pfSense » pfSense Packages

diff --git a/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php b/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php

index 592270b81fdee5cd74cf37d858db20e40c50d926..ebb66f0b075a6875c42bf89ee9fb63bb8926c838 100644

--- a/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php

+++ b/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php

@@ -24,7 +24,6 @@

 require_once("config.inc");

 require_once("globals.inc");

 error_reporting(0);

-global $config, $g;

 // stdin loop

 if (!defined(STDIN)) {

 	define("STDIN", fopen("php://stdin", "r"));

@@ -36,20 +35,18 @@ while (!feof(STDIN)) {

 	$check_ip = preg_replace('/[^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}]/', '', fgets(STDIN));

 	$status = '';

-	if (is_array($config['captiveportal'])) {

-		foreach ($config['captiveportal'] as $cpzone => $cp) {

-			if (isset($cp['enable'])) {

-				$db = "{$g['vardb_path']}/captiveportal{$cpzone}.db";

-				$status = squid_check_ip($db, $check_ip);

-				if ($status) {

-					break;

-				} elseif (is_array($cp['allowedip'])) {

-					foreach ($cp['allowedip'] as $ipent) {

-						if (ip_in_subnet($check_ip, "{$ipent['ip']}/{$ipent['sn']}") &&

-						    (($ipent['dir'] == 'from') || ($ipent['dir'] == 'both'))) {

-							$status = $check_ip;

-							break 2;

-						}

+	foreach (config_get_path('captiveportal', []) as $cpzone => $cp) {

+		if (isset($cp['enable'])) {

+			$db = g_get('vardb_path') . "/captiveportal{$cpzone}.db";

+			$status = squid_check_ip($db, $check_ip);

+			if ($status) {

+				break;

+			} elseif (is_array($cp['allowedip'])) {

+				foreach ($cp['allowedip'] as $ipent) {

+					if (ip_in_subnet($check_ip, "{$ipent['ip']}/{$ipent['sn']}") &&

+						(($ipent['dir'] == 'from') || ($ipent['dir'] == 'both'))) {

+						$status = $check_ip;

+						break 2;

 					}

 				}

 			}

			 diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc

index 6122e22caa1b7934720ee1f3b9c267e99d6a528b..48f66a5fc9f520c5748c2b3c1dd67f9aaa903756 100644

--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc

+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc

@@ -1192,7 +1192,7 @@ function squid_validate_auth($post, &$input_errors) {

 /* Proxy Server: General Settings configuration handler */

 function squid_resync_general() {

-	global $g, $valid_acls;

+	global $valid_acls;

 	if (is_array(config_get_path('installedpackages/squid'))) {

 		$settings = config_get_path('installedpackages/squid/config/0');

@@ -1402,7 +1402,7 @@ function squid_resync_general() {

 	}

 	$icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0);

 	$dns_v4_first = ($settings['dns_v4_first'] == "on" ? "on" : "off");

-	$piddir = "{$g['varrun_path']}/squid";

+	$piddir = g_get('varrun_path') . '/squid';

 	$pidfile = "{$piddir}/squid.pid";

 	if (!is_dir($piddir)) {

 		safe_mkdir($piddir, 0755);

@@ -2522,8 +2522,6 @@ if (!function_exists('pf_version')) {

 /* Perform the actual XMLRPC sync */

 function squid_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) {

-	global $g;

-

 	if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {

 		log_error("[squid] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");

 		return;

@@ -2584,7 +2582,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $passwor

 		$msg = new XML_RPC_Message($method, $params);

 		$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);

 		$cli->setCredentials($username, $password);

-		if ($g['debug']) {

+		if (g_get('debug')) {

 			$cli->setDebug(1);

 		}

 		/* Send our XMLRPC message and timeout after defined sync timeout value*/

		 diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc

index d749049ef683c10eddda3f8e72d76c59f5d16b63..6033030932903c04afe1ea1aa843004b88ad73b9 100644

--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc

+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc

@@ -28,13 +28,13 @@ require_once('util.inc');

