From e4a8718f253d6c1a24844d8b6fafcef765c129f3 Mon Sep 17 00:00:00 2001
From: "D. V. Serg" <dvserg@pfsense.org>
Date: Mon, 2 Feb 2009 15:22:15 +0000
Subject: SafeSearch adding

---
 packages/squidGuard/squidguard.inc              | 621 +++++++++++++-----------
 packages/squidGuard/squidguard_acl.xml          |  28 +-
 packages/squidGuard/squidguard_configurator.inc | 496 +++++++++----------
 packages/squidGuard/squidguard_default.xml      |  10 +
 packages/squidGuard/squidguard_rewr.xml         |  22 +-
 5 files changed, 620 insertions(+), 557 deletions(-)

diff --git a/packages/squidGuard/squidguard.inc b/packages/squidGuard/squidguard.inc
index 5628882d..7c97596b 100644
--- a/packages/squidGuard/squidguard.inc
+++ b/packages/squidGuard/squidguard.inc
@@ -47,36 +47,36 @@ define('SQUIDGUARD_WEBGUI_HISTORY_LOG', '/squidguard_gui_history.log');
 
 # ------------------------------------------------------------------------------
 
-define('FLD_NAME',        'name');
-define('FLD_DEST',        'dest');
-define('FLD_SOURCE',      'source');
-define('FLD_DESTINATION', 'dest');
-define('FLD_REWRITE',     'rewrite');
-define('FLD_REDIRECT',    'redirect');
-define('FLD_TIME',        'time');
-define('FLD_OVERDESTINATION', 'overdestination');
-define('FLD_OVERREWRITE',     'overrewrite');
-define('FLD_OVERREDIRECT',    'overredirect');
-define('FLD_TARGETURL',       'targeturl');
-define('FLD_REPLACETO',       'replaceto');
-define('FLD_TIMETYPE',        'timetype');
-define('FLD_TIMEDAYS',        'timedays');
-define('FLD_DATERANGE',       'daterange');
-define('FLD_TIMERANGE',       'sg_timerange');
-define('FLD_IPLIST',          'iplist');
-define('FLD_DESCRIPTION',     'description');
-define('FLD_EXPRESSIONS',     'expressions');
-define('FLD_DOMAINS',         'domains');
-define('FLD_URLS',            'urls');
-define('FLD_DISABLED',        'disabled');
-define('FLD_ENABLELOG',       'enablelog');
-define('FLD_SQUIDGUARDENABLE','squidguard_enable');
-define('FLD_BLACKLIST',       'blacklist');
-
-define('PREFLD_UPTIME',        'uptime_');
-define('PREFLD_UPTIME_DENY',   'uptimedeny_');
-define('PREFLD_OVERTIME',      'overtime_');
-define('PREFLD_OVERTIME_DENY', 'overtimedeny_');
+define('F_NAME',        'name');
+define('F_DEST',        'dest');
+define('F_SOURCE',      'source');
+define('F_DESTINATION', 'dest');
+define('F_REWRITE',     'rewrite');
+define('F_REDIRECT',    'redirect');
+define('F_TIME',        'time');
+define('F_OVERDESTINATION', 'overdestination');
+define('F_OVERREWRITE',     'overrewrite');
+define('F_OVERREDIRECT',    'overredirect');
+define('F_TARGETURL',       'targeturl');
+define('F_REPLACETO',       'replaceto');
+define('F_TIMETYPE',        'timetype');
+define('F_TIMEDAYS',        'timedays');
+define('F_DATERANGE',       'daterange');
+define('F_TIMERANGE',       'sg_timerange');
+define('F_IPLIST',          'iplist');
+define('F_DESCRIPTION',     'description');
+define('F_EXPRESSIONS',     'expressions');
+define('F_DOMAINS',         'domains');
+define('F_URLS',            'urls');
+define('F_DISABLED',        'disabled');
+define('F_ENABLELOG',       'enablelog');
+define('F_SQUIDGUARDENABLE','squidguard_enable');
+define('F_BLACKLIST',       'blacklist');
+
+define('PREF_UPTIME',        'uptime_');
+define('PREF_UPTIME_DENY',   'uptimedeny_');
+define('PREF_OVERTIME',      'overtime_');
+define('PREF_OVERTIME_DENY', 'overtimedeny_');
 
