/dev/null');
+	&General::system('/usr/local/bin/unboundctrl', 'reload');
 }
 ###
@@ -142,7 +142,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
 	}
 	close(FILE);
 	# Restart unbound.
-	system('/usr/local/bin/unboundctrl reload >/dev/null');
+	&General::system('/usr/local/bin/unboundctrl', 'reload');
 }
 ###
@@ -169,7 +169,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
 	}
 	close(FILE);
 	# Restart unbound.
-	system('/usr/local/bin/unboundctrl reload >/dev/null');
+	&General::system('/usr/local/bin/unboundctrl', 'reload');
 }
 ###
--- a/html/cgi-bin/extrahd.cgi
+++ b/html/cgi-bin/extrahd.cgi
@@ -53,8 +53,8 @@ my $partitionsfile = "/var/ipfire/extrahd/partitions";
 my @dummy = ( ${Header::colourgreen}, ${Header::colourred} );
 undef (@dummy);
-system("/usr/local/bin/extrahdctrl scanhd ide >/dev/null");
+&General::system("/usr/local/bin/extrahdctrl", "scanhd", "ide");
-system("/usr/local/bin/extrahdctrl scanhd partitions >/dev/null");
+&General::system("/usr/local/bin/extrahdctrl", "scanhd", "partitions");
 &Header::showhttpheaders();
@@ -98,12 +98,12 @@ if ($extrahdsettings{'ACTION'} eq $Lang::tr{'add'})
 UUID=$extrahdsettings{'UUID'};$extrahdsettings{'FS'};$extrahdsettings{'PATH'};
 END
 ;
-	system("/usr/local/bin/extrahdctrl mount $extrahdsettings{'PATH'}");
+	&General::system("/usr/local/bin/extrahdctrl", "mount", "$extrahdsettings{'PATH'}");
 	}
 } 
 elsif ($extrahdsettings{'ACTION'} eq $Lang::tr{'delete'}) 
 {
-	if ( `/usr/local/bin/extrahdctrl umount $extrahdsettings{'PATH'}` ) {
+	if ( &General::system("/usr/local/bin/extrahdctrl", "umount", "$extrahdsettings{'PATH'}")) {
 		open( FILE, "< $devicefile" ) or die "Unable to read $devicefile";
 		@tmp = <FILE>;
 		close FILE;
@@ -143,7 +143,11 @@ END
 	{
 		@deviceline = split( /\;/, $deviceentry );
 		my $color="$Header::colourred";
-		if ( ! `/bin/mountpoint $deviceline[2] | grep " not "`  ) {
+
 		# Use safe system_output to get mountpoint details.
 		my @mountpoint = &General::system_output("/bin/mountpoint", "$deviceline[2]");
 		if ( ! grep(/not/, @mountpoint)) {
 			$color=$Header::colourgreen;
 		}
 		print <<END
--- a/html/cgi-bin/fireinfo.cgi
+++ b/html/cgi-bin/fireinfo.cgi
@@ -49,14 +49,18 @@ if ( -e "$configfile" ) {
 if ("$fireinfosettings{'ACTION'}" eq "trigger") {
 	if ($fireinfosettings{'ENABLE_FIREINFO'} eq 'off') 	{
 		&General::log($Lang::tr{'fireinfo is enabled'});
-		system ('/usr/bin/touch', $configfile);
+
 		# Write empty configfile.
 		open(FILE, ">$configfile");
 		close(FILE);
 		$fireinfosettings{'ENABLE_FIREINFO'} = 'on';
 	} else {
 		&General::log($Lang::tr{'fireinfo is disabled'});
 		unlink "$configfile";
 		$fireinfosettings{'ENABLE_FIREINFO'} = 'off';
 	}
-	system("/usr/local/bin/fireinfoctrl &");
+	&General::system_background("/usr/local/bin/fireinfoctrl");
 }
 &Header::openpage('Fireinfo', 1, '');
@@ -84,9 +88,13 @@ if ($errormessage) {
 	&Header::closebox();
 }
-my $ipfire_version = `cat /etc/system-release`;
+# Get IPFire version string.
 open(FILE, "/etc/system-release");
 my $ipfire_version = <FILE>;
 close(FILE);
 my $pakfire_version = &Pakfire::make_version();
-my $kernel_version = `uname -a`;
+my $kernel_version = &General::system_output("uname", "-a");
 &Header::openbox('100%', 'left', $Lang::tr{'fireinfo system version'});
 print <<END;
@@ -108,12 +116,16 @@ END
 &Header::closebox();
 # Read pregenerated profile data
-my $profile = `cat /var/ipfire/fireinfo/profile`;
+open(FILE, "/var/ipfire/fireinfo/profile");
 my @profile = <FILE>;
 close(FILE);
 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
 # Read profile ID from file
-my $profile_id = `cat /var/ipfire/fireinfo/public_id`;
+open(FILE, "/var/ipfire/fireinfo/public_id");
 my $profile_id = <FILE>;
 close(FILE);
 chomp($profile_id);
 &Header::openbox('100%', 'left', $Lang::tr{'fireinfo settings'});
@@ -157,7 +169,7 @@ print <<END;
 	</tr>
 	<tr>
 		<td colspan='2'>
-			<textarea rows="25" cols="75" readonly="readonly">$profile</textarea>
+			<textarea rows="25" cols="75" readonly="readonly">@profile</textarea>
 		</td>
 	</tr>
 </table>
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -38,11 +38,11 @@ require "${General::swroot}/header.pl";
 require "${General::swroot}/location-functions.pl";
 require "/usr/lib/firewall/firewall-lib.pl";
-unless (-d "${General::swroot}/firewall")			{ system("mkdir ${General::swroot}/firewall"); }
+unless (-d "${General::swroot}/firewall")			{ &General::system("mkdir", "${General::swroot}/firewall"); }
-unless (-e "${General::swroot}/firewall/settings")	{ system("touch ${General::swroot}/firewall/settings"); }
+unless (-e "${General::swroot}/firewall/settings")	{ &General::system("touch", "${General::swroot}/firewall/settings"); }
-unless (-e "${General::swroot}/firewall/config")	{ system("touch ${General::swroot}/firewall/config"); }
+unless (-e "${General::swroot}/firewall/config")	{ &General::system("touch", "${General::swroot}/firewall/config"); }
-unless (-e "${General::swroot}/firewall/input")		{ system("touch ${General::swroot}/firewall/input"); }
+unless (-e "${General::swroot}/firewall/input")		{ &General::system("touch", "${General::swroot}/firewall/input"); }
-unless (-e "${General::swroot}/firewall/outgoing")	{ system("touch ${General::swroot}/firewall/outgoing"); }
+unless (-e "${General::swroot}/firewall/outgoing")	{ &General::system("touch", "${General::swroot}/firewall/outgoing"); }
 my %fwdfwsettings=();
 my %selected=() ;
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -75,12 +75,12 @@ my $fwoptions 		= "${General::swroot}/optionsfw/settings";
 my $configovpn		= "${General::swroot}/ovpn/settings";
 my $configipsecrw	= "${General::swroot}/vpn/settings";
-unless (-e $confignet)    { system("touch $confignet"); }
+unless (-e $confignet)    { &General::system("touch", "$confignet"); }
-unless (-e $confighost)   { system("touch $confighost"); }
+unless (-e $confighost)   { &General::system("touch", "$confighost"); }
-unless (-e $configgrp)    { system("touch $configgrp"); }
+unless (-e $configgrp)    { &General::system("touch", "$configgrp"); }
-unless (-e $configsrv)    { system("touch $configsrv"); }
+unless (-e $configsrv)    { &General::system("touch", "$configsrv"); }
-unless (-e $configsrvgrp) { system("touch $configsrvgrp"); }
+unless (-e $configsrvgrp) { &General::system("touch", "$configsrvgrp"); }
-unless (-e $configlocationgrp) { system("touch $configlocationgrp"); }
+unless (-e $configlocationgrp) { &General::system("touch $configlocationgrp"); }
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
 &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
--- a/html/cgi-bin/gpl.cgi
+++ b/html/cgi-bin/gpl.cgi
@@ -60,7 +60,19 @@ END
 ;	
 if ( -e "/usr/share/doc/licenses/GPLv3" ) {
 	print '<textarea rows=\'25\' cols=\'75\' readonly=\'readonly\'>';
-	print `cat /usr/share/doc/licenses/GPLv3`;
+
 	# Open and read-in GPL file content.
 	open(FILE, "/usr/share/doc/licenses/GPLv3");
 	# Grab license.
 	my @license = <FILE>;
 	# Close filehandle.
 	close(FILE);
 	# Print license to textarea.
 	print "@license";
 	print '</textarea>';
 }
 else {
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -67,8 +67,8 @@ my $settingsfile = "${General::swroot}/guardian/settings";
 my $ignoredfile = "${General::swroot}/guardian/ignored";
 # Create empty settings and ignoredfile if they do not exist yet.
-unless (-e "$settingsfile") { system("touch $settingsfile"); }
+unless (-e "$settingsfile") { &General::system("touch", "$settingsfile"); }
-unless (-e "$ignoredfile") { system("touch $ignoredfile"); }
+unless (-e "$ignoredfile") { &General::system("touch", "$ignoredfile"); }
 our %settings = ();
 our %ignored  = ();
@@ -878,7 +878,7 @@ sub BuildConfiguration() {
 	my $configfile = "${General::swroot}/guardian/guardian.conf";
 	# Create the configfile if none exists yet.
-	unless (-e "$configfile") { system("touch $configfile"); }
+	unless (-e "$configfile") { &General::system("touch", "$configfile"); }
 	# Open configfile for writing.
 	open(FILE, ">$configfile");
@@ -940,11 +940,11 @@ sub BuildConfiguration() {
 			&Guardian::Socket::Client("reload");
 		} else {
 			# Launch guardian.
-			system("/usr/local/bin/addonctrl guardian start &>/dev/null");
+			&General::system("/usr/local/bin/addonctrl", "guardian", "start");
 		}
 	} else {
 		# Stop the daemon.
-		system("/usr/local/bin/addonctrl guardian stop &>/dev/null");
+		&General::system("/usr/local/bin/addonctrl", "guardian", "stop");
 	}
 }
@@ -955,7 +955,7 @@ sub GenerateIgnoreFile() {
 	&General::readhasharray($ignoredfile, \%ignored);
 	# Create the guardian.ignore file if not exist yet.
-	unless (-e "$ignorefile") { system("touch $ignorefile"); }
+	unless (-e "$ignorefile") { &General::system("touch", "$ignorefile"); }
 	# Open ignorefile for writing.
 	open(FILE, ">$ignorefile");
--- a/html/cgi-bin/gui.cgi
+++ b/html/cgi-bin/gui.cgi
@@ -70,7 +70,7 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}")
        # Set flag if index page is to refresh whilst ppp is up.
        # Default is NO refresh.
        if ($cgiparams{'REFRESHINDEX'} ne 'off') {
-            system ('/usr/bin/touch', "${General::swroot}/main/refreshindex");
+            &General::system('/usr/bin/touch', "${General::swroot}/main/refreshindex");
        } else {
            unlink "${General::swroot}/main/refreshindex";
        }
@@ -78,7 +78,7 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}")
        # Beep on ip-up or ip-down. Default is ON.
        if ($cgiparams{'PPPUPDOWNBEEP'} ne 'on') {
            $cgiparams{'PPPUPDOWNBEEP'} = 'off';
-            system ('/usr/bin/touch', "${General::swroot}/red/nobeeps");
+            &General::system('/usr/bin/touch', "${General::swroot}/red/nobeeps");
        } else {
            unlink "${General::swroot}/red/nobeeps";
        }
--- a/html/cgi-bin/hardwaregraphs.cgi
+++ b/html/cgi-bin/hardwaregraphs.cgi
@@ -38,12 +38,55 @@ my %mainsettings = ();
 my %sensorsettings = ();
 my @sensorsgraphs = ();
-my @sensorsdir = `ls -dA $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/`;
+
-foreach (@sensorsdir){
+# Main directory where rrdlog puts the sensor data.
-	chomp($_);chop($_);
+my $sensorsdir = "$mainsettings{'RRDLOG'}/collectd/localhost";
-	foreach (`ls $_/*`){
+
-		chomp($_);
+# Open sensors directory.
-		push(@sensorsgraphs,$_);
+opendir(SENSORS, "$sensorsdir") or die "Could not opendir $sensorsdir: $!\n";
 # Read-in all sensors.
 my @sensor_dirs = readdir(SENSORS);
 # Close directory handle.
 closedir(SENSORS);
 # Loop through the grabbed sensors.
 foreach my $sensor_dir (@sensor_dirs) {
 	# Skip everything which does not start with "sensors-".
 	next unless $sensor_dir =~ /^sensors-/;
 	# Check if the omitet element is a directory.
 	next unless (-d "$sensorsdir/$sensor_dir");
 	# Open sensor directory and lookup for sensors.
 	opendir(SENSOR_DIR, "$sensorsdir/$sensor_dir") or die "Could not opendir $sensorsdir/$sensor_dir: $!\n";
 	# Grab single sensors from the directory.
 	my @sensors = readdir(SENSOR_DIR);
 	# Close directory handle.
 	closedir(SENSOR_DIR);
 	# Loop through the omited sensors.
 	foreach my $sensor (@sensors) {
 		# Skip everything which is not a regular file.
 		next unless (-f "$sensorsdir/$sensor_dir/$sensor");
 		# Add sensor to the array of sensorsgrapghs.
 		push(@sensorsgraphs, "$sensorsdir/$sensor_dir/$sensor");
 	}
 }
 # Look for ACPI Thermal Zone sensors.
 my @thermal_zone_sensors = grep(/thermal-thermal_zone/, @sensor_dirs);
 # If a thermal zone sensor has been found add it to the sensorsgraphs array.
 if (@thermal_zone_sensors) {
 	# Loop through the array of thermal zone sensors.
 	foreach my $thermal_zone_sensor (@thermal_zone_sensors) {
 		# Add the sensor to the array.
 		push(@sensorsgraphs, "$sensorsdir/$thermal_zone_sensor");
 	}
 }
@@ -97,7 +140,9 @@ if ( $querry[0] =~ "hwtemp"){
 		&General::writehash("${General::swroot}/sensors/settings", \%sensorsettings);
 	}
-	my @disks = `ls -1 /sys/block | grep -E '^sd|^nvme' | sort | uniq`;
+	# This should be save, because no user given content will be processed.
