diff --git a/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php b/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php
index 592270b81fdee5cd74cf37d858db20e40c50d926..ebb66f0b075a6875c42bf89ee9fb63bb8926c838 100644
--- a/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php
+++ b/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php
@@ -24,7 +24,6 @@
 require_once("config.inc");
 require_once("globals.inc");
 error_reporting(0);
-global $config, $g;
 // stdin loop
 if (!defined(STDIN)) {
 	define("STDIN", fopen("php://stdin", "r"));
@@ -36,20 +35,18 @@ while (!feof(STDIN)) {
 	$check_ip = preg_replace('/[^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}]/', '', fgets(STDIN));
 	$status = '';
 
-	if (is_array($config['captiveportal'])) {
-		foreach ($config['captiveportal'] as $cpzone => $cp) {
-			if (isset($cp['enable'])) {
-				$db = "{$g['vardb_path']}/captiveportal{$cpzone}.db";
-				$status = squid_check_ip($db, $check_ip);
-				if ($status) {
-					break;
-				} elseif (is_array($cp['allowedip'])) {
-					foreach ($cp['allowedip'] as $ipent) {
-						if (ip_in_subnet($check_ip, "{$ipent['ip']}/{$ipent['sn']}") &&
-						    (($ipent['dir'] == 'from') || ($ipent['dir'] == 'both'))) {
-							$status = $check_ip;
-							break 2;
-						}
+	foreach (config_get_path('captiveportal', []) as $cpzone => $cp) {
+		if (isset($cp['enable'])) {
+			$db = g_get('vardb_path') . "/captiveportal{$cpzone}.db";
+			$status = squid_check_ip($db, $check_ip);
+			if ($status) {
+				break;
+			} elseif (is_array($cp['allowedip'])) {
+				foreach ($cp['allowedip'] as $ipent) {
+					if (ip_in_subnet($check_ip, "{$ipent['ip']}/{$ipent['sn']}") &&
+						(($ipent['dir'] == 'from') || ($ipent['dir'] == 'both'))) {
+						$status = $check_ip;
+						break 2;
 					}
 				}
 			}
			 diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc
index 6122e22caa1b7934720ee1f3b9c267e99d6a528b..48f66a5fc9f520c5748c2b3c1dd67f9aaa903756 100644
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc
@@ -1192,7 +1192,7 @@ function squid_validate_auth($post, &$input_errors) {
 
 /* Proxy Server: General Settings configuration handler */
 function squid_resync_general() {
-	global $g, $valid_acls;
+	global $valid_acls;
 
 	if (is_array(config_get_path('installedpackages/squid'))) {
 		$settings = config_get_path('installedpackages/squid/config/0');
@@ -1402,7 +1402,7 @@ function squid_resync_general() {
 	}
 	$icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0);
 	$dns_v4_first = ($settings['dns_v4_first'] == "on" ? "on" : "off");
-	$piddir = "{$g['varrun_path']}/squid";
+	$piddir = g_get('varrun_path') . '/squid';
 	$pidfile = "{$piddir}/squid.pid";
 	if (!is_dir($piddir)) {
 		safe_mkdir($piddir, 0755);
@@ -2522,8 +2522,6 @@ if (!function_exists('pf_version')) {
 
 /* Perform the actual XMLRPC sync */
 function squid_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) {
-	global $g;
-
 	if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {
 		log_error("[squid] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
 		return;
@@ -2584,7 +2582,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $passwor
 		$msg = new XML_RPC_Message($method, $params);
 		$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
 		$cli->setCredentials($username, $password);
-		if ($g['debug']) {
+		if (g_get('debug')) {
 			$cli->setDebug(1);
 		}
 		/* Send our XMLRPC message and timeout after defined sync timeout value*/
		 diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc
index d749049ef683c10eddda3f8e72d76c59f5d16b63..6033030932903c04afe1ea1aa843004b88ad73b9 100644
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc
@@ -28,13 +28,13 @@ require_once('util.inc');
 /* This file is currently only being included in squid.inc and not used separately */
 // require_once('squid.inc');
 