 /* This file is currently only being included in squid.inc and not used separately */

 // require_once('squid.inc');

-global $clamav_uid, $clamav_gid, $config;

+global $clamav_uid, $clamav_gid;

 $clamav_uid = "clamav";

 $clamav_gid = "clamav";

 /* If /var is in RAM, the AV database will not be persistent there and space is

 	limited, so relocate it. */

-if (isset($config['system']['use_mfs_tmpvar'])) {

+if (config_path_enabled('system', 'use_mfs_tmpvar')) {

 	define('CLAMAV_DBDIR', '/usr/local/share/clamav-db/');

 } else {

 	define('CLAMAV_DBDIR', '/var/db/clamav/');

@@ -62,19 +62,13 @@ function squid_check_antivirus_dirs() {

 /* Antivirus definitions updates via cron */

 function squid_install_freshclam_cron($should_install) {

-	global $config;

-

 	if (platform_booting()) {

 		return;

 	}

 	$freshclam_cmd = (SQUID_BASE . "/bin/freshclam --config-file=" . SQUID_BASE . "/etc/freshclam.conf");

 	if (($should_install) && (squid_enabled())) {

-		if (is_array($config['installedpackages']['squidantivirus'])) {

-			$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];

-		} else {

-			$antivirus_config = array();

-		}

+		$antivirus_config = config_get_path('installedpackages/squidantivirus/config/0', []);

 		if ($antivirus_config['clamav_update'] != "") {

 			log_error("[squid] Adding freshclam cronjob.");

 			// Randomize minutes to mitigate mirrors overload issues

@@ -134,17 +128,13 @@ function squid_antivirus_install_command() {

 /* Run on Squid package uninstall */

 function squid_antivirus_deinstall_command() {

-	global $config, $keep;

+	global $keep;

 	/* Stop all running services, remove rc scripts and cronjobs */

 	squid_stop_antivirus();

 	mwexec("/bin/ps awux | /usr/bin/grep '[f]reshclam' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill");

 	/* clean up created directories if 'Keep Settings/Data' is disabled */

-	if (is_array($config['installedpackages']['squid'])) {

-		$squidsettings = $config['installedpackages']['squid']['config'][0];

-	} else {

-		$squidsettings = array();

-	}

+	$squidsettings = config_get_path('installedpackages/squid/config/0', []);

 	$keep = ($squidsettings['keep_squid_data'] ? true : false);

 	if (!$keep) {

@@ -159,14 +149,11 @@ function squid_antivirus_deinstall_command() {

 /* Migrate configuration from old Squid package versions */

 function squid_antivirus_upgrade_config() {

-	global $config;

 	/* unset broken antivirus settings */

-	if (is_array($config['installedpackages']['squidantivirus'])) {

-		unset($config['installedpackages']['squidantivirus']['config'][0]['squidclamav']);

-		unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']);

-		unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']);

-		unset($config['installedpackages']['squidantivirus']['config'][0]['freshclam_conf']);

-	}

+	config_del_path('installedpackages/squidantivirus/config/0/squidclamav');

+	config_del_path('installedpackages/squidantivirus/config/0/icap_conf');

+	config_del_path('installedpackages/squidantivirus/config/0/icap_magic');

+	config_del_path('installedpackages/squidantivirus/config/0/freshclam_conf');

 }

 /*

@@ -192,19 +179,15 @@ function squid_antivirus_upgrade_config() {

 /* Proxy Server: Antivirus configuration handler */

 function squid_resync_antivirus() {

-	global $config, $antivirus_config;

+	global $antivirus_config;

+	$conf_path = 'installedpackages/squidantivirus/config/0';

 	$interserver_dbs = array('interserver256.hdb', 'interservertopline.db', 'shell.ldb', 'whitelist.fp');

 	$securiteinfo_dbs = array('securiteinfo.hdb', 'securiteinfo.ign2', 'javascript.ndb', 'spam_marketing.ndb',