 	#my @disks = `ls -1 /sys/block | grep -E '^sd|^nvme' | sort | uniq`;
 	my @disks = &get_disks();
 	foreach (@disks){
 		my $disk = $_;
@@ -109,31 +154,31 @@ if ( $querry[0] =~ "hwtemp"){
 		&Header::closebox();
 	}
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/thermal-thermal_zone* 2>/dev/null` ) {
+	if ( grep(/thermal-thermal_zone/, @sensorsgraphs) ) {
 		&Header::openbox('100%', 'center', "ACPI Thermal-Zone Temp $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","thermaltemp","day");
 		&Header::closebox();
 	}
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/temperature-* 2>/dev/null` ) {
+	if ( grep(/temperature-/, @sensorsgraphs) ) {
 		&Header::openbox('100%', 'center', "hwtemp $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","hwtemp","day");
 		Header::closebox();
 	}
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/fanspeed-* 2>/dev/null` ) {
+	if ( grep(/fanspeed-/, @sensorsgraphs) ) {
 		&Header::openbox('100%', 'center', "hwfan $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","hwfan","day");
 		&Header::closebox();
 	}
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/voltage-* 2>/dev/null` ) {
+	if ( grep(/voltage-/, @sensorsgraphs) ) {
 		&Header::openbox('100%', 'center', "hwvolt $Lang::tr{'graph'}");
 		&Graphs::makegraphbox("hardwaregraphs.cgi","hwvolt","day");
 		&Header::closebox();
 	}
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-* 2>/dev/null` ) {
+	if ( @sensorsgraphs ) {
 		sensorsbox();
 	}
 	&Header::closebigbox();
@@ -175,3 +220,40 @@ END
 ;
 	&Header::closebox();
 }
 sub get_disks () {
 	my @disks;
 	# Open virtal sys FS and grab block devices.
 	opendir(SYS, "/sys/block") or die "Could not opendir /sys/block/: $!\n";
 	# Grab all available block devices.
 	my @blockdevs = readdir(SYS);
 	# Close directory handle.
 	closedir(SYS);
 	# Loop through the array of blockdevs.
 	foreach my $dev (@blockdevs) {
 		# Skip all devices which does not start with "sd" or "nvme".
 		next unless (( $dev =~ /^sd/) || ($dev =~ /^nvme/));
 		# Add the device to the array of disks.
 		push(@disks, $dev);
 	}
 	# Remove duplicates.
 	my @disks = &uniq(@disks);
 	# Sort the array.
 	my @disks = sort(@disks);
 	# Return the array.
 	return @disks;
 }
 # Tiny code snipped to get a uniq() like function.
 sub uniq {
 	my %seen;
 	return grep { !$seen{$_}++ } @_;
 }
--- a/html/cgi-bin/hosts.cgi
+++ b/html/cgi-bin/hosts.cgi
@@ -487,6 +487,6 @@ sub SortDataFile
 # Build the configuration file
 #
 sub BuildConfiguration {
-    system '/usr/local/bin/rebuildhosts';
+    &General::system('/usr/local/bin/rebuildhosts');
-    system '/usr/local/bin/unboundctrl reload &>/dev/null';
+    &General::system('/usr/local/bin/unboundctrl', 'reload');
 }
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -118,10 +118,10 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'dial profile'})
 }
 if ($cgiparams{'ACTION'} eq $Lang::tr{'dial'}) {
-	system('/usr/local/bin/redctrl start > /dev/null') == 0
+	&General::system('/usr/local/bin/redctrl', 'start') == 0
 	or &General::log("Dial failed: $?"); sleep 1;
 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'hangup'}) {
-	system('/usr/local/bin/redctrl stop > /dev/null') == 0
+	&General::system('/usr/local/bin/redctrl', 'stop') == 0
 	or &General::log("Hangup failed: $?"); sleep 1;
 }
--- a/html/cgi-bin/mac.cgi
+++ b/html/cgi-bin/mac.cgi
@@ -94,7 +94,7 @@ if ($macsettings{'ACTION'} eq $Lang::tr{'save'}) {
 	}
 }
 if ($macsettings{'ACTION'} eq $Lang::tr{'reconnect'}) {
-	system("/usr/local/bin/redctrl restart >/dev/null 2>&1 &");
+	&General::system_background("/usr/local/bin/redctrl", "restart");
 	&Header::openbox('100%', 'left', $Lang::tr{'mac address recon'} );
 	print "<font class='base'>$Lang::tr{'mac address done'}</font>\n";
 	&Header::closebox();	
@@ -107,7 +107,7 @@ if ($macsettings{'ACTION'} eq $Lang::tr{'delete'} ) {
 }
 if ($macsettings{'ACTION'} eq $Lang::tr{'reboot'}) {
 	&General::log($Lang::tr{'rebooting ipfire'});
-	system("/usr/local/bin/ipfirereboot boot");
+	&General::system("/usr/local/bin/ipfirereboot", "boot");
 	&Header::openbox('100%', 'left', $Lang::tr{'rebooting ipfire'} );
 	print "&nbsp;&nbsp;<img src='/images/indicator.gif' /><br /><br />";
 	print "<meta http-equiv='refresh' content='120;'>";
--- a/html/cgi-bin/mdstat.cgi
+++ b/html/cgi-bin/mdstat.cgi
@@ -42,7 +42,13 @@ my %mainsettings = ();
 &Header::openbox('100%', 'left',"MD Raid State");
 print '<textarea rows="25" cols="80" readonly="readonly">';
-print `cat "/proc/mdstat"`;
+
 # Grab mdstat status.
 open(MDSTAT, "/proc/mdstat");
 my @mdstat = <MDSTAT>;
 close(MDSTAT);
 print "@mdstat";
 print '</textarea>';
 &Header::closebox();
--- a/html/cgi-bin/memory.cgi
+++ b/html/cgi-bin/memory.cgi
@@ -56,7 +56,7 @@ if ( $querry[0] =~ "memory"){
 	&Graphs::makegraphbox("memory.cgi","memory","day");
 	&Header::closebox();
-	if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/swap 2>/dev/null` ) {
+	if (-f $mainsettings{'RRDLOG'}/collectd/localhost/swap) {
 	    &Header::openbox('100%', 'center', "Swap $Lang::tr{'graph'}");
 	    &Graphs::makegraphbox("memory.cgi","swap","day");
 	    &Header::closebox();
--- a/html/cgi-bin/modem.cgi
+++ b/html/cgi-bin/modem.cgi
@@ -57,7 +57,7 @@ ERROR:
 if ($modemsettings{'ACTION'} eq $Lang::tr{'restore defaults'})
 {
-	system('/bin/cp', "${General::swroot}/modem/defaults", "${General::swroot}/modem/settings", '-f');
+	&General::system("cp", "-f", "${General::swroot}/modem/defaults", "${General::swroot}/modem/settings");
 }
 &General::readhash("${General::swroot}/modem/settings", \%modemsettings);
--- a/html/cgi-bin/mpfire.cgi
+++ b/html/cgi-bin/mpfire.cgi
@@ -231,7 +231,7 @@ if ( $mpfiresettings{'ACTION'} eq "scan" ){
 	$mpd->updatedb();
 	refreshpage();
 }elsif ( $mpfiresettings{'ACTION'} eq "playweb" ){
-	$message=system("/usr/local/bin/mpfirectrl","playweb","\"$mpfiresettings{'FILE'}\"","2>/dev/null");
+	$message= &General::system_output("/usr/local/bin/mpfirectrl","playweb","\"$mpfiresettings{'FILE'}\"");
 }elsif ( $mpfiresettings{'ACTION'} eq "playlist" ){
 	$mpd->play();
 }elsif ( $mpfiresettings{'ACTION'} eq "emptyplaylist" ){
--- a/html/cgi-bin/netexternal.cgi
+++ b/html/cgi-bin/netexternal.cgi
@@ -86,8 +86,7 @@ if ( $querry[0] ne~ ""){
 			&General::readhash("${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info", \%dhcpinfo);
-			my $DNS1=`echo $dhcpinfo{'domain_name_servers'} | cut -f 1 -d " "`;
+			my ($DNS1, $DNS2) = split(/ /, $dhcpinfo{'domain_name_servers'});
 			my $DNS2=`echo $dhcpinfo{'domain_name_servers'} | cut -f 2 -d " "`;
 			my $lsetme=0;
 			my $leasetime="";
--- a/html/cgi-bin/optionsfw.cgi
+++ b/html/cgi-bin/optionsfw.cgi
@@ -49,7 +49,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 	if ($settings{'defpol'} ne '1'){
 		$errormessage .= $Lang::tr{'new optionsfw later'};
 		&General::writehash($filename, \%settings);             # Save good settings
-		system("/usr/local/bin/firewallctrl");
+		&General::system("/usr/local/bin/firewallctrl");
 	}else{
 		if ($settings{'POLICY'} ne ''){
 			$fwdfwsettings{'POLICY'} = $settings{'POLICY'};
@@ -64,7 +64,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 		$fwdfwsettings{'POLICY1'} = "$MODE1";
 		&General::writehash("${General::swroot}/firewall/settings", \%fwdfwsettings);
 		&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
-		system("/usr/local/bin/firewallctrl");
+		&General::system("/usr/local/bin/firewallctrl");
 	}
 	&General::readhash($filename, \%settings);             # Load good settings
 }
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -192,10 +192,10 @@ sub newcleanssldatabase
 	close FILE;
    }
    if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
-	system ("touch ${General::swroot}/ovpn/certs/index.txt");
+	&General::system("touch", "${General::swroot}/ovpn/certs/index.txt");
    }
    if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") {
-      system ("touch ${General::swroot}/ovpn/certs/index.txt.attr");
+	&General::system("touch", "${General::swroot}/ovpn/certs/index.txt.attr");
    }
    unlink ("${General::swroot}/ovpn/certs/index.txt.old");
    unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
@@ -220,18 +220,21 @@ sub pkiconfigcheck
 {
 	# Warning if DH parameter is 1024 bit
 	if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
-		my $dhparameter = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}`;
+		my @dhparameter = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
-		my @dhbit = ($dhparameter =~ /(\d+)/);
+
-		if ($1 < 2048) {
+		foreach my $line (@dhparameter) {
-			$cryptoerror = "$Lang::tr{'ovpn error dh'}";
+			my @dhbit = ($line =~ /(\d+)/);
-			goto CRYPTO_ERROR;
+			if ($1 < 2048) {
 				$cryptoerror = "$Lang::tr{'ovpn error dh'}";
 				goto CRYPTO_ERROR;
 			}
 		}
 	}
 	# Warning if md5 is in usage
 	if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
-		my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+		my @signature = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
-		if ($signature =~ /md5WithRSAEncryption/) {
+		if (grep(/md5WithRSAEncryption/, @signature) ) {
 			$cryptoerror = "$Lang::tr{'ovpn error md5'}";
 			goto CRYPTO_ERROR;
 		}
@@ -241,8 +244,8 @@ sub pkiconfigcheck
 	# Warning if certificate is not compliant to RFC3280 TLS rules
 	if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
-		my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+		my @extendkeyusage = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
-		if ($extendkeyusage !~ /TLS Web Server Authentication/) {
+		if ( ! grep(/TLS Web Server Authentication/, @extendkeyusage)) {
 			$cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
 			goto CRYPTO_WARNING;
 		}
@@ -734,7 +737,7 @@ sub writecollectdconf {
 	close(COLLECTDVPN);
 	# Reload collectd afterwards
-	system("/usr/local/bin/collectdctrl restart &>/dev/null");
+	&General::system("/usr/local/bin/collectdctrl", "restart");
 }
 #hier die refresh page
@@ -764,11 +767,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
    #start openvpn server
    if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
    	&emptyserverlog();
-	system('/usr/local/bin/openvpnctrl', '-s');
+	&General::system("/usr/local/bin/openvpnctrl", "-s");
    }   
    #stop openvpn server
    if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
-    	system('/usr/local/bin/openvpnctrl', '-k');
+	&General::system("/usr/local/bin/openvpnctrl", "-k");
 	&emptyserverlog();	
    }   
 #    #restart openvpn server
@@ -1075,8 +1078,8 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
  # Check host certificate if X509 is RFC3280 compliant.
  # If not, old --ns-cert-type directive will be used.
  # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
-  my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+  my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
-  if ($hostcert !~ /TLS Web Server Authentication/) {
+  if ( ! grep(/TLS Web Server Authentication/, @hostcert)) {
       print CLIENTCONF "ns-cert-type server\n";
  } else {
       print CLIENTCONF "remote-cert-tls server\n";
@@ -1196,7 +1199,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	# Create ta.key for tls-auth if not presant
 	if ($cgiparams{'TLSAUTH'} eq 'on') {
 		if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
-			system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+			# This system call is safe, because all arguements are passed as an array.
 			system("/usr/sbin/openvpn", "--genkey", "--secret", "${General::swroot}/ovpn/certs/ta.key");
 			if ($?) {
 				$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
 				goto SETTINGS_ERROR;
@@ -1219,9 +1223,24 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
    $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
 #wrtie enable
-  if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
+  if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {
-  if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
+	  &General::system("touch", "${General::swroot}/ovpn/enable_blue");
-  if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
+  } else {
 	  unlink(${General::swroot}/ovpn/enable_blue);
  }
  if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {
 	  &General::system("touch", "${General::swroot}/ovpn/enable_orange");
  } else {
 	  unlink("${General::swroot}/ovpn/enable_orange");
  }
  if ( $vpnsettings{'ENABLED'} eq 'on' ) {
 	  &General::system("touch", "${General::swroot}/ovpn/enable");
  } else {
 	  unlink("${General::swroot}/ovpn/enable");
  }
 #new settings for daemon    
    &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
    &writeserverconf();#hier ok
@@ -1234,7 +1253,7 @@ SETTINGS_ERROR:
    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
    # Kill all N2N connections
-    system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
+    &General::system("/usr/local/bin/openvpnctrl", "-kn2n");
    foreach my $key (keys %confighash) {
 	my $name = $confighash{$cgiparams{'$key'}}[1];
@@ -1243,7 +1262,7 @@ SETTINGS_ERROR:
 	    delete $confighash{$cgiparams{'$key'}};
 	}
-	system ("/usr/local/bin/openvpnctrl -drrd $name &>/dev/null");
+	&General::system("/usr/local/bin/openvpnctrl", "-drrd", "$name");
    }
    while ($file = glob("${General::swroot}/ovpn/ca/*")) {
 	unlink $file;
@@ -1282,7 +1301,7 @@ SETTINGS_ERROR:
 	close FILE;
    }
    while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
-	system ("rm -rf $file");
+	unlink($file);
    }
    # Remove everything from the collectd configuration
@@ -1328,7 +1347,8 @@ END
        unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
 	}
 	# Create Diffie Hellmann Parameter
-	system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
+	# The system call is safe, because all arguments are passed as an array.