-global $clamav_uid, $clamav_gid, $config;
+global $clamav_uid, $clamav_gid;
 $clamav_uid = "clamav";
 $clamav_gid = "clamav";
 
 /* If /var is in RAM, the AV database will not be persistent there and space is
 	limited, so relocate it. */
-if (isset($config['system']['use_mfs_tmpvar'])) {
+if (config_path_enabled('system', 'use_mfs_tmpvar')) {
 	define('CLAMAV_DBDIR', '/usr/local/share/clamav-db/');
 } else {
 	define('CLAMAV_DBDIR', '/var/db/clamav/');
@@ -62,19 +62,13 @@ function squid_check_antivirus_dirs() {
 
 /* Antivirus definitions updates via cron */
 function squid_install_freshclam_cron($should_install) {
-	global $config;
-
 	if (platform_booting()) {
 		return;
 	}
 
 	$freshclam_cmd = (SQUID_BASE . "/bin/freshclam --config-file=" . SQUID_BASE . "/etc/freshclam.conf");
 	if (($should_install) && (squid_enabled())) {
-		if (is_array($config['installedpackages']['squidantivirus'])) {
-			$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
-		} else {
-			$antivirus_config = array();
-		}
+		$antivirus_config = config_get_path('installedpackages/squidantivirus/config/0', []);
 		if ($antivirus_config['clamav_update'] != "") {
 			log_error("[squid] Adding freshclam cronjob.");
 			// Randomize minutes to mitigate mirrors overload issues
@@ -134,17 +128,13 @@ function squid_antivirus_install_command() {
 
 /* Run on Squid package uninstall */
 function squid_antivirus_deinstall_command() {
-	global $config, $keep;
+	global $keep;
 	/* Stop all running services, remove rc scripts and cronjobs */
 	squid_stop_antivirus();
 	mwexec("/bin/ps awux | /usr/bin/grep '[f]reshclam' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill");
 
 	/* clean up created directories if 'Keep Settings/Data' is disabled */
-	if (is_array($config['installedpackages']['squid'])) {
-		$squidsettings = $config['installedpackages']['squid']['config'][0];
-	} else {
-		$squidsettings = array();
-	}
+	$squidsettings = config_get_path('installedpackages/squid/config/0', []);
 	$keep = ($squidsettings['keep_squid_data'] ? true : false);
 
 	if (!$keep) {
@@ -159,14 +149,11 @@ function squid_antivirus_deinstall_command() {
 
 /* Migrate configuration from old Squid package versions */
 function squid_antivirus_upgrade_config() {
-	global $config;
 	/* unset broken antivirus settings */
-	if (is_array($config['installedpackages']['squidantivirus'])) {
-		unset($config['installedpackages']['squidantivirus']['config'][0]['squidclamav']);
-		unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']);
-		unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']);
-		unset($config['installedpackages']['squidantivirus']['config'][0]['freshclam_conf']);
-	}
+	config_del_path('installedpackages/squidantivirus/config/0/squidclamav');
+	config_del_path('installedpackages/squidantivirus/config/0/icap_conf');
+	config_del_path('installedpackages/squidantivirus/config/0/icap_magic');
+	config_del_path('installedpackages/squidantivirus/config/0/freshclam_conf');
 }
 
 /*
@@ -192,19 +179,15 @@ function squid_antivirus_upgrade_config() {
 
 /* Proxy Server: Antivirus configuration handler */
 function squid_resync_antivirus() {
-	global $config, $antivirus_config;
+	global $antivirus_config;
+	$conf_path = 'installedpackages/squidantivirus/config/0';
 