 		'securiteinfohtml.hdb', 'securiteinfoascii.hdb', 'securiteinfoandroid.hdb', 'securiteinfoold.hdb',

 		'securiteinfopdf.hdb');

 	$securiteinfo_prem_dbs = array('securiteinfo.mdb', 'securiteinfo0hour.hdb');

-

-	if (is_array($config['installedpackages']['squidantivirus'])) {

-		$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];

-	} else {

-		$antivirus_config = array();

-	}

+	$antivirus_config = config_get_path($conf_path, []);

 	// squid.conf antivirus integration

 	if (squid_enabled() && ($antivirus_config['enable'] == "on")) {

@@ -258,7 +241,7 @@ EOF;

 				}

 			}

 			// Create configuration files

-			squid_antivirus_put_raw_config($config['installedpackages']['squidantivirus']['config'][0]);

+			squid_antivirus_put_raw_config(config_get_path($conf_path));

 		} else {

 			// unset raw configuration options

 			squid_antivirus_toggle_raw_config(false);

@@ -564,12 +547,8 @@ EOF;

 /* Patch paths and settings in configuration files template for pfSense-specific values on install */

 function squid_antivirus_install_config_files() {

-	global $config, $clamav_uid, $clamav_gid;

-	if (is_array($config['installedpackages']['squid'])) {

-		$squidsettings = $config['installedpackages']['squid']['config'][0];

-	} else {

-		$squidsettings = array();

-	}

+	global $clamav_uid, $clamav_gid;

+

 	// squidclamav.conf

 	// make a backup of default squidclamav.conf.sample first

 	$cf = SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf";

@@ -585,12 +564,10 @@ function squid_antivirus_install_config_files() {

 		$squidclamav_m[1] = "@/var/run/clamav/clamd.ctl@";

 		$squidclamav_r[1] = "/var/run/clamav/clamd.sock";

 		$squidclamav_m[2] = "@http\://proxy.domain.dom/cgi-bin/clwarn.cgi@";

-		$port = $config['system']['webgui']['port'];

-		if ($port == "") {

-			$squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}/squid_clwarn.php";

-		} else {

-			$squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}:{$port}/squid_clwarn.php";

-		}

+		$port = config_get_path('system/webgui/port');

+		$squidclamav_r[2] = config_get_path('system/webgui/protocol') . '://' .

+		    config_get_path('system/hostname') . '.' . config_get_path('system/domain') .

+		    (empty($port) ? '' : ":{$port}") . '/squid_clwarn.php';

 		$squidclamav_m[3] = "@dnslookup\s1@";

 		$squidclamav_r[3] = "dnslookup 0";

 		// This should match StreamMaxLength in clamd.conf

@@ -700,7 +677,6 @@ function squid_antivirus_install_config_files() {

 /* Get the raw pfSense template files for manual configuration and serialize them to config.xml */

 function squid_antivirus_get_raw_config() {

-	global $config;

 	$loaded = false;

 	$rawfiles = array("squidclamav.conf", "c-icap.conf", "c-icap.magic", "freshclam.conf", "clamd.conf");

@@ -733,10 +709,11 @@ function squid_antivirus_get_raw_config() {

 		}

 		// get the config from the files if not set (yet) in config.xml

 		if ($confopt) {

+			$conf_path = 'installedpackages/squidantivirus/config/0';

 			$conffile = SQUID_LOCALBASE . "/etc" . "{$confdir}" . "/{$rawfile}.pfsense";

 			if (file_exists($conffile)) {

-				if ($config['installedpackages']['squidantivirus']['config'][0][$confopt] == "") {

-					$config['installedpackages']['squidantivirus']['config'][0][$confopt] =  base64_encode(str_replace("\r", "", file_get_contents("{$conffile}")));

+				if (empty(config_get_path($conf_path . "/{$confopt}"))) {

+					config_set_path($conf_path . "/{$confopt}", base64_encode(str_replace("\r", "", file_get_contents("{$conffile}"))));

 					log_error("[squid] Successfully loaded '{$conffile}' configuration file");