 	system("/usr/bin/openssl", "dhparam", "-out", "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
 	if ($?) {
 		$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
 		unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
@@ -1397,8 +1417,8 @@ END
        $errormessage = $!;
 	goto UPLOADCA_ERROR;
    }
-    my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
+    my @temp = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "$filename");
-    if ($temp !~ /DH Parameters: \((2048|3072|4096) bit\)/) {
+    if ( ! grep(/DH Parameters: \((2048|3072|4096) bit\)/, @temp)) {
        $errormessage = $Lang::tr{'not a valid dh key'};
        unlink ($filename);
        goto UPLOADCA_ERROR;
@@ -1454,8 +1474,8 @@ END
 	$errormessage = $!;
 	goto UPLOADCA_ERROR;
    }
-    my $temp = `/usr/bin/openssl x509 -text -in $filename`;
+    my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
-    if ($temp !~ /CA:TRUE/i) {
+    if ( ! grep(/CA:TRUE/i, @temp )) {
 	$errormessage = $Lang::tr{'not a valid ca certificate'};
 	unlink ($filename);
 	goto UPLOADCA_ERROR;
@@ -1468,11 +1488,19 @@ END
 	}
    }
-    my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
+    @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
-    $casubject    =~ /Subject: (.*)[\n]/;
+    my $casubject;
-    $casubject    = $1;
+
-    $casubject    =~ s+/Email+, E+;
+    foreach my $line (@casubject) {
-    $casubject    =~ s/ ST=/ S=/;
+	if ($line =~ /Subject: (.*)[\n]/) {
 		$casubject    = $1;
 		$casubject    =~ s+/Email+, E+;
 		$casubject    =~ s/ ST=/ S=/;
 		last;
 	}
    }
    $casubject    = &Header::cleanhtml($casubject);
    my $key = &General::findhasharraykey (\%cahash);
@@ -1494,9 +1522,9 @@ END
 	&Header::openpage($Lang::tr{'ovpn'}, 1, '');
 	&Header::openbigbox('100%', 'LEFT', '', $errormessage);
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
-	my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
+	my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
-	$output = &Header::cleanhtml($output,"y");
+	@output = &Header::cleanhtml(@output,"y");
-	print "<pre>$output</pre>\n";
+	print "<pre>@output</pre>\n";
 	&Header::closebox();
 	print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 	&Header::closebigbox();
@@ -1515,7 +1543,10 @@ END
    if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
 	print "Content-Type: application/octet-stream\r\n";
 	print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
-	print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
+
 	my @tmp =  &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
 	print "@tmp";
 	exit(0);
    } else {
 	$errormessage = $Lang::tr{'invalid key'};
@@ -1530,8 +1561,8 @@ END
    if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
 	foreach my $key (keys %confighash) {
-	    my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
+	    my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
-	    if ($test =~ /: OK/) {
+	    if (grep(/: OK/, @test)) {
 		# Delete connection
 #		if ($vpnsettings{'ENABLED'} eq 'on' ||
 #		    $vpnsettings{'ENABLED_BLUE'} eq 'on') {
@@ -1561,8 +1592,8 @@ END
    my $assignedcerts = 0;
    if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
 	foreach my $key (keys %confighash) {
-	    my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
+	    my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
-	    if ($test =~ /: OK/) {
+	    if (grep(/: OK/, @test)) {
 		$assignedcerts++;
 	    }
 	}
@@ -1601,19 +1632,19 @@ END
 ###
 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
    $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
-    my $output;
+    my @output;
    &Header::showhttpheaders();
    &Header::openpage($Lang::tr{'ovpn'}, 1, '');
    &Header::openbigbox('100%', 'LEFT', '', '');
    if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
-	$output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
+	@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
    } else {
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
-	$output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+	@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
    }
-    $output = &Header::cleanhtml($output,"y");
+    @output = &Header::cleanhtml(@output,"y");
-    print "<pre>$output</pre>\n";
+    print "<pre>@output</pre>\n";
    &Header::closebox();
    print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
    &Header::closebigbox();
@@ -1627,7 +1658,10 @@ END
    if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
 	print "Content-Type: application/octet-stream\r\n";
 	print "Content-Disposition: filename=cacert.pem\r\n\r\n";
-	print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
+
 	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
 	print "@tmp";
 	exit(0);
    }
@@ -1638,7 +1672,10 @@ END
    if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
 	print "Content-Type: application/octet-stream\r\n";
 	print "Content-Disposition: filename=servercert.pem\r\n\r\n";
-	print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
+
 	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
 	print "@tmp";
 	exit(0);
    }
@@ -1649,7 +1686,13 @@ END
    if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
 	print "Content-Type: application/octet-stream\r\n";
 	print "Content-Disposition: filename=ta.key\r\n\r\n";
-	print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
+
 	open(FILE, "${General::swroot}/ovpn/certs/ta.key");
 	my @tmp = <FILE>;
 	close(FILE);
 	print "@tmp";
 	exit(0);
    }
@@ -1926,6 +1969,7 @@ END
 	}
 	# Sign the host certificate request
 	# This system call is safe, because all argeuments are passed as an array.
 	system('/usr/bin/openssl', 'ca', '-days', '999999',
 		'-batch', '-notext',
 		'-in',  "${General::swroot}/ovpn/certs/serverreq.pem",
@@ -1947,6 +1991,7 @@ END
 	}
 	# Create an empty CRL
 	# System call is safe, because all arguments are passed as array.
 	system('/usr/bin/openssl', 'ca', '-gencrl',
 		'-out', "${General::swroot}/ovpn/crls/cacrl.pem",
 		'-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
@@ -1962,6 +2007,7 @@ END
 #	    &cleanssldatabase();
 	}
 	# Create ta.key for tls-auth
 	# This system call is safe, because all arguments are passed as an array.
 	system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
 	if ($?) {
 	    $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
@@ -1969,6 +2015,7 @@ END
 	    goto ROOTCERT_ERROR;
 	}
 	# Create Diffie Hellmann Parameter
 	# The system call is safe, because all arguments are passed as an array.
 	system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
 	if ($?) {
 	    $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
@@ -2083,7 +2130,7 @@ END
    }
    ROOTCERT_SUCCESS:
-    system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
+    &General::system("chmod", "600", "${General::swroot}/ovpn/certs/serverkey.pem");
 #    if ($vpnsettings{'ENABLED'} eq 'on' ||
 #	$vpnsettings{'ENABLE_BLUE'} eq 'on') {
 #	system('/usr/local/bin/ipsecctrl', 'S');
@@ -2101,8 +2148,12 @@ END
    &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-#    my $n2nactive = '';
+    my $n2nactive = '';
-    my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
+    my @ps = &General::system_output("/bin/ps", "ax");
    if(grep(/$confighash{$cgiparams{'KEY'}}[1]/, @ps)) {
 	$n2nactive = "1";
    }
    if ($confighash{$cgiparams{'KEY'}}) {
 		if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
@@ -2110,7 +2161,7 @@ END
 			&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 			if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
-				system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+				&General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
 				&writecollectdconf();
 			}
 		} else {
@@ -2120,7 +2171,7 @@ END
 			if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
 				if ($n2nactive ne '') {
-					system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+					&General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
 					&writecollectdconf();
 				}
@@ -2204,8 +2255,8 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
   # Check host certificate if X509 is RFC3280 compliant.
   # If not, old --ns-cert-type directive will be used.
   # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
-   my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+   my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
-   if ($hostcert !~ /TLS Web Server Authentication/) {
+   if (! grep(/TLS Web Server Authentication/, @hostcert)) {
               print CLIENTCONF "ns-cert-type server\n";
   } else {
               print CLIENTCONF "remote-cert-tls server\n";
@@ -2315,6 +2366,7 @@ else
 		$zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem")  or die "Can't add file cacert.pem\n";
 		# Extract the certificate
 		# This system call is safe, because all arguments are passed as an array.
 		system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
 			'-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
 		if ($?) {
@@ -2325,6 +2377,7 @@ else
 		print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
 		# Extract the key
 		# This system call is safe, because all arguments are passed as an array.
 		system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
 			'-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
 		if ($?) {
@@ -2361,8 +2414,8 @@ else
 	# Check host certificate if X509 is RFC3280 compliant.
 	# If not, old --ns-cert-type directive will be used.
 	# If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
-	my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+	my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
-	if ($hostcert !~ /TLS Web Server Authentication/) {
+	if (! grep(/TLS Web Server Authentication/, @hostcert)) {
 		print CLIENTCONF "ns-cert-type server\r\n";
 	} else {
 		print CLIENTCONF "remote-cert-tls server\r\n";
@@ -2464,8 +2517,8 @@ else
 	if ($confighash{$cgiparams{'KEY'}}) {
 		# Revoke certificate if certificate was deleted and rewrite the CRL
-		my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+		&General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf)";
-		my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+		&General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
 ###
 # m.a.d net2net
@@ -2473,7 +2526,7 @@ else
 		if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
 			# Stop the N2N connection before it is removed
-			system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+			&General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
 			my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
 			my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
@@ -2515,10 +2568,10 @@ else
 # CCD end
 		# Update collectd configuration and delete all RRD files of the removed connection
 		&writecollectdconf();
-		system ('/usr/local/bin/openvpnctrl', '-drrd', $confighash{$cgiparams{'KEY'}}[1]);
+		&General::system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]");
 		delete $confighash{$cgiparams{'KEY'}};
-		my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+		&General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
 		&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 	} else {
@@ -2534,7 +2587,12 @@ else
    print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
    print "Content-Type: application/octet-stream\r\n\r\n";
-    print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
+
    open(FILE, "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
    my @tmp = <FILE>;
    close(FILE);
    print "@tmp";
    exit (0);
 ###
@@ -2548,9 +2606,9 @@ else
 	&Header::openpage($Lang::tr{'ovpn'}, 1, '');
 	&Header::openbigbox('100%', 'LEFT', '', '');
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
-	my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
+	my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-	$output = &Header::cleanhtml($output,"y");
+	@output = &Header::cleanhtml(@output,"y");
-	print "<pre>$output</pre>\n";
+	print "<pre>@output</pre>\n";
 	&Header::closebox();
 	print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 	&Header::closebigbox();
@@ -2570,9 +2628,9 @@ else
 		&Header::openpage($Lang::tr{'ovpn'}, 1, '');
 		&Header::openbigbox('100%', 'LEFT', '', '');
 		&Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
-		my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
+		my @output = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
-		$output = &Header::cleanhtml($output,"y");
+		@output = &Header::cleanhtml(@output,"y");
-		print "<pre>$output</pre>\n";
+		print "<pre>@output</pre>\n";
 		&Header::closebox();
 		print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 		&Header::closebigbox();
@@ -2592,9 +2650,13 @@ else
 		&Header::openpage($Lang::tr{'ovpn'}, 1, '');
 		&Header::openbigbox('100%', 'LEFT', '', '');
 		&Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:");
-		my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
+
-		$output = &Header::cleanhtml($output,"y");
+		open(FILE, "${General::swroot}/ovpn/certs/ta.key");
-		print "<pre>$output</pre>\n";
+		my @output = <FILE>;
 		close(FILE);
 		@output = &Header::cleanhtml(@output,"y");
 		print "<pre>@output</pre>\n";
 		&Header::closebox();
 		print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 		&Header::closebigbox();
@@ -2615,9 +2677,9 @@ else
 	&Header::openpage($Lang::tr{'ovpn'}, 1, '');
 	&Header::openbigbox('100%', 'LEFT', '', '');
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
-	my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
+	my @output = &General::system_output("/usr/bin/openssl", "crl", "-text", "-noout", "-in", "${General::swroot}/ovpn/crls/cacrl.pem");
-	$output = &Header::cleanhtml($output,"y");
+	@output = &Header::cleanhtml(@output,"y");
-	print "<pre>$output</pre>\n";
+	print "<pre>@output</pre>\n";
 	&Header::closebox();
 	print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 	&Header::closebigbox();
@@ -3105,7 +3167,12 @@ END
    if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
 	print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
 	print "Content-Type: application/octet-stream\r\n\r\n";
-	print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
+
 	open(FILE, "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
 	my @tmp = <FILE>;
 	close(FILE);
 	print "@tmp";
 	exit (0);
    }
@@ -4031,6 +4098,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    # Sign the certificate request and move it
 	    # Sign the host certificate request
 	    # The system call is safe, because all arguments are passed as an array.
 	    system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
 		'-batch', '-notext',
 		'-in', $filename,
@@ -4047,11 +4115,19 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		&deletebackupcert();
 	    }
-	    my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
+	    my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
-	    $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
+	    my $temp;
-	    $temp = $1;
+
-	    $temp =~ s+/Email+, E+;
+	    foreach my $line (@temp) {
-	    $temp =~ s/ ST=/ S=/;
+		if ($line =~ /Subject:.*CN\s?=\s?(.*)[\n]/) {
 			$temp = $1;
 			$temp =~ s+/Email+, E+;
 			$temp =~ s/ ST=/ S=/;
 			last;
 		}
 	    }
 	    $cgiparams{'CERT_NAME'} = $temp;
 	    $cgiparams{'CERT_NAME'} =~ s/,//g;
 	    $cgiparams{'CERT_NAME'} =~ s/\'//g;
@@ -4077,13 +4153,13 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    # Verify the certificate has a valid CA and move it
 	    my $validca = 0;
-	    my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
+	    my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/cacert.pem", "$filename");
-	    if ($test =~ /: OK/) {
+	    if (grep(/: OK/, @test)) {
 		$validca = 1;
 	    } else {
 		foreach my $key (keys %cahash) {
-		    $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
+		    @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem", "$filename");
-		    if ($test =~ /: OK/) {
+		    if (grep(/: OK/, @test)) {
 			$validca = 1;
 		    }
 		}
@@ -4101,11 +4177,19 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		}
 	    }
-	    my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
+	    my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
-	    $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
+	    my $temp;
-	    $temp = $1;
+
-	    $temp =~ s+/Email+, E+;
+	    foreach my $line (@temp) {
-	    $temp =~ s/ ST=/ S=/;
+		if ($line =~ /Subject:.*CN\s?=\s?(.*)[\n]/) {
 			$temp = $1;
 			$temp =~ s+/Email+, E+;
 			$temp =~ s/ ST=/ S=/;
 			last;
 		}
 	    }
 	    $cgiparams{'CERT_NAME'} = $temp;
 	    $cgiparams{'CERT_NAME'} =~ s/,//g;
 	    $cgiparams{'CERT_NAME'} =~ s/\'//g;