 	$interserver_dbs = array('interserver256.hdb', 'interservertopline.db', 'shell.ldb', 'whitelist.fp');
 	$securiteinfo_dbs = array('securiteinfo.hdb', 'securiteinfo.ign2', 'javascript.ndb', 'spam_marketing.ndb',
 		'securiteinfohtml.hdb', 'securiteinfoascii.hdb', 'securiteinfoandroid.hdb', 'securiteinfoold.hdb',
 		'securiteinfopdf.hdb');
 	$securiteinfo_prem_dbs = array('securiteinfo.mdb', 'securiteinfo0hour.hdb');
-
-	if (is_array($config['installedpackages']['squidantivirus'])) {
-		$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
-	} else {
-		$antivirus_config = array();
-	}
+	$antivirus_config = config_get_path($conf_path, []);
 
 	// squid.conf antivirus integration
 	if (squid_enabled() && ($antivirus_config['enable'] == "on")) {
@@ -258,7 +241,7 @@ EOF;
 				}
 			}
 			// Create configuration files
-			squid_antivirus_put_raw_config($config['installedpackages']['squidantivirus']['config'][0]);
+			squid_antivirus_put_raw_config(config_get_path($conf_path));
 		} else {
 			// unset raw configuration options
 			squid_antivirus_toggle_raw_config(false);
@@ -564,12 +547,8 @@ EOF;
 
 /* Patch paths and settings in configuration files template for pfSense-specific values on install */
 function squid_antivirus_install_config_files() {
-	global $config, $clamav_uid, $clamav_gid;
-	if (is_array($config['installedpackages']['squid'])) {
-		$squidsettings = $config['installedpackages']['squid']['config'][0];
-	} else {
-		$squidsettings = array();
-	}
+	global $clamav_uid, $clamav_gid;
+
 	// squidclamav.conf
 	// make a backup of default squidclamav.conf.sample first
 	$cf = SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf";
@@ -585,12 +564,10 @@ function squid_antivirus_install_config_files() {
 		$squidclamav_m[1] = "@/var/run/clamav/clamd.ctl@";
 		$squidclamav_r[1] = "/var/run/clamav/clamd.sock";
 		$squidclamav_m[2] = "@http\://proxy.domain.dom/cgi-bin/clwarn.cgi@";
-		$port = $config['system']['webgui']['port'];
-		if ($port == "") {
-			$squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}/squid_clwarn.php";
-		} else {
-			$squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}:{$port}/squid_clwarn.php";
-		}
+		$port = config_get_path('system/webgui/port');
+		$squidclamav_r[2] = config_get_path('system/webgui/protocol') . '://' .
+		    config_get_path('system/hostname') . '.' . config_get_path('system/domain') .
+		    (empty($port) ? '' : ":{$port}") . '/squid_clwarn.php';
 		$squidclamav_m[3] = "@dnslookup\s1@";
 		$squidclamav_r[3] = "dnslookup 0";
 		// This should match StreamMaxLength in clamd.conf
@@ -700,7 +677,6 @@ function squid_antivirus_install_config_files() {
 
 /* Get the raw pfSense template files for manual configuration and serialize them to config.xml */
 function squid_antivirus_get_raw_config() {
-	global $config;
 	$loaded = false;
 	$rawfiles = array("squidclamav.conf", "c-icap.conf", "c-icap.magic", "freshclam.conf", "clamd.conf");
 
@@ -733,10 +709,11 @@ function squid_antivirus_get_raw_config() {
 		}
 		// get the config from the files if not set (yet) in config.xml
 		if ($confopt) {
+			$conf_path = 'installedpackages/squidantivirus/config/0';
 			$conffile = SQUID_LOCALBASE . "/etc" . "{$confdir}" . "/{$rawfile}.pfsense";
 			if (file_exists($conffile)) {
-				if ($config['installedpackages']['squidantivirus']['config'][0][$confopt] == "") {
-					$config['installedpackages']['squidantivirus']['config'][0][$confopt] =  base64_encode(str_replace("\r", "", file_get_contents("{$conffile}")));
+				if (empty(config_get_path($conf_path . "/{$confopt}"))) {
+					config_set_path($conf_path . "/{$confopt}", base64_encode(str_replace("\r", "", file_get_contents("{$conffile}"))));
 					log_error("[squid] Successfully loaded '{$conffile}' configuration file");
 					$loaded = true;
 				}
@@ -744,7 +721,7 @@ function squid_antivirus_get_raw_config() {
 			} else {
 				squid_antivirus_install_config_files();
 				if (file_exists($conffile)) {
-					$config['installedpackages']['squidantivirus']['config'][0][$confopt] =  base64_encode(str_replace("\r", "", file_get_contents("{$conffile}")));
+					config_set_path($conf_path . "/{$confopt}", base64_encode(str_replace("\r", "", file_get_contents("{$conffile}"))));
 					log_error("[squid] Successfully loaded '{$conffile}' configuration file");
 					$loaded = true;
 				} else {
@@ -761,13 +738,13 @@ function squid_antivirus_get_raw_config() {
 