 					$loaded = true;

 				}

@@ -744,7 +721,7 @@ function squid_antivirus_get_raw_config() {

 			} else {

 				squid_antivirus_install_config_files();

 				if (file_exists($conffile)) {

-					$config['installedpackages']['squidantivirus']['config'][0][$confopt] =  base64_encode(str_replace("\r", "", file_get_contents("{$conffile}")));

+					config_set_path($conf_path . "/{$confopt}", base64_encode(str_replace("\r", "", file_get_contents("{$conffile}"))));

 					log_error("[squid] Successfully loaded '{$conffile}' configuration file");

 					$loaded = true;

 				} else {

@@ -761,13 +738,13 @@ function squid_antivirus_get_raw_config() {

 /* Toggle the raw config state */

 function squid_antivirus_toggle_raw_config($state) {

-	global $config;

+	$conf_path = 'installedpackages/squidantivirus/config/0';

 	if ($state) {

 		// manual configuration enabled

 		$opts = array("clamav_url", "clamav_dbregion", "clamav_dbservers");

 		foreach ($opts as $opt) {

-			if (isset($config['installedpackages']['squidantivirus']['config'][0][$opt])) {

-				unset($config['installedpackages']['squidantivirus']['config'][0][$opt]);

+			if (config_path_enabled($conf_path, $opt)) {

+				config_del_path($conf_path . "/{$opt}");

 				log_error("[squid] Loaded '{$opt}' raw configuration file...");

 			}

 		}

@@ -777,12 +754,12 @@ function squid_antivirus_toggle_raw_config($state) {

 		// manual configuration disabled

 		$opts = array("raw_squidclamav_conf", "raw_cicap_conf", "raw_cicap_magic", "raw_freshclam_conf", "raw_clamd_conf");

 		foreach ($opts as $opt) {

-			if (isset($config['installedpackages']['squidantivirus']['config'][0][$opt])) {

-				unset($config['installedpackages']['squidantivirus']['config'][0][$opt]);

+			if (config_path_enabled($conf_path, $opt)) {

+				config_del_path($conf_path . "/{$opt}");

 				log_error("[squid] Unloaded '{$opt}' raw configuration.");

 			}

 		}

-		$config['installedpackages']['squidantivirus']['config'][0]['enable_advanced'] = "disabled";

+		config_set_path($conf_path . '/enable_advanced', 'disabled');

 	}

 }

@@ -899,12 +876,7 @@ EOF;

 /* (Re)start antivirus services if AV features are enabled */

 function squid_restart_antivirus() {

-	global $config;

-	if (is_array($config['installedpackages']['squidantivirus'])) {

-		$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];

-	} else {

-		$antivirus_config = array();

-	}

+	$antivirus_config = config_get_path('installedpackages/squidantivirus/config/0', []);

 	// reconfigure and (re)start service as needed if enabled, otherwise stop them

 	// do not (re)start antivirus services on boot

@@ -1011,13 +983,6 @@ function squid_stop_antivirus() {

 /* Proxy server: Antivirus input validation */

 /* Also handles manual AV updates and switching 'Manual Configuration' on/off */

 function squid_validate_antivirus($post, &$input_errors) {

-	global $config;

-	if (is_array($config['installedpackages']['squidantivirus'])) {

-		$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];

-	} else {

-		$antivirus_config = array();

-	}

-

 	/* Manual ClamAV database update */

 	if ($post['update_av'] == 'Update AV') {

 		squid_update_clamav();

@@ -1026,7 +991,7 @@ function squid_validate_antivirus($post, &$input_errors) {

 	/* Load the raw config files if manual configuration is enabled */

 	if ($post['load_advanced'] == 'Load Advanced') {

-		$config['installedpackages']['squidantivirus']['config'][0]['enable_advanced'] = "enabled";

+		config_set_path('installedpackages/squidantivirus/config/0/enable_advanced', 'enabled');

 		squid_antivirus_toggle_raw_config(true);

 		return;