@@ -4232,6 +4316,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    }
 	    # Sign the host certificate request
 	    # The system call is safe, because all arguments are passed as an array.
 	    system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
 		'-batch', '-notext',
 		'-in',  "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
@@ -4250,6 +4335,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    }
 	    # Create the pkcs12 file
 	    # The system call is safe, because all arguments are passed as an array.
 	    system('/usr/bin/openssl', 'pkcs12', '-export', 
 		'-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
 		'-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
@@ -4415,21 +4501,24 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	if ($cgiparams{'TYPE'} eq 'net') {
-	if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
+		if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
-  system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+			&General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
-  &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+			&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-	my $key = $cgiparams{'KEY'};
+			my $key = $cgiparams{'KEY'};
-	if (! $key) {
+			if (! $key) {
-	    $key = &General::findhasharraykey (\%confighash);
+			    $key = &General::findhasharraykey (\%confighash);
-	    foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
+			    foreach my $i (0 .. 31) {
-	    }
+				    $confighash{$key}[$i] = "";
-  $confighash{$key}[0] = 'on';
+			    }
-  &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+			}
-  system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+			$confighash{$key}[0] = 'on';
-	 }          
+			&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-  }
+  
 			&General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
 		}
 	}
 ###
 # m.a.d n2n end
@@ -5046,7 +5135,9 @@ END
    &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-    my @status = `/bin/cat /var/run/ovpnserver.log`;
+    open(FILE, "/var/run/ovpnserver.log");
    my @status = <FILE>;
    close(FILE);
    if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
 		if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
@@ -5358,9 +5449,17 @@ END
 	#} else {
 	    #print "<td align='left'>&nbsp;</td>";
 	#}
-	my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
+	my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
-	$cavalid    =~ /Not After : (.*)[\n]/;
+	my $cavalid;
-	$cavalid    = $1;
+
 	foreach my $line (@cavalid) {
 		if ($line =~ /Not After : (.*)[\n]/) {
 			$cavalid    = $1;
 			last;
 		}
 	}
 	print "<td align='center' $col>$confighash{$key}[25]</td>";
 	$col1="bgcolor='${Header::colourred}'";
 	my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
@@ -5571,11 +5670,19 @@ END
    my $col4="bgcolor='$color{'color20'}'";
    if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
-		my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
+		my @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
-		$casubject    =~ /Subject: (.*)[\n]/;
+		my $casubject;
-		$casubject    = $1;
+
-		$casubject    =~ s+/Email+, E+;
+		foreach my $line (@casubject) {
-		$casubject    =~ s/ ST=/ S=/;
+			if ($line =~ /Subject: (.*)[\n]/) {
 				$casubject    = $1;
 				$casubject    =~ s+/Email+, E+;
 				$casubject    =~ s/ ST=/ S=/;
 				last;
 			}
 		}
 		print <<END;
 		<tr>
 			<td class='base' $col1>$Lang::tr{'root certificate'}</td>
@@ -5605,11 +5712,18 @@ END
    }
    if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
-		my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+		my @hostsubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
-		$hostsubject    =~ /Subject: (.*)[\n]/;
+		my $hostsubject;
-		$hostsubject    = $1;
+
-		$hostsubject    =~ s+/Email+, E+;
+		foreach my $line (@hostsubject) {
-		$hostsubject    =~ s/ ST=/ S=/;
+			if ($line =~ /Subject: (.*)[\n]/) {
 				$hostsubject    = $1;
 				$hostsubject    =~ s+/Email+, E+;
 				$hostsubject    =~ s/ ST=/ S=/;
 				last;
 			}
 		}
 		print <<END;
 		<tr>
@@ -5641,10 +5755,16 @@ END
    # Adding DH parameter to chart
    if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
-		my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
+		my @dhsubject = &System_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
-		$dhsubject    =~ /    (.*)[\n]/;
+		my $dhsubject;
 		$dhsubject    = $1;
 		foreach my $line (@dhsubject) {
 			if ($line =~ /    (.*)[\n]/) {
 				$dhsubject = $1;
 				last;
 			}
 		}
 	print <<END;
 		<tr>
@@ -5674,9 +5794,19 @@ END
    # Adding ta.key to chart
    if (-f "${General::swroot}/ovpn/certs/ta.key") {
-		my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
+		open(FILE, "${General::swroot}/ovpn/certs/ta.key");
-		$tasubject    =~ /# (.*)[\n]/;
+		my @tasubject = <FILE>;
-		$tasubject    = $1;
+		close(FILE);
 		my $tasubject;
 		foreach my $line (@tasubject) {
 			if($line =~ /# (.*)[\n]/) {
 				$tasubject    = $1;
 				last;
 			}
 		}
 		print <<END;
 		<tr>
--- a/html/cgi-bin/pakfire.cgi
+++ b/html/cgi-bin/pakfire.cgi
@@ -57,12 +57,10 @@ sub refreshpage{&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' cont
 if (($cgiparams{'ACTION'} eq 'install') && (! -e $Pakfire::lockfile)) {
 	$cgiparams{'INSPAKS'} =~ s/\|/\ /g;
 	if ("$cgiparams{'FORCE'}" eq "on") {
-		my $command = "/usr/local/bin/pakfire install --non-interactive --no-colors $cgiparams{'INSPAKS'} &>/dev/null &";
+		&General::system_background("/usr/local/bin/pakfire", "install", "--non-interactive", "--no-colors", $cgiparams{'INSPAKS'});
 		system("$command");
 		system("/bin/sleep 1");
 	} else {
 		&Header::openbox("100%", "center", $Lang::tr{'request'});
-		my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $cgiparams{'INSPAKS'}`;
+		my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", $cgiparams{'INSPAKS'});
 		print <<END;
 		<table><tr><td colspan='2'>$Lang::tr{'pakfire install package'}.$cgiparams{'INSPAKS'}.$Lang::tr{'pakfire possible dependency'}
 		<pre>
@@ -97,12 +95,10 @@ END
 	$cgiparams{'DELPAKS'} =~ s/\|/\ /g;
 	if ("$cgiparams{'FORCE'}" eq "on") {
-		my $command = "/usr/local/bin/pakfire remove --non-interactive --no-colors $cgiparams{'DELPAKS'} &>/dev/null &";
+		&General::system_background("/usr/local/bin/pakfire", "remove", "--non-interactive", "--no-colors", $cgiparams{'DELPAKS'});
 		system("$command");
 		system("/bin/sleep 1");
 	} else {
 		&Header::openbox("100%", "center", $Lang::tr{'request'});
-		my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $cgiparams{'DELPAKS'}`;
+		my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", $cgiparams{'DELPAKS'});
 		print <<END;
 		<table><tr><td colspan='2'>$Lang::tr{'pakfire uninstall package'}.$cgiparams{'DELPAKS'}.$Lang::tr{'pakfire possible dependency'}
 		<pre>
@@ -135,13 +131,9 @@ END
 	}
 } elsif (($cgiparams{'ACTION'} eq 'update') && (! -e $Pakfire::lockfile)) {
-
+	&General::system_background("/usr/local/bin/pakfire", "update", "--force", "--no-colors");
 	system("/usr/local/bin/pakfire update --force --no-colors &>/dev/null &");
 	system("/bin/sleep 1");
 } elsif (($cgiparams{'ACTION'} eq 'upgrade') && (!-e $Pakfire::lockfile)) {
-	my $command = "/usr/local/bin/pakfire upgrade -y --no-colors &>/dev/null &";
+	&General::system_background("/usr/local/bin/pakfire", "upgrade", "-y", "--no-colors");
 	system("$command");
 	system("/bin/sleep 1");
 } elsif ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
 	$pakfiresettings{"TREE"} = $cgiparams{"TREE"};
@@ -154,7 +146,7 @@ END
 		&General::writehash("${General::swroot}/pakfire/settings", \%pakfiresettings);
 		# Update lists
-		system("/usr/local/bin/pakfire update --force --no-colors &>/dev/null &");
+		&General::system_background("/usr/local/bin/pakfire", "update", "--force", "--no-colors");
 	}
 }
--- a/html/cgi-bin/pppsetup.cgi
+++ b/html/cgi-bin/pppsetup.cgi
@@ -39,6 +39,8 @@ my %checked=();
 my @profilenames=();
 my $errormessage = '';
 my $maxprofiles = 5;
 # This call is safe, because no user input will be processed.
 my $kernel=`/bin/uname -r | /usr/bin/tr -d '\012'`;
 my %color = ();
@@ -177,7 +179,12 @@ elsif ($pppsettings{'ACTION'} eq $Lang::tr{'save'})
                $errormessage = $Lang::tr{'invalid input'};
                goto ERROR; }
-        if( $pppsettings{'RECONNECTION'} eq 'dialondemand' && `/bin/cat ${General::swroot}/ddns/config` =~ /,on$/m ) {
+	# Read-in ddns config file, to check if at least one provider is enabled.
 	open(FILE, "${General::swroot}/ddns/config)";
 	my @ddns_config = <FILE>
 	close(FILE);
        if( $pppsettings{'RECONNECTION'} eq 'dialondemand' && grep(/on/, @ddns_config) ) {
                $errormessage = $Lang::tr{'dod not compatible with ddns'};
                goto ERROR; }
@@ -520,7 +527,12 @@ print <<END
 END
 ;
-my $atmdev=`cat /proc/net/atm/devices 2>/dev/null | grep 0`;
+# Read-in atm devices from proc.
 open(PROC, "/proc/net/atm/devices");
 my @patm_devices = <PROC>;
 close(PROC);
 my $atmdev = grep(/0/, @atm_devices);
 chomp ($atmdev);
 if ($atmdev ne '') {
        print <<END
@@ -962,7 +974,10 @@ sub updatesettings
        unlink("${General::swroot}/ppp/settings");
        link("${General::swroot}/ppp/settings-$pppsettings{'PROFILE'}",
                "${General::swroot}/ppp/settings");
-        system ("/usr/bin/touch", "${General::swroot}/ppp/updatesettings");
+
 	# Write updatesettings file.
 	open(FILE, ">/${General::swroot}/ppp/updatesettings");
 	close(FILE);
 }
 sub writesecrets
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -32,7 +32,7 @@ require "${General::swroot}/header.pl";
 require "${General::swroot}/ids-functions.pl";
-my @squidversion = `/usr/sbin/squid -v`;
+my @squidversion = &General::system_output("/usr/sbin/squid", "-v");
 my $http_port='81';
 my $https_port='444';
@@ -131,35 +131,35 @@ unless (-d "$raddir")   { mkdir("$raddir"); }
 unless (-d "$identdir") { mkdir("$identdir"); }
 unless (-d "$credir")   { mkdir("$credir"); }
-unless (-e $cre_groups)  { system("touch $cre_groups"); }
+unless (-e $cre_groups)  { &General::system("touch", "$cre_groups"); }
-unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
+unless (-e $cre_svhosts) { &General::system("touch $cre_svhosts"); }
-unless (-e $userdb) { system("touch $userdb"); }
+unless (-e $userdb) { &General::system("touch", "$userdb"); }
-unless (-e $stdgrp) { system("touch $stdgrp"); }
+unless (-e $stdgrp) { &General::system("touch", "$stdgrp"); }
-unless (-e $extgrp) { system("touch $extgrp"); }
+unless (-e $extgrp) { &General::system("touch", "$extgrp"); }
-unless (-e $disgrp) { system("touch $disgrp"); }
+unless (-e $disgrp) { &General::system("touch", "$disgrp"); }
-unless (-e $acl_src_subnets)    { system("touch $acl_src_subnets"); }
+unless (-e $acl_src_subnets)    { &General::system("touch", "$acl_src_subnets"); }
-unless (-e $acl_src_banned_ip)  { system("touch $acl_src_banned_ip"); }
+unless (-e $acl_src_banned_ip)  { &General::system("touch", "$acl_src_banned_ip"); }
-unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
+unless (-e $acl_src_banned_mac) { &General::system("touch", "$acl_src_banned_mac"); }
-unless (-e $acl_src_unrestricted_ip)  { system("touch $acl_src_unrestricted_ip"); }
+unless (-e $acl_src_unrestricted_ip)  { &General::system("touch", "$acl_src_unrestricted_ip"); }
-unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
+unless (-e $acl_src_unrestricted_mac) { &General::system("touch", "$acl_src_unrestricted_mac"); }
-unless (-e $acl_src_noaccess_ip)  { system("touch $acl_src_noaccess_ip"); }
+unless (-e $acl_src_noaccess_ip)  { &General::system("touch", "$acl_src_noaccess_ip"); }
-unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
+unless (-e $acl_src_noaccess_mac) { &General::system("touch", "$acl_src_noaccess_mac"); }
-unless (-e $acl_dst_noauth)     { system("touch $acl_dst_noauth"); }
+unless (-e $acl_dst_noauth)     { &General::system("touch", "$acl_dst_noauth"); }
-unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
+unless (-e $acl_dst_noauth_dom) { &General::system("touch", "$acl_dst_noauth_dom"); }
-unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
+unless (-e $acl_dst_noauth_net) { &General::system("touch", "$acl_dst_noauth_net"); }
-unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
+unless (-e $acl_dst_noauth_url) { &General::system("touch", "$acl_dst_noauth_url"); }
-unless (-e $acl_dst_nocache)     { system("touch $acl_dst_nocache"); }
+unless (-e $acl_dst_nocache)     { &General::system("touch", "$acl_dst_nocache"); }
-unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
+unless (-e $acl_dst_nocache_dom) { &General::system("touch", "$acl_dst_nocache_dom"); }
-unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
+unless (-e $acl_dst_nocache_net) { &General::system("touch", "$acl_dst_nocache_net"); }
-unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
+unless (-e $acl_dst_nocache_url) { &General::system("touch", "$acl_dst_nocache_url"); }
-unless (-e $acl_dst_throttle)  { system("touch $acl_dst_throttle"); }
+unless (-e $acl_dst_throttle)  { &General::system("touch", "$acl_dst_throttle"); }
-unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
+unless (-e $acl_ports_safe) { &General::system("touch", "$acl_ports_safe"); }
-unless (-e $acl_ports_ssl)  { system("touch $acl_ports_ssl"); }
+unless (-e $acl_ports_ssl)  { &General::system("touch", "$acl_ports_ssl"); }
-unless (-e $acl_include) { system("touch $acl_include"); }
+unless (-e $acl_include) { &General::system("touch", "$acl_include"); }
-unless (-e $mimetypes) { system("touch $mimetypes"); }
+unless (-e $mimetypes) { &General::system("touch", "$mimetypes"); }
 my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
@@ -383,7 +383,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 		$errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
 		goto ERROR;
 	}
-	my @free = `/usr/bin/free`;
+	my @free = &General::system_output("/usr/bin/free");
 	$free[1] =~ m/(\d+)/;
 	$cachemem = int $1 / 2048;
 	if ($proxysettings{'CACHE_MEM'} > $cachemem) {
@@ -630,25 +630,25 @@ ERROR:
 		if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
-		system ('/usr/local/bin/squidctrl', 'disable');
+		&General::system ('/usr/local/bin/squidctrl', 'disable');
 		unlink "${General::swroot}/proxy/enable";
 		unlink "${General::swroot}/proxy/transparent";
 		unlink "${General::swroot}/proxy/enable_blue";
 		unlink "${General::swroot}/proxy/transparent_blue";
 		if ($proxysettings{'ENABLE'} eq 'on') {
-			system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
+			&General::system('/usr/bin/touch', "${General::swroot}/proxy/enable");
-			system ('/usr/local/bin/squidctrl', 'enable'); }
+			&General::system('/usr/local/bin/squidctrl', 'enable'); }
 		if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
-			system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
+			&General::system('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
 		if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
-			system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
+			&General::system('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
-			system ('/usr/local/bin/squidctrl', 'enable'); }
+			&General::system('/usr/local/bin/squidctrl', 'enable'); }
 		if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
-			system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
+			&General::system('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
-		if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
+		if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
-		if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
+		if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { &General::system('/usr/local/bin/squidctrl', 'reconfigure'); }