 /* Toggle the raw config state */
 function squid_antivirus_toggle_raw_config($state) {
-	global $config;
+	$conf_path = 'installedpackages/squidantivirus/config/0';
 	if ($state) {
 		// manual configuration enabled
 		$opts = array("clamav_url", "clamav_dbregion", "clamav_dbservers");
 		foreach ($opts as $opt) {
-			if (isset($config['installedpackages']['squidantivirus']['config'][0][$opt])) {
-				unset($config['installedpackages']['squidantivirus']['config'][0][$opt]);
+			if (config_path_enabled($conf_path, $opt)) {
+				config_del_path($conf_path . "/{$opt}");
 				log_error("[squid] Loaded '{$opt}' raw configuration file...");
 			}
 		}
@@ -777,12 +754,12 @@ function squid_antivirus_toggle_raw_config($state) {
 		// manual configuration disabled
 		$opts = array("raw_squidclamav_conf", "raw_cicap_conf", "raw_cicap_magic", "raw_freshclam_conf", "raw_clamd_conf");
 		foreach ($opts as $opt) {
-			if (isset($config['installedpackages']['squidantivirus']['config'][0][$opt])) {
-				unset($config['installedpackages']['squidantivirus']['config'][0][$opt]);
+			if (config_path_enabled($conf_path, $opt)) {
+				config_del_path($conf_path . "/{$opt}");
 				log_error("[squid] Unloaded '{$opt}' raw configuration.");
 			}
 		}
-		$config['installedpackages']['squidantivirus']['config'][0]['enable_advanced'] = "disabled";
+		config_set_path($conf_path . '/enable_advanced', 'disabled');
 	}
 }
 
@@ -899,12 +876,7 @@ EOF;
 
 /* (Re)start antivirus services if AV features are enabled */
 function squid_restart_antivirus() {
-	global $config;
-	if (is_array($config['installedpackages']['squidantivirus'])) {
-		$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
-	} else {
-		$antivirus_config = array();
-	}
+	$antivirus_config = config_get_path('installedpackages/squidantivirus/config/0', []);
 
 	// reconfigure and (re)start service as needed if enabled, otherwise stop them
 	// do not (re)start antivirus services on boot
@@ -1011,13 +983,6 @@ function squid_stop_antivirus() {
 /* Proxy server: Antivirus input validation */
 /* Also handles manual AV updates and switching 'Manual Configuration' on/off */
 function squid_validate_antivirus($post, &$input_errors) {
-	global $config;
-	if (is_array($config['installedpackages']['squidantivirus'])) {
-		$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
-	} else {
-		$antivirus_config = array();
-	}
-
 	/* Manual ClamAV database update */
 	if ($post['update_av'] == 'Update AV') {
 		squid_update_clamav();
@@ -1026,7 +991,7 @@ function squid_validate_antivirus($post, &$input_errors) {
 