 	}

diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml

index 3c60a8cd68b870d1ed9d7690479087845f2c84c2..4c08cfe1111c09c6c557558b148a7de9758e80d1 100644

--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml

+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml

@@ -281,8 +281,8 @@

 	</custom_php_before_form_command>

 	<custom_php_after_head_command>

 		<![CDATA[

-		$transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on');

-		if ($transparent_proxy and preg_match("/(local|ldap|radius|ntlm)/", $config['installedpackages']['squidauth']['config'][0]['auth_method'])) {

+		$transparent_proxy = (config_get_path('installedpackages/squid/config/0/transparent_proxy') == 'on');

+		if ($transparent_proxy and preg_match("/(local|ldap|radius|ntlm)/", config_get_path('installedpackages/squidauth/config/0/auth_method'))) {

 			$input_errors[] = "Authentication cannot be enabled while transparent proxy mode is enabled";

 		}

 		squid_print_javascript_auth();

diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml

index 1dcfe7e38e04bcfc4d4c07544413ec88fc193534..efb8e59078f8aa42a6607936c96535f90c648f81 100644

--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml

+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml

@@ -418,8 +418,8 @@

 	<![CDATA[

 		global $oldcachedir;

 		// do not leave orphaned cachedirs if harddisk_cache_location changed

-		if ($_POST['harddisk_cache_location'] != $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_location']) {

-			$oldcachedir = $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_location'];

+		if ($_POST['harddisk_cache_location'] != config_get_path('installedpackages/squidcache/config/0/harddisk_cache_location')) {

+			$oldcachedir = config_get_path('installedpackages/squidcache/config/0/harddisk_cache_location');

 			if ($oldcachedir != "") {

 				$cachedir_changed = true;

 			}

diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc

index 8e4d749c333e2bd5e9e72ce0cf4e925d47cce6d1..12d90ad7e27dd3bdfe00cde4fdf2571e17294fe2 100644

--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc

+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc

@@ -29,17 +29,8 @@ require_once('config.inc');

  * depending on selected 'Authentication Method' value

  */

 function squid_print_javascript_auth() {

-	global $config;

-	if (is_array($config['installedpackages']['squid'])) {

-		$squidsettings = $config['installedpackages']['squid']['config'][0];

-	} else {

-		$squidsettings = array();

-	}

-	if (is_array($config['installedpackages']['squidauth']['config'])) {

-		$settingsauth = $config['installedpackages']['squidauth']['config'][0];

-	} else {

-		$settingsauth = array();

-	}

+	$squidsettings = config_get_path('installedpackages/squid/config/0', []);

+	$settingsauth = config_get_path('installedpackages/squidauth/config/0', []);

 	$transparent_proxy = ($squidsettings['transparent_proxy'] == 'on');

 	$auth_method = $settingsauth['auth_method'];

diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc

index 27cce8c68a7dfb92020a030ea3bf3163109cf891..be32cedac6d67d7fa824fdaf3fca26c8091bb528 100644

--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc

+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc

@@ -30,29 +30,11 @@ require_once('util.inc');

 /* Reverse Proxy Server configuration handler */

 function squid_resync_reverse() {

-	global $config;

-

 	// config file

-	if (is_array($config['installedpackages']['squidreversegeneral'])) {

-		$settings = $config['installedpackages']['squidreversegeneral']['config'][0];

-	} else {

-		$settings = array();

-	}

-	if (is_array($config['installedpackages']['squidreversepeer'])) {

-		$reverse_peers = $config['installedpackages']['squidreversepeer']['config'];

-	} else {

-		$reverse_peers = array();

-	}

-	if (is_array($config['installedpackages']['squidreverseuri'])) {

-		$reverse_maps = $config['installedpackages']['squidreverseuri']['config'];

-	} else {

-		$reverse_maps = array();

-	}

-	if (is_array($config['installedpackages']['squidreverseredir'])) {

-		$reverse_redir = $config['installedpackages']['squidreverseredir']['config'];