 		# Check if the suricata_proxy_ports_changed flag has been set.
 		if ($suricata_proxy_ports_changed) {
@@ -663,7 +663,7 @@ ERROR:
 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
 {
-	system('/usr/local/bin/squidctrl flush >/dev/null 2>&1');
+	&General::system('/usr/local/bin/squidctrl', 'flush');
 }
 if (!$errormessage)
--- a/html/cgi-bin/qos.cgi
+++ b/html/cgi-bin/qos.cgi
@@ -104,7 +104,7 @@ $qossettings{'TOS'} = '';
 &General::readhash("${General::swroot}/qos/settings", \%qossettings);
 &Header::getcgihash(\%qossettings);
-$qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`;
+$qossettings{'RED_DEV'} = &General::get_red_interface();
 my %color = ();
 my %mainsettings = ();
@@ -232,7 +232,7 @@ END
 	open( FILE, "< $level7file" ) or die "Unable to read $level7file";
 	@l7rules = <FILE>;
 	close FILE;
-  system("rm $level7file");
+	&General::system("rm", "$level7file");
  	foreach $l7ruleentry (sort @l7rules)
  	{
  		@l7ruleline = split( /\;/, $l7ruleentry );
@@ -244,13 +244,13 @@ END
 	        close FILE;
        }
 	  }
-	open( FILE, "< $level7file" ) or system("touch $level7file");close FILE;
+	open( FILE, "< $level7file" ) or &General::system("touch", "$level7file");close FILE;
 	} elsif ($qossettings{'DOLEVEL7'} eq $Lang::tr{'edit'})
 {
 	open( FILE, "< $level7file" ) or die "Unable to read $level7file";
 	@l7rules = <FILE>;
 	close FILE;
-	system("rm $level7file");
+	&General::system("rm", "$level7file");
  	foreach $l7ruleentry (sort @l7rules)
  	{
  		@l7ruleline = split( /\;/, $l7ruleentry );
@@ -263,7 +263,7 @@ END
      }
    }
  &level7rule;
-  open( FILE, "< $level7file" ) or system("touch $level7file");close FILE;
+  open( FILE, "< $level7file" ) or &General::system("touch", "$level7file");close FILE;
 }
 ############################################################################################################################
@@ -323,7 +323,7 @@ END
 	open( FILE, "< $portfile" ) or die "Unable to read $portfile";
 	@portrules = <FILE>;
 	close FILE;
-	system("rm $portfile");
+	&General::system("rm", "$portfile");
  	foreach $portruleentry (sort @portrules)
  	{
  		@portruleline = split( /\;/, $portruleentry );
@@ -336,7 +336,7 @@ END
      }
    }
   &portrule;
-  open( FILE, "< $portfile" ) or system("touch $portfile");close FILE;
+  open( FILE, "< $portfile" ) or &General::system("touch", "$portfile");close FILE;
 }
 ############################################################################################################################
@@ -408,25 +408,25 @@ if ($qossettings{'ACTION'} eq $Lang::tr{'start'})
 {
 	$qossettings{'ENABLED'} = 'on';
 	&General::writehash("${General::swroot}/qos/settings", \%qossettings);
-	system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
+	&General::system("/usr/local/bin/qosctrl", "generate");
-	system("/usr/local/bin/qosctrl start >/dev/null 2>&1");
+	&General::system("/usr/local/bin/qosctrl", "start");
-	system("logger -t ipfire 'QoS started'");
+	&General::system("logger", "-t", "ipfire", "QoS started");
 }
 elsif ($qossettings{'ACTION'} eq $Lang::tr{'stop'})
 {
 	$qossettings{'ENABLED'} = 'off';
 	&General::writehash("${General::swroot}/qos/settings", \%qossettings);
-	system("/usr/local/bin/qosctrl stop >/dev/null 2>&1");
+	&General::system("/usr/local/bin/qosctrl", "stop");
-	system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
+	&General::system("/usr/local/bin/qosctrl", "generate");
-	system("logger -t ipfire 'QoS stopped'");
+	&General::system("logger", "-t", "ipfire", "QoS stopped");
 }
 elsif ($qossettings{'ACTION'} eq $Lang::tr{'restart'})
 {
 	if ($qossettings{'ENABLED'} eq 'on'){
-		system("/usr/local/bin/qosctrl stop >/dev/null 2>&1");
+		&General::system("/usr/local/bin/qosctrl", "stop");
-		system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
+		&General::system("/usr/local/bin/qosctrl", "generate");
-		system("/usr/local/bin/qosctrl start >/dev/null 2>&1");
+		&General::system("/usr/local/bin/qosctrl", "start");
-		system("logger -t ipfire 'QoS restarted'");
+		&General::system("logger", "-t", "ipfire", "QoS restarted");
 	}
 }
 elsif ($qossettings{'ACTION'} eq $Lang::tr{'save'})
@@ -530,9 +530,9 @@ END
 		$qossettings{'ACK'} ="101";
 		$qossettings{'ENABLED'} = 'on';
 		&General::writehash("${General::swroot}/qos/settings", \%qossettings);
-		system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
+		&General::system("/usr/local/bin/qosctrl", "generate");
-		system("/usr/local/bin/qosctrl start >/dev/null 2>&1");
+		&General::system("/usr/local/bin/qosctrl", "start");
-		system("logger -t ipfire 'QoS started'");
+		&General::system("logger", "-t", "ipfire", "QoS started");
 	} else {
 		$message = $Lang::tr{'qos enter bandwidths'};
 	}
@@ -542,8 +542,8 @@ elsif ($qossettings{'ACTION'} eq $Lang::tr{'status'} )
 	&Header::openbox('100%', 'left', 'QoS Status');
 	if ($qossettings{'ENABLED'} eq 'on'){
 		my $output = "";
-		$output = `/usr/local/bin/qosctrl status`;
+		my @output = &General::system_output("/usr/local/bin/qosctrl", "status");
-		$output = &Header::cleanhtml($output,"y");
+		$output = &Header::cleanhtml(@output[0],"y");
 		print "<pre>$output</pre>\n";
 	} else { print "$Lang::tr{'QoS not enabled'}"; }
 	&Header::closebox();
--- a/html/cgi-bin/remote.cgi
+++ b/html/cgi-bin/remote.cgi
@@ -65,7 +65,7 @@ if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTI
 		{
 			$errormessage = $Lang::tr{'ssh no auth'};
 		}
-		system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+		&General::system('/usr/bin/touch', "${General::swroot}/remote/enablessh");
 	}
 	else
 	{
@@ -85,8 +85,8 @@ if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTI
 if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
 	if ($remotesettings{'ENABLE_SSH'} eq 'off')
 	{
-			system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+			&General::system('/usr/bin/touch', "${General::swroot}/remote/enablessh");
-			system('/usr/local/bin/sshctrl');
+			&General::system('/usr/local/bin/sshctrl');
 	}
  if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
  elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
@@ -254,7 +254,10 @@ sub viewkey
  if ( -e $key )
  {
-    my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`);
+    # Use safe system_output function to call ssh-keygen and get the output from the tool.
    my @ssh_keygen = &General::system_output("/usr/bin/ssh-keygen", "-l", "-f", "$key");
    my @temp = split(/ /, $ssh_keygen[0]);
    my $keysize = &Header::cleanhtml($temp[0],"y");
    my $fingerprint = &Header::cleanhtml($temp[1],"y");
    print "<tr><td><code>$key</code></td><td align='center'>$name</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n";
@@ -264,8 +267,7 @@ sub viewkey
 sub printactivelogins()
 {
 	# print active SSH logins (grep outpout of "who -s")
-	my $command = "who -s";
+	my @output = &General::system_output("who", "-s");
 	my @output = `$command`;
 	chomp(@output);
 	my $id = 0;
--- a/html/cgi-bin/routing.cgi
+++ b/html/cgi-bin/routing.cgi
@@ -474,5 +474,5 @@ sub SortDataFile
 # Build the configuration file
 #
 sub BuildConfiguration {
-    system '/usr/local/bin/rebuildroutes';
+    &General::system('/usr/local/bin/rebuildroutes');
 }
--- a/html/cgi-bin/samba.cgi
+++ b/html/cgi-bin/samba.cgi
@@ -85,14 +85,14 @@ delete $sambasettings{'__CGI__'};delete $sambasettings{'x'};delete $sambasetting
 ############################################################################################################################
 ############################################# Samba Rootskript aufrufe fr SU-Actions #######################################
-if ($sambasettings{'ACTION'} eq 'smbuserdisable'){system("/usr/local/bin/sambactrl smbuserdisable $sambasettings{'NAME'}");}
+if ($sambasettings{'ACTION'} eq 'smbuserdisable'){&General::system("/usr/local/bin/sambactrl", "smbuserdisable", "$sambasettings{'NAME'}");}
-if ($sambasettings{'ACTION'} eq 'smbuserenable'){system("/usr/local/bin/sambactrl smbuserenable $sambasettings{'NAME'}");}
+if ($sambasettings{'ACTION'} eq 'smbuserenable'){&General::system("/usr/local/bin/sambactrl", "smbuserenable", "$sambasettings{'NAME'}");}
-if ($sambasettings{'ACTION'} eq 'smbuseradd'){system("/usr/local/bin/sambactrl smbuseradd $sambasettings{'USERNAME'} $sambasettings{'PASSWORD'}");}
+if ($sambasettings{'ACTION'} eq 'smbuseradd'){&General::system("/usr/local/bin/sambactrl", "smbuseradd", "$sambasettings{'USERNAME'}", "$sambasettings{'PASSWORD'}");}
-if ($sambasettings{'ACTION'} eq 'smbchangepw'){system("/usr/local/bin/sambactrl smbchangepw $sambasettings{'USERNAME'} $sambasettings{'PASSWORD'}");}
+if ($sambasettings{'ACTION'} eq 'smbchangepw'){&General::system("/usr/local/bin/sambactrl", "smbchangepw", "$sambasettings{'USERNAME'}", "$sambasettings{'PASSWORD'}");}
-if ($sambasettings{'ACTION'} eq 'smbrestart'){system("/usr/local/bin/sambactrl smbrestart");}
+if ($sambasettings{'ACTION'} eq 'smbrestart'){&General::system("/usr/local/bin/sambactrl", "smbrestart");}
-if ($sambasettings{'ACTION'} eq 'smbstart'){system("/usr/local/bin/sambactrl smbstart");}
+if ($sambasettings{'ACTION'} eq 'smbstart'){&General::system("/usr/local/bin/sambactrl", "smbstart");}
-if ($sambasettings{'ACTION'} eq 'smbstop'){system("/usr/local/bin/sambactrl smbstop");}
+if ($sambasettings{'ACTION'} eq 'smbstop'){&General::system("/usr/local/bin/sambactrl", "smbstop");}
-if ($sambasettings{'ACTION'} eq 'smbreload'){system("/usr/local/bin/sambactrl smbreload");}
+if ($sambasettings{'ACTION'} eq 'smbreload'){&General::system("/usr/local/bin/sambactrl", "smbreload");}
 if ($sambasettings{'ACTION'} eq 'join') {
 	$message .= &joindomain($sambasettings{'USERNAME'}, $sambasettings{'PASSWORD'});
 }
@@ -124,7 +124,7 @@ if ($sambasettings{'ACTION'} eq 'smbsharechange') {
 ############################################################################################################################
 ########################################### Samba Benutzer oder PC l<>chen #################################################
-if ($sambasettings{'ACTION'} eq 'userdelete'){system("/usr/local/bin/sambactrl smbuserdelete $sambasettings{'NAME'}");}
+if ($sambasettings{'ACTION'} eq 'userdelete'){&General::system("/usr/local/bin/sambactrl", "smbuserdelete", "$sambasettings{'NAME'}");}
 ############################################################################################################################
 ##################################### Umsetzen der Werte von Checkboxen und Dropdowns ######################################
@@ -138,7 +138,7 @@ if ($sambasettings{'ACTION'} eq $Lang::tr{'save'}) {
 	# Write configuration to file
 	&writeconfiguration();
-	system("/usr/local/bin/sambactrl smbreload");
+	&General::system("/usr/local/bin/sambactrl", "smbreload");
 }
 &General::readhash("${General::swroot}/samba/settings", \%sambasettings);
@@ -334,11 +334,11 @@ if ($sambasettings{'ROLE'} eq 'standalone') {
 			</tr>
 END
-	system('/usr/local/bin/sambactrl readsmbpasswd');
+	&General::system("/usr/local/bin/sambactrl", "readsmbpasswd");
 	open(FILE, "<${General::swroot}/samba/private/smbpasswd") or die "Can't read user file: $!";
 	my @users = <FILE>;
 	close(FILE);
-	system('/usr/local/bin/sambactrl locksmbpasswd');
+	&General::system("/usr/local/bin/sambactrl", "locksmbpasswd");
 	my $lines = 0;
 	foreach $userentry (sort @users) {
@@ -734,8 +734,8 @@ if ( $smb eq 'shares')
 close FILE;
-system("/usr/local/bin/sambactrl smbsafeconf");
+&General::system("/usr/local/bin/sambactrl", "smbsafeconf");
-system("/usr/local/bin/sambactrl smbreload");
+&General::system("/usr/local/bin/sambactrl", "smbreload");
 }
 sub isrunning
@@ -844,7 +844,7 @@ printable = yes
 END
 close FILE;
-	system("/usr/local/bin/sambactrl smbsafeconf");
+	&General::system("/usr/local/bin/sambactrl", "smbsafeconf");
 }
 sub joindomain {
--- a/html/cgi-bin/services.cgi
+++ b/html/cgi-bin/services.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2005-2010  IPFire Team                                        #
+# Copyright (C) 2005-2021  IPFire Team                                        #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -141,7 +141,7 @@ END
 	my $paramstr=$ENV{QUERY_STRING};
 	my @param=split(/!/, $paramstr);
 	if ($param[1] ne ''){
-		system("/usr/local/bin/addonctrl @param[0] @param[1] > /dev/null 2>&1");
+		&General::system("/usr/local/bin/addonctrl", "$param[0]", "$param[1]");
 	}
 	print <<END
@@ -163,6 +163,8 @@ END
 	# Generate list of installed addon pak's
 	opendir (DIR, "/opt/pakfire/db/installed") || die "Cannot opendir /opt/pakfire/db/installed/: $!";
 	my @pak = sort readdir DIR;
 	closedir(DIR);
 	foreach (@pak){
 		chomp($_);
 		next unless (m/^meta-/);
@@ -187,6 +189,7 @@ END
 					print "<tr>";
 					$col="bgcolor='$color{'color20'}'";
 				}
 				print "<td align='left' $col width='31%'>$_</td> ";
 				my $status = isautorun($_,$col);
 				print "$status ";
@@ -217,27 +220,54 @@ END
 	&Header::closepage();
 }
-sub isautorun{
+sub isautorun (@) {
-	my $cmd = $_[0];
+	my ($cmd, $col) = @_;
-	my $col = $_[1];
+
 	# Init directory.
 	my $initdir = "/etc/rc.d/rc3.d/";
 	my $status = "<td align='center' $col></td>";
-	my $init = `find /etc/rc.d/rc3.d/S??${cmd} 2>/dev/null`;
+
-	chomp ($init);
+	# Check if autorun for the given cmd is enabled.