 	/* Load the raw config files if manual configuration is enabled */
 	if ($post['load_advanced'] == 'Load Advanced') {
-		$config['installedpackages']['squidantivirus']['config'][0]['enable_advanced'] = "enabled";
+		config_set_path('installedpackages/squidantivirus/config/0/enable_advanced', 'enabled');
 		squid_antivirus_toggle_raw_config(true);
 		return;
 	}
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml
index 3c60a8cd68b870d1ed9d7690479087845f2c84c2..4c08cfe1111c09c6c557558b148a7de9758e80d1 100644
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml
@@ -281,8 +281,8 @@
 	</custom_php_before_form_command>
 	<custom_php_after_head_command>
 		<![CDATA[
-		$transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on');
-		if ($transparent_proxy and preg_match("/(local|ldap|radius|ntlm)/", $config['installedpackages']['squidauth']['config'][0]['auth_method'])) {
+		$transparent_proxy = (config_get_path('installedpackages/squid/config/0/transparent_proxy') == 'on');
+		if ($transparent_proxy and preg_match("/(local|ldap|radius|ntlm)/", config_get_path('installedpackages/squidauth/config/0/auth_method'))) {
 			$input_errors[] = "Authentication cannot be enabled while transparent proxy mode is enabled";
 		}
 		squid_print_javascript_auth();
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml
index 1dcfe7e38e04bcfc4d4c07544413ec88fc193534..efb8e59078f8aa42a6607936c96535f90c648f81 100644
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml
@@ -418,8 +418,8 @@
 	<![CDATA[
 		global $oldcachedir;
 		// do not leave orphaned cachedirs if harddisk_cache_location changed
-		if ($_POST['harddisk_cache_location'] != $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_location']) {
-			$oldcachedir = $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_location'];
+		if ($_POST['harddisk_cache_location'] != config_get_path('installedpackages/squidcache/config/0/harddisk_cache_location')) {
+			$oldcachedir = config_get_path('installedpackages/squidcache/config/0/harddisk_cache_location');
 			if ($oldcachedir != "") {
 				$cachedir_changed = true;
 			}
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc
index 8e4d749c333e2bd5e9e72ce0cf4e925d47cce6d1..12d90ad7e27dd3bdfe00cde4fdf2571e17294fe2 100644
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc
@@ -29,17 +29,8 @@ require_once('config.inc');
  * depending on selected 'Authentication Method' value
  */
 function squid_print_javascript_auth() {
-	global $config;
-	if (is_array($config['installedpackages']['squid'])) {
-		$squidsettings = $config['installedpackages']['squid']['config'][0];
-	} else {
-		$squidsettings = array();
-	}
-	if (is_array($config['installedpackages']['squidauth']['config'])) {
-		$settingsauth = $config['installedpackages']['squidauth']['config'][0];
-	} else {
-		$settingsauth = array();
-	}
+	$squidsettings = config_get_path('installedpackages/squid/config/0', []);
+	$settingsauth = config_get_path('installedpackages/squidauth/config/0', []);
 	$transparent_proxy = ($squidsettings['transparent_proxy'] == 'on');
 	$auth_method = $settingsauth['auth_method'];
 
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc
index 27cce8c68a7dfb92020a030ea3bf3163109cf891..be32cedac6d67d7fa824fdaf3fca26c8091bb528 100644
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc
@@ -30,29 +30,11 @@ require_once('util.inc');
 
 /* Reverse Proxy Server configuration handler */
 function squid_resync_reverse() {
-	global $config;
-
 	// config file
-	if (is_array($config['installedpackages']['squidreversegeneral'])) {
-		$settings = $config['installedpackages']['squidreversegeneral']['config'][0];
-	} else {
-		$settings = array();
-	}
-	if (is_array($config['installedpackages']['squidreversepeer'])) {
-		$reverse_peers = $config['installedpackages']['squidreversepeer']['config'];
-	} else {
-		$reverse_peers = array();
-	}
-	if (is_array($config['installedpackages']['squidreverseuri'])) {
-		$reverse_maps = $config['installedpackages']['squidreverseuri']['config'];
-	} else {
-		$reverse_maps = array();
-	}
-	if (is_array($config['installedpackages']['squidreverseredir'])) {
-		$reverse_redir = $config['installedpackages']['squidreverseredir']['config'];
-	} else {
-		$reverse_redir = array();
-	}
+	$settings = config_get_path('installedpackages/squidreversegeneral/config/0', []);
+	$reverse_peers = config_get_path('installedpackages/squidreversepeer/config', []);
+	$reverse_maps = config_get_path('installedpackages/squidreverseuri/config', []);
+	$reverse_redir = config_get_path('installedpackages/squidreverseredir/config', []);
 