-	} else {

-		$reverse_redir = array();

-	}

+	$settings = config_get_path('installedpackages/squidreversegeneral/config/0', []);

+	$reverse_peers = config_get_path('installedpackages/squidreversepeer/config', []);

+	$reverse_maps = config_get_path('installedpackages/squidreverseuri/config', []);

+	$reverse_redir = config_get_path('installedpackages/squidreverseredir/config', []);

 	$conf = "# Reverse Proxy settings\n";

@@ -387,13 +369,7 @@ function squid_resync_reverse() {

 /* Refresh Client Certificate Revocation List */

 function squid_refresh_crl() {

-	global $config;

-

-	if (is_array($config['installedpackages']['squidreversegeneral'])) {

-		$settings = $config['installedpackages']['squidreversegeneral']['config'][0];

-	} else {

-		$settings = array();

-	}

+	$settings = config_get_path('installedpackages/squidreversegeneral/config/0', []);

 	if (isset($settings['reverse_check_clientca']) && $settings['reverse_check_clientca'] == "on" && isset($settings['reverse_ssl_clientcrl']) && $settings['reverse_ssl_clientcrl'] != 'none') {

 		$crl = lookup_crl($settings['reverse_ssl_clientcrl']);

@@ -408,18 +384,14 @@ function squid_refresh_crl() {

 /* Check whether Squid reverse proxy is enabled */

 function squid_reverse_enabled() {

-	global $config, $reverse_proxy_enabled;

+	global $reverse_proxy_enabled;

 	$reverse_proxy_enabled = false;

+	$conf_path = 'installedpackages/squidreversegeneral/config/0';

-	if (is_array($config['installedpackages']['squidreversegeneral']['config'])) {

-		// check whether HTTP or HTTPS reverse proxy is enabled ...

-		if ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_http'] == "on" ||

-		    $config['installedpackages']['squidreversegeneral']['config'][0]['reverse_https'] == "on") {

-			// ... and has at least one reverse interface configured

-			if (!empty($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_interface'])) {

-				$reverse_proxy_enabled = true;

-			}

-		}

+	// check whether HTTP or HTTPS reverse proxy is enabled and has at least one reverse interface configured

+	if ((config_get_path($conf_path . '/reverse_http') == 'on' || config_get_path($conf_path . '/reverse_https') == 'on') &&

+	    !empty(config_get_path($conf_path . '/reverse_interface'))) {

+		$reverse_proxy_enabled = true;

 	}

 	return $reverse_proxy_enabled;

@@ -427,37 +399,40 @@ function squid_reverse_enabled() {

 /* Migrate reverse proxy configuration from old Squid package versions */

 function squid_reverse_upgrade_config() {

-	global $config;

-	if (is_array($config['installedpackages']['squidreverse'])) {

-		$old_reverse_settings = $config['installedpackages']['squidreverse']['config'][0];

-

+	$conf_path_settings = 'installedpackages/squidreversegeneral/config/0';

+	$conf_path_reverse_peers = 'installedpackages/squidreversepeer/config';

+	$conf_path_reverse_maps = 'installedpackages/squidreverseuri/config';

+	$reverse_peers = config_get_path($conf_path_reverse_peers, []);

+	$reverse_maps = config_get_path($conf_path_reverse_maps, []);

+	$old_reverse_settings = config_get_path('installedpackages/squidreverse/config/0');

+

+	if (is_array(config_get_path('installedpackages/squidreverse'))) {

 		// settings

-		if (!is_array($config['installedpackages']['squidreversegeneral'])) {

-			init_config_arr(array('installedpackages', 'squidreversegeneral', 'config'));

-			$config['installedpackages']['squidreversegeneral']['config'][0] = $old_reverse_settings;

-			unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']);

-			unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']);

-			unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']);

+		if (!is_array(config_get_path('installedpackages/squidreversegeneral'))) {

+			config_set_path($conf_path_settings, $old_reverse_settings);