-	if ($init ne ''){
+	if ( &find_init("$cmd", "$initdir") ) {
 		# Adjust status.
 		$status = "<td align='center' $col><a href='services.cgi?$_!disable'><img alt='$Lang::tr{'deactivate'}' title='$Lang::tr{'deactivate'}' src='/images/on.gif' border='0' width='16' height='16' /></a></td>";
-	}
+	} else {
-	$init = `find /etc/rc.d/rc3.d/off/S??${cmd} 2>/dev/null`;
+		# Adjust status.
 	chomp ($init);
 	if ($init ne ''){
 		$status = "<td align='center' $col><a href='services.cgi?$_!enable'><img alt='$Lang::tr{'activate'}' title='$Lang::tr{'activate'}' src='/images/off.gif' border='0' width='16' height='16' /></a></td>";
 	}
 	# Return the status.
 	return $status;
 }
-sub isrunning{
+sub find_init (@) {
-	my $cmd = $_[0];
+	my ($cmd, $dir) = @_;
-	my $col = $_[1];
+
 	# Open given init directory.
 	opendir (INITDIR, "$dir") || die "Cannot opendir $dir: $!";
 	# Read-in init files from directory.
 	my @inits = readdir(INITDIR);
 	# Close directory handle.
 	closedir(INITDIR);
 	# Loop through the directory.
 	foreach my $init (@inits) {
 		# Check if the current processed file belongs to the given command.
 		if ($init =~ /S\d+\d+$cmd\z/) {
 			# Found, return "1" - True.
 			return "1";
 		}
        }
 	# Nothing found, return nothing.
 	return;
 }
 sub isrunning (@) {
 	my ($cmd, $col) = @_;
 	my $status = "<td align='center' bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td><td colspan='2' $col></td>";
 	my $pid = '';
 	my $testcmd = '';
@@ -288,16 +318,17 @@ sub isrunning{
 	return $status;
 }
-sub isrunningaddon{
+sub isrunningaddon (@) {
-	my $cmd = $_[0];
+	my ($cmd, $col) = @_;
-	my $col = $_[1];
+
 	my $status = "<td align='center' bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td><td colspan='2' $col></td>";
 	my $pid = '';
 	my $testcmd = '';
 	my $exename;
 	my @memory;
-	my $testcmd = `/usr/local/bin/addonctrl $_ status 2>/dev/null`;
+	my @testcmd = &General::system_output("/usr/local/bin/addonctrl", "$cmd", "status");
 	my $testcmd = @testcmd[0];
 	if ( $testcmd =~ /is\ running/ && $testcmd !~ /is\ not\ running/){
 		$status = "<td align='center' bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
--- a/html/cgi-bin/shutdown.cgi
+++ b/html/cgi-bin/shutdown.cgi
@@ -29,11 +29,11 @@ $cgiparams{'ACTION'} = '';
 if ($cgiparams{'ACTION'} eq $Lang::tr{'shutdown'}) {
 	$death = 1;
 	&General::log($Lang::tr{'shutting down ipfire'});
-	system '/usr/local/bin/ipfirereboot down';
+	&General::system('/usr/local/bin/ipfirereboot', 'down');
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reboot'}) {
 	$rebirth = 1;
 	&General::log($Lang::tr{'rebooting ipfire'});
-	system '/usr/local/bin/ipfirereboot boot';
+	&General::system('/usr/local/bin/ipfirereboot', 'boot');
 }
 if ($death == 0 && $rebirth == 0) {
--- a/html/cgi-bin/speed.cgi
+++ b/html/cgi-bin/speed.cgi
@@ -36,8 +36,8 @@ foreach $field (@fields) {
 	}
 }
-my $interface = `cat /var/ipfire/red/iface 2>/dev/null`;
+my $interface = &General::get_red_interface();
-my @data_now = `ip -s link show $interface 2>/dev/null`;
+my @data_now = &General::system_output("ip", "-s", "link", "show", "$interface");
 my $lastline;
 my $rxb_now = 0;
--- a/html/cgi-bin/time.cgi
+++ b/html/cgi-bin/time.cgi
@@ -20,6 +20,7 @@
 ###############################################################################
 use strict;
 use POSIX qw(strftime);
 # enable only the following on debugging purpose
 #use warnings;
@@ -125,8 +126,8 @@ ERROR:
 	if ($timesettings{'ENABLENTP'} eq 'on' && $timesettings{'VALID'} eq 'yes')
 	{
-		system ('/usr/bin/touch', "${General::swroot}/time/enable");
+		&General::system('/usr/bin/touch', "${General::swroot}/time/enable");
-		system ('/usr/local/bin/timectrl enable >/dev/null 2>&1');
+		&General::system('/usr/local/bin/timectrl', 'enable');
 		&General::log($Lang::tr{'ntp syncro enabled'});
 		unlink "/var/lock/time/counter";
 		if ($timesettings{'UPDATE_METHOD'} eq 'periodically')
@@ -138,7 +139,7 @@ ERROR:
 		}
 		if ($timesettings{'ENABLECLNTP'} eq 'on') # DPC added to 1.3.1
 		{
-			system ('/usr/bin/touch', "${General::swroot}/time/allowclients"); # DPC added to 1.3.1
+			&General::system('/usr/bin/touch', "${General::swroot}/time/allowclients"); # DPC added to 1.3.1
 			&General::log($Lang::tr{'ntpd restarted'}); # DPC added to 1.3.1
 		} else {
 			unlink "${General::swroot}/time/allowclients";
@@ -150,11 +151,11 @@ ERROR:
 		unlink "${General::swroot}/time/enable";
 		unlink "/var/lock/time/settimenow";
 		unlink "${General::swroot}/time/allowclients"; # DPC added to 1.3.1
-		system ('/usr/local/bin/timectrl disable >/dev/null 2>&1');
+		&General::system('/usr/local/bin/timectrl', 'disable');
 		&General::log($Lang::tr{'ntp syncro disabled'})
 	}
 	if (! $errormessage) {
-		system ('/usr/local/bin/timectrl restart >/dev/null 2>&1'); # DPC added to 1.3.1
+		&General::system('/usr/local/bin/timectrl', 'restart'); # DPC added to 1.3.1
 	}
 }
@@ -163,7 +164,7 @@ ERROR:
 $timesettings{'ACTION'} = &Header::cleanhtml ($timesettings{'ACTION'});
 if ($timesettings{'ACTION'} eq $Lang::tr{'set time now'} && $timesettings{'ENABLENTP'} eq 'on')
 {
-	system ('/usr/bin/touch', "/var/lock/time/settimenow");
+	&General::system('/usr/bin/touch', "/var/lock/time/settimenow");
 }
 &General::readhash("${General::swroot}/time/settings", \%timesettings);
@@ -180,11 +181,18 @@ if ($timesettings{'VALID'} eq '')
 }
 unless ($errormessage) {
-	$timesettings{'SETMONTH'} = `date +'%m %e %Y %H %M'|cut -c 1-2`;
+	# Get date and time.
-	$timesettings{'SETDAY'} = `date +'%m %e %Y %H %M'|cut -c 4-5`;
+	my $date = strftime("%m %e %Y %H %M", localtime);
-	$timesettings{'SETYEAR'} = `date +'%m %e %Y %H %M'|cut -c 7-10`;
+
-	$timesettings{'SETHOUR'} = `date +'%m %e %Y %H %M'|cut -c 12-13`;
+	# Split date string into single values.
-	$timesettings{'SETMINUTES'} = `date +'%m %e %Y %H %M'|cut -c 15-16`;
+	my ($month, $day, $year, $hour, $minute) = split(/ /, $date);
 	# Assign values to the hash.
 	$timesettings{'SETMONTH'} = $month;
 	$timesettings{'SETDAY'} = $day;
 	$timesettings{'SETYEAR'} = $year;
 	$timesettings{'SETHOUR'} = $hour;
 	$timesettings{'SETMINUTES'} = $minute;
 	$_=$timesettings{'SETDAY'};
 	$timesettings{'SETDAY'}=~ tr/ /0/;
 }
--- a/html/cgi-bin/tor.cgi
+++ b/html/cgi-bin/tor.cgi
@@ -873,9 +873,9 @@ sub BuildConfiguration() {
 	# Restart the service.
 	if (($settings{'TOR_ENABLED'} eq 'on') || ($settings{'TOR_RELAY_ENABLED'} eq 'on')) {
-		system("/usr/local/bin/torctrl restart &>/dev/null");
+		&General::system("/usr/local/bin/torctrl", "restart");
 	} else {
-		system("/usr/local/bin/torctrl stop &>/dev/null");
+		&General::system("/usr/local/bin/torctrl", "stop");
 	}
 	# Update pid and memory
 	daemonstats();
--- a/html/cgi-bin/traffic.cgi
+++ b/html/cgi-bin/traffic.cgi
@@ -87,17 +87,17 @@ sub display_vnstat
 		print"No data for $device !<br>";
 	} else {
 	    # Summary
-	    system("/usr/bin/vnstati -c 1 -s -i $device -o /srv/web/ipfire/html/graphs/vnstat-s-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-s", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-s-$device.png");
 	    # 5-minute graphs
-	    system("/usr/bin/vnstati -c 1 -5 -i $device -o /srv/web/ipfire/html/graphs/vnstat-5-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-5", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-5-$device.png");
 	    # Hour graph
-	    system("/usr/bin/vnstati -c 1 -h -i $device -o /srv/web/ipfire/html/graphs/vnstat-h-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-h", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-h-$device.png");
 	    # Day graph
-	    system("/usr/bin/vnstati -c 1 -d -i $device -o /srv/web/ipfire/html/graphs/vnstat-d-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-d", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-d-$device.png");
 	    # Month graph
-	    system("/usr/bin/vnstati -c 1 -m -i $device -o /srv/web/ipfire/html/graphs/vnstat-m-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-m", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-m-$device.png");
 	    # Top10 graph
-	    system("/usr/bin/vnstati -c 1 -t -i $device -o /srv/web/ipfire/html/graphs/vnstat-t-$device.png");
+	    &General::system("/usr/bin/vnstati", "-c", "1", "-t", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-t-$device.png");
 # Generate HTML-Table with the graphs
 print <<END
--- a/html/cgi-bin/updatexlrator.cgi
+++ b/html/cgi-bin/updatexlrator.cgi
@@ -192,33 +192,33 @@ if ($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr purge'})
 			if (($xlratorsettings{'REMOVE_NOSOURCE'} eq 'on') && ($status == $sfNoSource))
 			{
-				if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+				if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 			}
 			if (($xlratorsettings{'REMOVE_OUTDATED'} eq 'on') && ($status == $sfOutdated))
 			{
-				if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+				if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 			}
 			if ($xlratorsettings{'REMOVE_OBSOLETE'} eq 'on')
 			{
 				if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'week') && ($lastaccess < (time - 604800)))
 				{
-					if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+					if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 				}
 				if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'month1') && ($lastaccess < (time - 2505600)))
 				{
-					if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+					if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 				}
 				if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'month3') && ($lastaccess < (time - 7516800)))
 				{
-					if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+					if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 				}
 				if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'month6') && ($lastaccess < (time - 15033600)))
 				{
-					if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+					if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 				}
 				if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'year') && ($lastaccess < (time - 31536000)))
 				{
-					if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+					if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 				}
 			}
 		}
@@ -266,7 +266,7 @@ if ($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr save and restart'})
 	&savesettings;
-	system('/usr/local/bin/squidctrl restart >/dev/null 2>&1');
+	&General::system('/usr/local/bin/squidctrl', 'restart');
 }
 if ($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr remove file'})
@@ -278,7 +278,7 @@ if ($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr remove file'})
 	unless ($updatefile =~ /^download\//)
 	{
 		($vendorid,$uuid,$updatefile) = split('/',$updatefile);
-		if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+		if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
 	}
 }
@@ -295,16 +295,16 @@ if (($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr cancel download'}) || ($x
 			&General::readhash("$repository/download/$vendorid/$updatefile.info", \%dlinfo);
 			$id = &getPID("\\s${General::swroot}/updatexlrator/bin/download\\s.*\\s".quotemeta($dlinfo{'SRCURL'})."\\s\\d\\s\\d\$");
-			if ($id) { system("/bin/kill -9 $id"); }
+			if ($id) { &General::system("/bin/kill", "-9", "$id"); }
 			$id = &getPID("\\s/usr/bin/wget\\s.*\\s".quotemeta($dlinfo{'SRCURL'})."\$");
-			if ($id) { system("/bin/kill -9 $id"); }
+			if ($id) { &General::system("/bin/kill", "-9", "$id"); }
-			system("rm $repository/download/$vendorid/$updatefile.info");
+			&General::system("rm", "$repository/download/$vendorid/$updatefile.info");
 		}
 		if (-e "$repository/download/$vendorid/$updatefile")
 		{
-			system("rm $repository/download/$vendorid/$updatefile");
+			&General::system("rm", "$repository/download/$vendorid/$updatefile");
 		}
 	}
@@ -1478,15 +1478,15 @@ sub savesettings
 	if (($xlratorsettings{'ENABLE_AUTOCHECK'} eq 'on') && ($xlratorsettings{'AUTOCHECK_SCHEDULE'} eq 'daily'))
 	{
-		system('/usr/local/bin/updxlratorctrl cron daily >/dev/null 2>&1');
+		&General::system('/usr/local/bin/updxlratorctrl', 'cron', 'daily');
 	}
 	if (($xlratorsettings{'ENABLE_AUTOCHECK'} eq 'on') && ($xlratorsettings{'AUTOCHECK_SCHEDULE'} eq 'weekly'))
 	{
-		system('/usr/local/bin/updxlratorctrl cron weekly >/dev/null 2>&1');