 	$conf = "# Reverse Proxy settings\n";
 
@@ -387,13 +369,7 @@ function squid_resync_reverse() {
 
 /* Refresh Client Certificate Revocation List */
 function squid_refresh_crl() {
-	global $config;
-
-	if (is_array($config['installedpackages']['squidreversegeneral'])) {
-		$settings = $config['installedpackages']['squidreversegeneral']['config'][0];
-	} else {
-		$settings = array();
-	}
+	$settings = config_get_path('installedpackages/squidreversegeneral/config/0', []);
 
 	if (isset($settings['reverse_check_clientca']) && $settings['reverse_check_clientca'] == "on" && isset($settings['reverse_ssl_clientcrl']) && $settings['reverse_ssl_clientcrl'] != 'none') {
 		$crl = lookup_crl($settings['reverse_ssl_clientcrl']);
@@ -408,18 +384,14 @@ function squid_refresh_crl() {
 
 /* Check whether Squid reverse proxy is enabled */
 function squid_reverse_enabled() {
-	global $config, $reverse_proxy_enabled;
+	global $reverse_proxy_enabled;
 	$reverse_proxy_enabled = false;
+	$conf_path = 'installedpackages/squidreversegeneral/config/0';
 
-	if (is_array($config['installedpackages']['squidreversegeneral']['config'])) {
-		// check whether HTTP or HTTPS reverse proxy is enabled ...
-		if ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_http'] == "on" ||
-		    $config['installedpackages']['squidreversegeneral']['config'][0]['reverse_https'] == "on") {
-			// ... and has at least one reverse interface configured
-			if (!empty($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_interface'])) {
-				$reverse_proxy_enabled = true;
-			}
-		}
+	// check whether HTTP or HTTPS reverse proxy is enabled and has at least one reverse interface configured
+	if ((config_get_path($conf_path . '/reverse_http') == 'on' || config_get_path($conf_path . '/reverse_https') == 'on') &&
+	    !empty(config_get_path($conf_path . '/reverse_interface'))) {
+		$reverse_proxy_enabled = true;
 	}
 
 	return $reverse_proxy_enabled;
@@ -427,37 +399,40 @@ function squid_reverse_enabled() {
 
 /* Migrate reverse proxy configuration from old Squid package versions */
 function squid_reverse_upgrade_config() {
-	global $config;
-	if (is_array($config['installedpackages']['squidreverse'])) {
-		$old_reverse_settings = $config['installedpackages']['squidreverse']['config'][0];
-
+	$conf_path_settings = 'installedpackages/squidreversegeneral/config/0';
+	$conf_path_reverse_peers = 'installedpackages/squidreversepeer/config';
+	$conf_path_reverse_maps = 'installedpackages/squidreverseuri/config';
+	$reverse_peers = config_get_path($conf_path_reverse_peers, []);
+	$reverse_maps = config_get_path($conf_path_reverse_maps, []);
+	$old_reverse_settings = config_get_path('installedpackages/squidreverse/config/0');
+
+	if (is_array(config_get_path('installedpackages/squidreverse'))) {
 		// settings
-		if (!is_array($config['installedpackages']['squidreversegeneral'])) {
-			init_config_arr(array('installedpackages', 'squidreversegeneral', 'config'));
-			$config['installedpackages']['squidreversegeneral']['config'][0] = $old_reverse_settings;
-			unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']);
-			unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']);
-			unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']);
+		if (!is_array(config_get_path('installedpackages/squidreversegeneral'))) {
+			config_set_path($conf_path_settings, $old_reverse_settings);
+			config_del_path($conf_path_settings . '/reverse_cache_peer');
+			config_del_path($conf_path_settings . '/reverse_uri');
+			config_del_path($conf_path_settings . '/reverse_acl');
 		}
 