+			config_del_path($conf_path_settings . '/reverse_cache_peer');

+			config_del_path($conf_path_settings . '/reverse_uri');

+			config_del_path($conf_path_settings . '/reverse_acl');

 		}

 		// peers

-		if (!is_array($config['installedpackages']['squidreversepeer'])) {

+		if (!is_array(config_get_path('installedpackages/squidreversepeer'))) {

 			foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) {

 				foreach (explode(";", $cache_peers) as $cache_peer) {

-					init_config_arr(array('installedpackages', 'squidreversepeer', 'config'));

-					$config['installedpackages']['squidreversepeer']['config'][] = array(

+					$reverse_peers[] = array(

 						'description' => 'migrated',

 						'enable' => 'on',

 						'name' => $cache_peer[0],

 						'port' => $cache_peer[1],

 						'protocol' => $cache_peer[2]

 					);

+					config_set_path($conf_path_reverse_peers, $reverse_peers);

 				}

 			}

 		}

 		// mappings

-		if (!is_array($config['installedpackages']['squidreverseuri'])) {

+		if (!is_array(config_get_path('installedpackages/squidreverseuri'))) {

 			foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) {

 				foreach (explode(";", $acls) as $acl) {

 					array_push(${'peer_'.$acl[0]}, $acl[1]);

@@ -466,8 +441,7 @@ function squid_reverse_upgrade_config() {

 			foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) {

 				foreach (explode(";", $uris) as $uri) {

 					$peer_list = (is_array(${'peer_' . $uri[0]}) ? implode(",", ${'peer_' . $uri[0]}) : "");

-					init_config_arr(array('installedpackages', 'squidreverseuri', 'config'));

-					$config['installedpackages']['squidreverseuri']['config'][] = array(

+					$reverse_maps[] = array(

 						'description' => 'migrated',

 						'enable' => 'on',

 						'name' => $uri[0],

@@ -475,6 +449,7 @@ function squid_reverse_upgrade_config() {

 						'vhost' => $uri[2],

 						'peers' => $peer_list

 					);

+					config_set_path($conf_path_reverse_maps, $reverse_maps);

 				}

 			}

 		}

@@ -483,8 +458,6 @@ function squid_reverse_upgrade_config() {

 /* Reverse Proxy Server input validation */

 function squid_validate_reverse($post, &$input_errors) {

-	global $config;

-

 	/* Manually refresh client CRL */

 	if ($post['refresh_crl'] == 'Refresh CRL') {

 		log_error("[squid] Client Certificate Revocation List refresh forced via GUI. Refreshing now...");

diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml

index 33b9c160de005db09ab0f6034710090a0654cc18..4bfa0a90a97027bcecdffb4f793b63ba1aec4b1d 100644

--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml

+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml

@@ -277,7 +277,7 @@

 				]]>

 			</description>

 			<type>select_source</type>

-			<source><![CDATA[$config['crl']]]></source>

+			<source><![CDATA[config_get_path('crl')]]></source>

 			<source_name>descr</source_name>

 			<source_value>refid</source_value>

 			<show_disable_value>none</show_disable_value>

diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml

index 7cec1c10ad7a29d691471aa628be9a867589d794..c00a7c76b35513515604a735dd4cdfaa957afade 100644

--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml

+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml

@@ -115,7 +115,7 @@

 				]]>

 			</description>

 			<type>select_source</type>

-			<source>$config['installedpackages']['squidreversepeer']['config']</source>

+			<source>config_get_path('installedpackages/squidreversepeer/config')</source>

 			<source_name>name</source_name>

 			<source_value>name</source_value>

 			<multiple/>

diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php b/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php

index 65ddfb9215823b48c7ea2bd378a26134003da914..cf5e4402c76e045be7e452daf5ef85221ec95e09 100644

--- a/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php

+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php

@@ -22,9 +22,8 @@

 require_once('config.inc');

 require_once('util.inc');

 require_once('squid.inc');

-global $config;

-$settings = $config['installedpackages']['squidcache']['config'][0];

+$settings = config_get_path('installedpackages/squidcache/config/0');

 // Only check the cache if Squid is actually caching.