+		&General::system('/usr/local/bin/updxlratorctrl', 'cron', 'weekly');
 	}
 	if (($xlratorsettings{'ENABLE_AUTOCHECK'} eq 'on') && ($xlratorsettings{'AUTOCHECK_SCHEDULE'} eq 'monthly'))
 	{
-		system('/usr/local/bin/updxlratorctrl cron monthly >/dev/null 2>&1');
+		&General::system('/usr/local/bin/updxlratorctrl', 'cron', 'monthly');
 	}
 	# don't save those variable to the settings file,
--- a/html/cgi-bin/urlfilter.cgi
+++ b/html/cgi-bin/urlfilter.cgi
@@ -95,9 +95,9 @@ my $ldesc='';
 my $gdesc='';
 if (! -d $dbdir) { mkdir("$dbdir"); }
-if (! -e $tcfile) { system("touch $tcfile"); }
+if (! -e $tcfile) { &General::system("touch", "$tcfile"); }
-if (! -e $uqfile) { system("touch $uqfile"); }
+if (! -e $uqfile) { &General::system("touch", "$uqfile"); }
-if (! -e $sourceurlfile) { system("touch $sourceurlfile"); }
+if (! -e $sourceurlfile) { &General::system("touch", "$sourceurlfile"); }
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
@@ -226,7 +226,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 		if (!(-d "${General::swroot}/urlfilter/update")) { mkdir("${General::swroot}/urlfilter/update"); }
-		my $exitcode = system("/bin/tar --no-same-owner -xzf ${General::swroot}/urlfilter/blacklists.tar.gz -C ${General::swroot}/urlfilter/update");
+		my $exitcode = &General::system("/bin/tar", "--no-same-owner", "-xzf", "${General::swroot}/urlfilter/blacklists.tar.gz", "-C", "${General::swroot}/urlfilter/update");
 		if ($exitcode > 0)
 		{
@@ -235,18 +235,19 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 			if (-d "${General::swroot}/urlfilter/update/BL")
 			{
-				system("mv ${General::swroot}/urlfilter/update/BL ${General::swroot}/urlfilter/update/blacklists");
+				&General::system("mv", "${General::swroot}/urlfilter/update/BL", "${General::swroot}/urlfilter/update/blacklists");
 			}
 			if (-d "${General::swroot}/urlfilter/update/category")
 			{
-				system("mv ${General::swroot}/urlfilter/update/category ${General::swroot}/urlfilter/update/blacklists");
+				&General::system("mv", "${General::swroot}/urlfilter/update/category", "${General::swroot}/urlfilter/update/blacklists");
 			}
 			if (!(-d "${General::swroot}/urlfilter/update/blacklists"))
 			{
 				$errormessage = $Lang::tr{'urlfilter invalid content'};
 			} else {
 				# XXX Uses globbing
 				system("cp -r ${General::swroot}/urlfilter/update/blacklists/* $dbdir");
 				&readblockcategories;
@@ -255,11 +256,11 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 				&writeconfigfile;
 				$updatemessage = $Lang::tr{'urlfilter upload success'};
-				system("${General::swroot}/urlfilter/bin/prebuild.pl &");
+				&General::system_background("${General::swroot}/urlfilter/bin/prebuild.pl");
-				system("logger -t installpackage[urlfilter] \"URL filter blacklist - Blacklist update from local source completed\"");
+				&General::system("logger", "-t", "installpackage[urlfilter]", "URL filter blacklist - Blacklist update from local source completed");
 			}
 		}
-		if (-d "${General::swroot}/urlfilter/update") { system("rm -rf ${General::swroot}/urlfilter/update"); }
+		if (-d "${General::swroot}/urlfilter/update") { &General::system("rm", "-rf", "${General::swroot}/urlfilter/update"); }
 		if (-e "${General::swroot}/urlfilter/blacklists.tar.gz") { unlink("${General::swroot}/urlfilter/blacklists.tar.gz"); }
 		if ($errormessage) { goto ERROR; }
 	}
@@ -267,7 +268,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 	if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter backup'})
 	{
 		$blistbackup = ($filtersettings{'ENABLE_FULLBACKUP'} eq 'on') ? "blacklists" : "blacklists/custom";
-		if (system("/bin/tar -C ${General::swroot}/urlfilter -czf ${General::swroot}/urlfilter/backup.tar.gz settings timeconst userquota autoupdate $blistbackup"))
+		if (&General::system("/bin/tar", "-C", "${General::swroot}/urlfilter", "-czf", "${General::swroot}/urlfilter/backup.tar.gz", "settings", "timeconst", "userquota", "autoupdate", "$blistbackup"))
 		{
 			$errormessage = $Lang::tr{'urlfilter backup error'};
 			goto ERROR;
@@ -306,7 +307,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 			$errormessage = $!;
 		}
-		my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf ${General::swroot}/urlfilter/backup.tar.gz -C ${General::swroot}/urlfilter/restore");
+		my $exitcode = &General::system("/bin/tar", "--no-same-owner", "--preserve-permissions", "-xzf", "${General::swroot}/urlfilter/backup.tar.gz", "-C", "${General::swroot}/urlfilter/restore");
 		if ($exitcode > 0)
 		{
 			$errormessage = $Lang::tr{'urlfilter tar error'};
@@ -315,6 +316,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 			{
 				$errormessage = $Lang::tr{'urlfilter invalid restore file'};
 			} else {
 				# XXX uses globbing
 				system("cp -rp ${General::swroot}/urlfilter/restore/* ${General::swroot}/urlfilter/");
 				&readblockcategories;
 				&readcustomlists;
@@ -325,7 +327,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
 		}
 		if (-e "${General::swroot}/urlfilter/backup.tar.gz") { unlink("${General::swroot}/urlfilter/backup.tar.gz"); }
-		if (-d "${General::swroot}/urlfilter/restore") { system("rm -rf ${General::swroot}/urlfilter/restore"); }
+		if (-d "${General::swroot}/urlfilter/restore") { &General::system("rm", "-rf", "${General::swroot}/urlfilter/restore"); }
 		if ($errormessage) { goto ERROR; }
 	}
@@ -351,7 +353,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) ||
              	$filtersettings{'VALID'} = 'yes';
 		&savesettings;
-		system('/usr/local/bin/squidctrl restart >/dev/null 2>&1');
+		&General::system('/usr/local/bin/squidctrl', 'restart');
 	}
 }
@@ -485,7 +487,7 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang
 		$errormessage = $Lang::tr{'urlfilter web proxy service required'};
 	}
-	if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
+	if (!$errormessage) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
 	$tcsettings{'TCMODE'}='on';
 }
@@ -688,7 +690,7 @@ if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{
 		$errormessage = $Lang::tr{'urlfilter web proxy service required'};
 	}
-	if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
+	if (!$errormessage) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
 	$uqsettings{'UQMODE'}='on';
 }
@@ -772,7 +774,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter import blacklist'}) && ($bese
 			$errormessage = $!;
 		} else {
-			my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf $editdir/blacklist.tar.gz -C $editdir");
+			my $exitcode = &General::system("/bin/tar", "--no-same-owner", "--preserve-permissions", "-xzf", "$editdir/blacklist.tar.gz", "-C", "$editdir");
 			if ($exitcode > 0)
 			{
 				$errormessage = $Lang::tr{'urlfilter tar error'};
@@ -819,7 +821,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter import blacklist'}) && ($bese
 				}
 			}
-		if (-d $editdir) { system("rm -rf $editdir"); }
+		if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
 		}
 	}
@@ -853,7 +855,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter export blacklist'}) && ($bese
 		print FILE "$besettings{'BE_EXPRESSIONS'}\n";
 		close FILE;
-		if (system("/bin/tar -C $editdir -czf $editdir/$besettings{'BE_NAME'}.tar.gz blacklists"))
+		if (&General::system("/bin/tar", "-C", "$editdir", "-czf", "$editdir/$besettings{'BE_NAME'}.tar.gz", "blacklists"))
 		{
 			$errormessage = $Lang::tr{'urlfilter export error'};
 		}
@@ -869,7 +871,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter export blacklist'}) && ($bese
 			while (<FILE>) { print; }
 			close (FILE);
-			if (-d $editdir) { system("rm -rf $editdir"); }
+			if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
 			exit;
 		}
 	} else {
@@ -933,8 +935,10 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
 		print FILE "}\n";
 		close FILE;
 		# XXX uses globbing
 		system("rm -f $dbdir/$besettings{'BE_NAME'}/*.db");
-		system("/usr/bin/squidGuard -c $editdir/install.conf -C all");
+		&General::system("/usr/bin/squidGuard", "-c", "$editdir/install.conf", "-C", "all");
 		# XXX uses globbing
 		system("chmod a+w $dbdir/$besettings{'BE_NAME'}/*.db");
 		&readblockcategories;
@@ -942,9 +946,9 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
 		&writeconfigfile;
-		system('/usr/local/bin/squidctrl restart >/dev/null 2>&1') unless ($besettings{'NORESTART'} eq 'on');
+		&General::system('/usr/local/bin/squidctrl', 'restart') unless ($besettings{'NORESTART'} eq 'on');
-		if (-d $editdir) { system("rm -rf $editdir"); }
+		if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
 	} else {
 		$errormessage = $Lang::tr{'urlfilter category data error'};
 	}
@@ -966,17 +970,17 @@ if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter save schedule'})
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'daily'))
 		{
-			system('/usr/local/bin/urlfilterctrl cron daily >/dev/null 2>&1');
+			&General::system('/usr/local/bin/urlfilterctrl', 'cron', 'daily');
 		}
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'weekly'))
 		{
-			system('/usr/local/bin/urlfilterctrl cron weekly >/dev/null 2>&1');
+			&General::system('/usr/local/bin/urlfilterctrl', 'cron', 'weekly');
 		}
 		if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'monthly'))
 		{
-			system('/usr/local/bin/urlfilterctrl cron monthly >/dev/null 2>&1');
+			&General::system('/usr/local/bin/urlfilterctrl', 'cron', 'monthly');
 		}
 	}
 }
@@ -989,10 +993,10 @@ if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter update now'})
 		{
 			$errormessage = $Lang::tr{'urlfilter custom url required'};
 		} else {
-			system("${General::swroot}/urlfilter/bin/autoupdate.pl $filtersettings{'CUSTOM_UPDATE_URL'} &");
+			&General::system_background("${General::swroot}/urlfilter/bin/autoupdate.pl", "$filtersettings{'CUSTOM_UPDATE_URL'}");
 		}
 	} else {
-		system("${General::swroot}/urlfilter/bin/autoupdate.pl $filtersettings{'UPDATE_SOURCE'} &");
+		&General::system_background("${General::swroot}/urlfilter/bin/autoupdate.pl", "$filtersettings{'UPDATE_SOURCE'}");
 	}
 }
@@ -2533,11 +2537,11 @@ sub savesettings
 	delete $filtersettings{'BACKGROUND'};
 	delete $filtersettings{'UPDATEFILE'};
-	system("chown -R nobody.nobody $dbdir");
+	&General::system("chown", "-R", "nobody.nobody", "$dbdir");
-	system('/usr/bin/squidGuard -C custom/allowed/domains >/dev/null 2>&1');
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/allowed/domains');
-	system('/usr/bin/squidGuard -C custom/allowed/urls >/dev/null 2>&1');
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/allowed/urls');
-	system('/usr/bin/squidGuard -C custom/blocked/domains >/dev/null 2>&1');
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/blocked/domains');
-	system('/usr/bin/squidGuard -C custom/blocked/urls >/dev/null 2>&1 ');
+	&General::system('/usr/bin/squidGuard', '-C', 'custom/blocked/urls');
 	&setpermissions ($dbdir);
 	&General::writehash("${General::swroot}/urlfilter/settings", \%filtersettings);
@@ -2694,12 +2698,13 @@ sub setpermissions
 	foreach $category (<$bldir/*>)
 	{
        	 if (-d $category){
-			system("chmod 755 $category &> /dev/null");
+			&General::system("chmod", "755", "$category");
 			foreach $blacklist (<$category/*>)
 			{
-         			if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); }
+         			if (-f $blacklist) { &General::system("chmod", "644", "$blacklist"); }
-         			if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); }
+         			if (-d $blacklist) { &General::system("chmod", "755", "$blacklist"); }
 			}
 			# XXX uses globbing
        	 	system("chmod 666 $category/*.db &> /dev/null");
 			&setpermissions ($category);
 		}
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -208,10 +208,12 @@ sub newcleanssldatabase {
 		close FILE;
 	}
 	if (! -s ">${General::swroot}/certs/index.txt") {
-		system ("touch ${General::swroot}/certs/index.txt");
+		open(FILE, ">${General::swroot}/certs/index.txt");
 		close(FILE);
 	}
 	if (! -s ">${General::swroot}/certs/index.txt.attr") {
-		system ("touch ${General::swroot}/certs/index.txt.attr");
+		open(FILE, ">${General::swroot}/certs/index.txt.attr");
 		close(FILE);
 	}
 	unlink ("${General::swroot}/certs/index.txt.old");
 	unlink ("${General::swroot}/certs/index.txt.attr.old");
@@ -224,9 +226,13 @@ sub newcleanssldatabase {
 ###
 sub callssl ($) {
 	my $opt = shift;