 		// peers
-		if (!is_array($config['installedpackages']['squidreversepeer'])) {
+		if (!is_array(config_get_path('installedpackages/squidreversepeer'))) {
 			foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) {
 				foreach (explode(";", $cache_peers) as $cache_peer) {
-					init_config_arr(array('installedpackages', 'squidreversepeer', 'config'));
-					$config['installedpackages']['squidreversepeer']['config'][] = array(
+					$reverse_peers[] = array(
 						'description' => 'migrated',
 						'enable' => 'on',
 						'name' => $cache_peer[0],
 						'port' => $cache_peer[1],
 						'protocol' => $cache_peer[2]
 					);
+					config_set_path($conf_path_reverse_peers, $reverse_peers);
 				}
 			}
 		}
 
 		// mappings
-		if (!is_array($config['installedpackages']['squidreverseuri'])) {
+		if (!is_array(config_get_path('installedpackages/squidreverseuri'))) {
 			foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) {
 				foreach (explode(";", $acls) as $acl) {
 					array_push(${'peer_'.$acl[0]}, $acl[1]);
@@ -466,8 +441,7 @@ function squid_reverse_upgrade_config() {
 			foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) {
 				foreach (explode(";", $uris) as $uri) {
 					$peer_list = (is_array(${'peer_' . $uri[0]}) ? implode(",", ${'peer_' . $uri[0]}) : "");
-					init_config_arr(array('installedpackages', 'squidreverseuri', 'config'));
-					$config['installedpackages']['squidreverseuri']['config'][] = array(
+					$reverse_maps[] = array(
 						'description' => 'migrated',
 						'enable' => 'on',
 						'name' => $uri[0],
@@ -475,6 +449,7 @@ function squid_reverse_upgrade_config() {
 						'vhost' => $uri[2],
 						'peers' => $peer_list
 					);
+					config_set_path($conf_path_reverse_maps, $reverse_maps);
 				}
 			}
 		}
@@ -483,8 +458,6 @@ function squid_reverse_upgrade_config() {
 
 /* Reverse Proxy Server input validation */
 function squid_validate_reverse($post, &$input_errors) {
-	global $config;
-
 	/* Manually refresh client CRL */
 	if ($post['refresh_crl'] == 'Refresh CRL') {
 		log_error("[squid] Client Certificate Revocation List refresh forced via GUI. Refreshing now...");
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml
index 33b9c160de005db09ab0f6034710090a0654cc18..4bfa0a90a97027bcecdffb4f793b63ba1aec4b1d 100644
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml
@@ -277,7 +277,7 @@
 				]]>
 			</description>
 			<type>select_source</type>
-			<source><![CDATA[$config['crl']]]></source>
+			<source><![CDATA[config_get_path('crl')]]></source>
 			<source_name>descr</source_name>
 			<source_value>refid</source_value>
 			<show_disable_value>none</show_disable_value>
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml
index 7cec1c10ad7a29d691471aa628be9a867589d794..c00a7c76b35513515604a735dd4cdfaa957afade 100644
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml
@@ -115,7 +115,7 @@
 				]]>
 			</description>
 			<type>select_source</type>
-			<source>$config['installedpackages']['squidreversepeer']['config']</source>
+			<source>config_get_path('installedpackages/squidreversepeer/config')</source>
 			<source_name>name</source_name>
 			<source_value>name</source_value>
 			<multiple/>
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php b/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php
index 65ddfb9215823b48c7ea2bd378a26134003da914..cf5e4402c76e045be7e452daf5ef85221ec95e09 100644
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php
@@ -22,9 +22,8 @@
 require_once('config.inc');
 require_once('util.inc');
 require_once('squid.inc');
-global $config;
 