 // If there is no cache then quietly do nothing.

 // If cache dir is located outside of /var/squid hierarchy, log some instructions.

diff --git a/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php b/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php

index 8f8b3bef08bbed6fda3ac5960a35b55cd6438745..4e156065349d22bf1b58d5dafaae9125586c6ed3 100644

--- a/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php

+++ b/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php

@@ -29,10 +29,11 @@ if ($_POST) {

 	// Actions

 	$filter = preg_replace('/(@|!|>|<)/', "", htmlspecialchars($_POST['strfilter']));

 	$program = strtolower($_POST['program']);

+	$conf_path = 'installedpackages/squid/config/0/log_dir';

 	switch ($program) {

 		case 'squid':

 			// Define log file

-			$log = $config['installedpackages']['squid']['config'][0]['log_dir'].'/access.log';

+			$log = config_get_path($conf_path) . '/access.log';

 			// Show table headers

 			show_tds(array("Date", "IP", "Status", "Address", "User", "Destination"));

 			// Fetch lines

@@ -67,7 +68,7 @@ if ($_POST) {

 			break;

 		case 'squid_cache';

 			// Define log file

-			$log = $config['installedpackages']['squid']['config'][0]['log_dir'].'/cache.log';

+			$log = config_get_path($conf_path) . '/cache.log';

 			// Show table headers

 			show_tds(array("Date-Time", "Message"));

 			// Fetch lines

diff --git a/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php b/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php

index cbd2436ff4e8bd72aa30e0cf540c0e0a7683fa76..2cfb4b8e70cd41948b77ae955acd2e56f2b3aa91 100644

--- a/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php

+++ b/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php

@@ -51,11 +51,9 @@ if ($_REQUEST["menu"] == "reverse") {

 display_top_tabs($tab_array);

 function squid_status() {

-	global $config;

-

 	if (is_service_running('squid')) {

 		init_config_arr(array('installedpackages', 'squidcache','config'));

-		$proxy_ifaces = explode(",", $config['installedpackages']['squid']['config'][0]['active_interface']);

+		$proxy_ifaces = explode(",", config_get_path('installedpackages/squid/config/0/active_interface', ''));

 		foreach ($proxy_ifaces as $iface) {

 			if (get_interface_ip($iface)) {

 				$ip = get_interface_ip($iface);

diff --git a/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php b/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php

index ce65e1f03e1a3c1d4e1fed9f660efb9876eadc7c..a070dd73c32fddd585b84cd01bc426a24638e76d 100644

--- a/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php

+++ b/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php

@@ -31,7 +31,7 @@ if (file_exists("/usr/local/pkg/squid.inc")) {

 	echo "No squid.inc found. You must have Squid package installed to use this widget.";

 }

-if (isset($config['system']['use_mfs_tmpvar'])) {

+if (config_path_enabled('system', 'use_mfs_tmpvar')) {

 	define('PATH_CLAMDB', '/usr/local/share/clamav-db/');

 } else {

 	define('PATH_CLAMDB', '/var/db/clamav/');

@@ -44,7 +44,7 @@ $img = array();

 $img['up'] = '<i class="fa fa-level-up text-success" title="Service running"></i>';

 $img['down'] = '<i class="fa fa-level-down text-danger" title="Service not running"></i>';

 // Update once per minute by default, instead of every 10 seconds

-$widgetperiod = isset($config['widgets']['period']) ? $config['widgets']['period'] * 1000 * 6 : 60000;

+$widgetperiod = config_path_enabled('widgets', 'period') ? config_get_path('widgets/period') * 1000 * 6 : 60000;

 function squid_avdb_info($filename) {

 	$stl = "style='padding-top: 0px; padding-bottom: 0px; padding-left: 4px; padding-right: 4px; border-left: 1px solid #999999;'";