-	my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr
+
 	# Split the given argument string into single pieces and assign them to an array.
 	my @opts = split(/ /, $opt);
 	my @retssl = &General::system_output("/usr/bin/openssl", @opts); #redirect stderr
 	my $ret = '';
-	foreach my $line (split (/\n/, $retssl)) {
+	foreach my $line (split (/\n/, @retssl)) {
 		&General::log("ipsec", "$line") if (0); # 1 for verbose logging
 		$ret .= '<br>'.$line if ( $line =~ /error|unknown/ );
 	}
@@ -240,13 +246,21 @@ sub callssl ($) {
 ###
 sub getCNfromcert ($) {
 	#&General::log("ipsec", "Extracting name from $_[0]...");
-	my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+	my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
-	$temp =~ /Subject:.*CN = (.*)[\n]/;
+	my $temp;
-	$temp = $1;
+
-	$temp =~ s+/Email+, E+;
+	foreach my $line (@temp) {
-	$temp =~ s/ ST = / S = /;
+		if ($line =~ /Subject:.*CN = (.*)[\n]/) {
-	$temp =~ s/,//g;
+			$temp = $1;
-	$temp =~ s/\'//g;
+			$temp =~ s+/Email+, E+;
 			$temp =~ s/ ST = / S = /;
 			$temp =~ s/,//g;
 			$temp =~ s/\'//g;
 			last;
 		}
 	}
 	return $temp;
 }
 ###
@@ -254,11 +268,19 @@ sub getCNfromcert ($) {
 ###
 sub getsubjectfromcert ($) {
 	#&General::log("ipsec", "Extracting subject from $_[0]...");
-	my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+	my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
-	$temp =~ /Subject: (.*)[\n]/;
+	my $temp;
-	$temp = $1;
+
-	$temp =~ s+/Email+, E+;
+	foreach my $line (@temp) {
-	$temp =~ s/ ST = / S = /;
+		if($line =~ /Subject: (.*)[\n]/) {
 			$temp = $1;
 			$temp =~ s+/Email+, E+;
 			$temp =~ s/ ST = / S = /;
 			last;
 		}
 	}
 	return $temp;
 }
 ###
@@ -568,9 +590,9 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	&General::writehash("${General::swroot}/vpn/settings", \%vpnsettings);
 	&writeipsecfiles();
 	if (&vpnenabled) {
-		system('/usr/local/bin/ipsecctrl', 'S');
+		&General::system('/usr/local/bin/ipsecctrl', 'S');
 	} else {
-		system('/usr/local/bin/ipsecctrl', 'D');
+		&General::system('/usr/local/bin/ipsecctrl', 'D');
 	}
 	sleep $sleepDelay;
 	SAVE_ERROR:
@@ -595,7 +617,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	}
 	&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 	&writeipsecfiles();
-	system('/usr/local/bin/ipsecctrl', 'R');
+	&General::system('/usr/local/bin/ipsecctrl', 'R');
 	sleep $sleepDelay;
 ###
@@ -667,8 +689,8 @@ END
 		$errormessage = $!;
 		goto UPLOADCA_ERROR;
 	}
-	my $temp = `/usr/bin/openssl x509 -text -in $filename`;
+	my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
-	if ($temp !~ /CA:TRUE/i) {
+	if (! grep(/CA:TRUE/, @temp)) {
 		$errormessage = $Lang::tr{'not a valid ca certificate'};
 		unlink ($filename);
 		goto UPLOADCA_ERROR;
@@ -686,7 +708,7 @@ END
 	$cahash{$key}[1] = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem"));
 	&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
-	system('/usr/local/bin/ipsecctrl', 'R');
+	&General::system('/usr/local/bin/ipsecctrl', 'R');
 	sleep $sleepDelay;
 	UPLOADCA_ERROR:
@@ -702,9 +724,9 @@ END
 		&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 		&Header::openbigbox('100%', 'left', '', '');
 		&Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:");
-		my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
+		my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
-		$output = &Header::cleanhtml($output,"y");
+		@output = &Header::cleanhtml(@output,"y");
-		print "<pre>$output</pre>\n";
+		print "<pre>@output</pre>\n";
 		&Header::closebox();
 		print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 		&Header::closebigbox();
@@ -724,7 +746,9 @@ END
 		print "Content-Type: application/force-download\n";
 		print "Content-Type: application/octet-stream\r\n";
 		print "Content-Disposition: attachment; filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
-		print `/usr/bin/openssl x509 -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
+
 		my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
 		print "@cert";
 		exit(0);
 	} else {
 		$errormessage = $Lang::tr{'invalid key'};
@@ -739,21 +763,21 @@ END
 	if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
 		foreach my $key (keys %confighash) {
-			my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`;
+			my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/certs/$confighash{$key}[1]cert.pem");
-			if ($test =~ /: OK/) {
+			if (grep(/: OK/, @test)) {
 				# Delete connection
 				unlink ("${General::swroot}/certs/$confighash{$key}[1]cert.pem");
 				unlink ("${General::swroot}/certs/$confighash{$key}[1].p12");
 				delete $confighash{$key};
 				&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 				&writeipsecfiles();
-				system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
+				&General::system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
 			}
 		}
 		unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
 		delete $cahash{$cgiparams{'KEY'}};
 		&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
-		system('/usr/local/bin/ipsecctrl', 'R');
+		&General::system('/usr/local/bin/ipsecctrl', 'R');
 		sleep $sleepDelay;
 	} else {
 		$errormessage = $Lang::tr{'invalid key'};
@@ -768,8 +792,8 @@ END
 	my $assignedcerts = 0;
 	if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
 		foreach my $key (keys %confighash) {
-			my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`;
+			my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/certs/$confighash{$key}[1]cert.pem");
-			if ($test =~ /: OK/) {
+			if (grep(/: OK/, @test)) {
 				$assignedcerts++;
 			}
 		}
@@ -805,7 +829,7 @@ END
 			unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
 			delete $cahash{$cgiparams{'KEY'}};
 			&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
-			system('/usr/local/bin/ipsecctrl', 'R');
+			&General::system('/usr/local/bin/ipsecctrl', 'R');
 			sleep $sleepDelay;
 		}
 	} else {
@@ -817,19 +841,19 @@ END
 ###
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
 	$cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
-	my $output;
+	my @output;
 	&Header::showhttpheaders();
 	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', '');
 	if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
 		&Header::openbox('100%', 'left', "$Lang::tr{'root certificate'}:");
-		$output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/cacert.pem`;
+		@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/cacert.pem");
 	} else {
 		&Header::openbox('100%', 'left', "$Lang::tr{'host certificate'}:");
-		$output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/hostcert.pem`;
+		@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/hostcert.pem");
 	}
-	$output = &Header::cleanhtml($output,"y");
+	@output = &Header::cleanhtml(@output,"y");
-	print "<pre>$output</pre>\n";
+	print "<pre>@output</pre>\n";
 	&Header::closebox();
 	print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 	&Header::closebigbox();
@@ -843,7 +867,9 @@ END
 	if ( -f "${General::swroot}/ca/cacert.pem" ) {
 		print "Content-Type: application/force-download\n";
 		print "Content-Disposition: attachment; filename=cacert.pem\r\n\r\n";
-		print `/usr/bin/openssl x509 -in ${General::swroot}/ca/cacert.pem`;
+
 		my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ca/cacert.pem");
 		print "@cert";
 		exit(0);
 	}
 ###
@@ -853,7 +879,9 @@ END
 	if ( -f "${General::swroot}/certs/hostcert.pem" ) {
 		print "Content-Type: application/force-download\n";
 		print "Content-Disposition: attachment; filename=hostcert.pem\r\n\r\n";
-		print `/usr/bin/openssl x509 -in ${General::swroot}/certs/hostcert.pem`;
+
 		my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/certs/hostcert.pem");
 		print "@cert";
 		exit(0);
 	}
 ###
@@ -1216,7 +1244,7 @@ END
 	ROOTCERT_SUCCESS:
 	if (&vpnenabled) {
-		system('/usr/local/bin/ipsecctrl', 'S');
+		&General::system('/usr/local/bin/ipsecctrl', 'S');
 		sleep $sleepDelay;
 	}
 	ROOTCERT_SKIP:
@@ -1228,7 +1256,12 @@ END
 	print "Content-Type: application/force-download\n";
 	print "Content-Disposition: attachment; filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
 	print "Content-Type: application/octet-stream\r\n\r\n";
-	print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
+
 	open(FILE, "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
 	my @p12 = <FILE>;
 	close(FILE);
 	print "@file";
 	exit (0);
 # Export Apple profile to browser
@@ -1507,9 +1540,9 @@ END
 		&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 		&Header::openbigbox('100%', 'left', '', '');
 		&Header::openbox('100%', 'left', "$Lang::tr{'cert'}:");
-		my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
+		my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-		$output = &Header::cleanhtml($output,"y");
+		@output = &Header::cleanhtml(@output,"y");
-		print "<pre>$output</pre>\n";
+		print "<pre>@output</pre>\n";
 		&Header::closebox();
 		print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 		&Header::closebigbox();
@@ -1526,7 +1559,12 @@ END
 	if ( -f "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
 		print "Content-Type: application/force-download\n";
 		print "Content-Disposition: attachment; filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\n\n";
-		print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
+
 		open(FILE, "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
 		my @pem = <FILE>;
 		close(FILE);
 		print "@pem";
 		exit (0);
 	}
@@ -1543,12 +1581,12 @@ END
 			$confighash{$cgiparams{'KEY'}}[0] = 'on';
 			&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 			&writeipsecfiles();
-			system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
+			&General::system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
 		} else {
 			$confighash{$cgiparams{'KEY'}}[0] = 'off';
 			&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 			&writeipsecfiles();
-			system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
+			&General::system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
 		}
 		sleep $sleepDelay;
 	} else {
@@ -1564,7 +1602,7 @@ END
 	if ($confighash{$cgiparams{'KEY'}}) {
 		if (&vpnenabled) {
-			system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
+			&General::system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
 			sleep $sleepDelay;
 		}
 	} else {
@@ -1584,7 +1622,7 @@ END
 		delete $confighash{$cgiparams{'KEY'}};
 		&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 		&writeipsecfiles();
-		system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
+		&General::system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
 	} else {
 		$errormessage = $Lang::tr{'invalid key'};
 	}
@@ -1952,8 +1990,8 @@ END
 				unshift (@names,$cahash{$x}[0]);
 			}
 			if ($casubject) { # a new one!
-				my $temp = `/usr/bin/openssl x509 -text -in /tmp/newcacert`;
+				my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "/tmp/newcacert");
-				if ($temp !~ /CA:TRUE/i) {
+				if (! grep(/CA:TRUE/, @temp)) {
 					$errormessage = $Lang::tr{'not a valid ca certificate'};
 				} else {
 					#compute a name for it
@@ -1968,7 +2006,7 @@ END
 						$cahash{$key}[0] = $cgiparams{'CA_NAME'};
 						$cahash{$key}[1] = $casubject;
 						&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
-						system('/usr/local/bin/ipsecctrl', 'R');
+						&General::system('/usr/local/bin/ipsecctrl', 'R');
 					}
 				}
 			}
@@ -2008,12 +2046,12 @@ END
 		# Verify the certificate has a valid CA and move it
 		&General::log("ipsec", "Validating imported cert against our known CA...");
 		my $validca = 1; #assume ok
-		my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/cacert.pem $filename`;
+		my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/cacert.pem", "$filename");
-		if ($test !~ /: OK/) {
+		if (! grep(/: OK/, @test)) {
 			my $validca = 0;
 			foreach my $key (keys %cahash) {
-				$test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$key}[0]cert.pem $filename`;
+				@test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/$cahash{$key}[0]cert.pem", "$filename");
-				if ($test =~ /: OK/) {
+				if (grep(/: OK/, @test)) {
 					$validca = 1;
 					last;
 				}
@@ -2276,7 +2314,7 @@ END
 	&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 	&writeipsecfiles();
 	if (&vpnenabled) {
-		system('/usr/local/bin/ipsecctrl', 'S', $key);
+		&General::system('/usr/local/bin/ipsecctrl', 'S', $key);
 		sleep $sleepDelay;
 	}
 	if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
@@ -2822,7 +2860,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 		&writeipsecfiles();
 		if (&vpnenabled) {
-			system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
+			&General::system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
 			sleep $sleepDelay;
 		}
 		goto ADVANCED_END;
@@ -3271,7 +3309,7 @@ EOF
 	&General::readhasharray("${General::swroot}/vpn/config", \%confighash);
 	$cgiparams{'CA_NAME'} = '';
-	my @status = `/usr/local/bin/ipsecctrl I 2>/dev/null`;
+	my @status = &General::system_output("/usr/local/bin/ipsecctrl", "I");
 	$checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : '';
--- a/html/cgi-bin/wakeonlan.cgi
+++ b/html/cgi-bin/wakeonlan.cgi
@@ -171,7 +171,7 @@ if ( $cgiparams{'ACTION'} eq 'wakeup' )
  undef %cgiparams;
-  system("/usr/sbin/etherwake -i $iface $mac");
+  &General::system("/usr/sbin/etherwake", "-i", "$iface", "$mac");
  # make a box with info, 'refresh' to normal screen after 5 seconds
  if ( $refresh eq 'yes' )
--- a/html/cgi-bin/webaccess.cgi
+++ b/html/cgi-bin/webaccess.cgi
@@ -86,7 +86,7 @@ if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor))
 		((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))
 	{
 		&write_acl;
-		system("/usr/local/bin/squidctrl restart >/dev/null 2>&1");
+		&General::system("/usr/local/bin/squidctrl", "restart");
 	}
 }
--- a/html/cgi-bin/wireless.cgi
+++ b/html/cgi-bin/wireless.cgi
@@ -133,7 +133,7 @@ ADDERROR:
 		close(FILE);
 		undef %cgiparams;
 		&General::log($Lang::tr{'wireless config added'});
-		system('/usr/local/bin/wirelessctrl');
+		&General::system('/usr/local/bin/wirelessctrl');
 	}
 ADDEXIT:
 }
@@ -157,7 +157,7 @@ if ($cgiparams{'ACTION'} eq 'edit')
 		}
 	}
 	&General::log($Lang::tr{'wireless config changed'});
-	system('/usr/local/bin/wirelessctrl');
+	&General::system('/usr/local/bin/wirelessctrl');
 }
 if ($cgiparams{'ACTION'} eq 'remove' || $cgiparams{'ACTION'} eq 'toggle')
@@ -178,7 +178,7 @@ if ($cgiparams{'ACTION'} eq 'remove' || $cgiparams{'ACTION'} eq 'toggle')
 	}
 	close(FILE);
 	&General::log($Lang::tr{'wireless config changed'});
-	system('/usr/local/bin/wirelessctrl');
+	&General::system('/usr/local/bin/wirelessctrl');
 }
@@ -277,7 +277,7 @@ my @curhosts = <HOSTFILE>;
 close (HOSTFILE);
 my $connstate = &Header::connectionstatus();
-my @arp = `/sbin/arp -n`;
+my @arp = &General::system_output("/sbin/arp", "-n");
 shift @arp;
 foreach my $line (@current)
--- a/html/cgi-bin/wirelessclient.cgi
+++ b/html/cgi-bin/wirelessclient.cgi
@@ -796,7 +796,7 @@ END
 }
 sub BuildConfiguration() {
-	system("/usr/local/bin/wirelessclient restart");
+	&General::system("/usr/local/bin/wirelessclient", "restart");
 }
 sub NextID() {
--- a/html/cgi-bin/wlanap.cgi
+++ b/html/cgi-bin/wlanap.cgi
@@ -148,16 +148,16 @@ if ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'save'}" ){
 		&General::writehash("/var/ipfire/wlanap/settings", \%wlanapsettings);
 		&WriteConfig_hostapd();
-		system("/usr/local/bin/wlanapctrl restart >/dev/null 2>&1");
+		&General::system("/usr/local/bin/wlanapctrl", "restart");
 		pid();
 	}
 }elsif ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'wlanap interface'}" ){
 	&General::writehash("/var/ipfire/wlanap/settings", \%wlanapsettings);
 }elsif ( ($wlanapsettings{'ACTION'} eq "$Lang::tr{'start'}") && ($memory == 0) ){
-	system("/usr/local/bin/wlanapctrl start >/dev/null 2>&1");
+	&General::system("/usr/local/bin/wlanapctrl", "start");
 	pid();
 }elsif ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'stop'}" ){
-	system("/usr/local/bin/wlanapctrl stop >/dev/null 2>&1");
+	&General::system("/usr/local/bin/wlanapctrl", "stop");
 	$memory=0;
 }