-$settings = $config['installedpackages']['squidcache']['config'][0];
+$settings = config_get_path('installedpackages/squidcache/config/0');
 // Only check the cache if Squid is actually caching.
 // If there is no cache then quietly do nothing.
 // If cache dir is located outside of /var/squid hierarchy, log some instructions.
diff --git a/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php b/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php
index 8f8b3bef08bbed6fda3ac5960a35b55cd6438745..4e156065349d22bf1b58d5dafaae9125586c6ed3 100644
--- a/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php
+++ b/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php
@@ -29,10 +29,11 @@ if ($_POST) {
 	// Actions
 	$filter = preg_replace('/(@|!|>|<)/', "", htmlspecialchars($_POST['strfilter']));
 	$program = strtolower($_POST['program']);
+	$conf_path = 'installedpackages/squid/config/0/log_dir';
 	switch ($program) {
 		case 'squid':
 			// Define log file
-			$log = $config['installedpackages']['squid']['config'][0]['log_dir'].'/access.log';
+			$log = config_get_path($conf_path) . '/access.log';
 			// Show table headers
 			show_tds(array("Date", "IP", "Status", "Address", "User", "Destination"));
 			// Fetch lines
@@ -67,7 +68,7 @@ if ($_POST) {
 			break;
 		case 'squid_cache';
 			// Define log file
-			$log = $config['installedpackages']['squid']['config'][0]['log_dir'].'/cache.log';
+			$log = config_get_path($conf_path) . '/cache.log';
 			// Show table headers
 			show_tds(array("Date-Time", "Message"));
 			// Fetch lines
diff --git a/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php b/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php
index cbd2436ff4e8bd72aa30e0cf540c0e0a7683fa76..2cfb4b8e70cd41948b77ae955acd2e56f2b3aa91 100644
--- a/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php
+++ b/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php
@@ -51,11 +51,9 @@ if ($_REQUEST["menu"] == "reverse") {
 display_top_tabs($tab_array);
 
 function squid_status() {
-	global $config;
-
 	if (is_service_running('squid')) {
 		init_config_arr(array('installedpackages', 'squidcache','config'));
-		$proxy_ifaces = explode(",", $config['installedpackages']['squid']['config'][0]['active_interface']);
+		$proxy_ifaces = explode(",", config_get_path('installedpackages/squid/config/0/active_interface', ''));
 		foreach ($proxy_ifaces as $iface) {
 			if (get_interface_ip($iface)) {
 				$ip = get_interface_ip($iface);
diff --git a/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php b/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php
index ce65e1f03e1a3c1d4e1fed9f660efb9876eadc7c..a070dd73c32fddd585b84cd01bc426a24638e76d 100644
--- a/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php
+++ b/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php
@@ -31,7 +31,7 @@ if (file_exists("/usr/local/pkg/squid.inc")) {
 	echo "No squid.inc found. You must have Squid package installed to use this widget.";
 }
 
-if (isset($config['system']['use_mfs_tmpvar'])) {
+if (config_path_enabled('system', 'use_mfs_tmpvar')) {
 	define('PATH_CLAMDB', '/usr/local/share/clamav-db/');
 } else {
 	define('PATH_CLAMDB', '/var/db/clamav/');
@@ -44,7 +44,7 @@ $img = array();
 $img['up'] = '<i class="fa fa-level-up text-success" title="Service running"></i>';
 $img['down'] = '<i class="fa fa-level-down text-danger" title="Service not running"></i>';
 // Update once per minute by default, instead of every 10 seconds
-$widgetperiod = isset($config['widgets']['period']) ? $config['widgets']['period'] * 1000 * 6 : 60000;
+$widgetperiod = config_path_enabled('widgets', 'period') ? config_get_path('widgets/period') * 1000 * 6 : 60000;
 
 function squid_avdb_info($filename) {
 	$stl = "style='padding-top: 0px; padding-bottom: 0px; padding-left: 4px; padding-right: 4px; border-left: 1px solid #999999;'";