 define('MODULE_GENERAL',         'squidguardgeneral');
 define('MODULE_DEFAULT',         'squidguarddefault');
@@ -94,18 +94,16 @@ define('BLACKLIST_BTN_URL',     'Upload Url');
 define('BLACKLIST_BTN_LAST',    'Restore last');
 
 define('BLACKLIST_LOGFILE',     'blacklist.log');
-
 define('APPLY_BTN', 'Apply');
-
 define('WEBGUI_HISTORY_LOG', 'on');
-
 define('TEST_LOG', '/var/tmp/sqtest.test');
+define('SAFESEARCH', 'safesearch');
 
 # ==============================================================================
 # Initialization
 # ==============================================================================
+# use global variable $squidguard_config, defined in squidguard_configurator.inc
 sg_init(convert_pfxml_to_sgxml());
-# file_put_contents("/var/tmp/sg.xml", $squidguard_config); # Test
 
 # ==============================================================================
 # Validations
@@ -117,6 +115,7 @@ function squidguard_validate($post, $input_errors)
     # check config if 'Apply'
     if ($submit === APPLY_BTN)  sg_check_config_data(&$input_errors);
 }
+
 # ------------------------------------------------------------------------------
 # validate default
 # ------------------------------------------------------------------------------
@@ -130,7 +129,6 @@ function squidguard_validate_default($post, $input_errors)
 # ------------------------------------------------------------------------------
 function squidguard_validate_acl($post, $input_errors)
 {
-    global $config;
     $pass_up = array();
     $deny_up = array();
     $pass_up_val = '';
@@ -140,26 +138,26 @@ function squidguard_validate_acl($post, $input_errors)
     $id = get_item_id();
 
     # check name ('source')
-    $name = trim($post[FLD_NAME]);
+    $name = trim($post[F_NAME]);
     if(!empty($name)) {
         # validate name format
         check_name_format($name, &$input_errors);
 
         # check unique name
-        if (!sg_check_unique_name(FLD_ACLS, $id, $name))
+        if (!sg_check_unique_name(F_ACLS, $name))
             $input_errors[] = "Name '$name' already exists.";
 
         # check source
         $sgx = array();
-        $sgx[FLD_NAME] = $post[FLD_NAME];
-        $sgx[FLD_SOURCE] = $post[FLD_SOURCE];
+        $sgx[F_NAME] = $post[F_NAME];
+        $sgx[F_SOURCE] = $post[F_SOURCE];
         sg_check_src($sgx, &$input_errors);
     }
 
     # store destinations to 'dest' value
     foreach ($post as $key => $val) {
-        if (substr_count($key, PREFLD_UPTIME) != 0) {
-            $name = str_replace(PREFLD_UPTIME, '', $key);
+        if (substr_count($key, PREF_UPTIME) != 0) {
+            $name = str_replace(PREF_UPTIME, '', $key);
             if ($name) {
                 switch($val) {
                     case "allow": $pass_up_val .= " $name";  break;
@@ -168,8 +166,8 @@ function squidguard_validate_acl($post, $input_errors)
                 }
             }
         }
-        elseif (substr_count($key, PREFLD_OVERTIME) != 0) {
-            $name = str_replace(PREFLD_OVERTIME, '', $key);
+        elseif (substr_count($key, PREF_OVERTIME) != 0) {
+            $name = str_replace(PREF_OVERTIME, '', $key);
             if ($name) {
                 switch($val) {
                     case "allow": $pass_over_val .= " $name";  break;
@@ -192,12 +190,12 @@ function squidguard_validate_acl($post, $input_errors)
     }
 
     if (empty($pass_over_val))
-         $post[FLD_DEST] = "$pass_up_val";
-    else $post[FLD_DEST] = "$pass_up_val [$pass_over_val]";
+         $post[F_DEST] = "$pass_up_val";
+    else $post[F_DEST] = "$pass_up_val [$pass_over_val]";
 
     # check redirect
     $errmsg = '';
-    if (!sg_check_redirect($post[FLD_RMOD], $post[FLD_REDIRECT], &$errmsg)) {
+    if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], &$errmsg)) {
          $input_errors[] = "Redirect info error. $errmsg";
     }
 }
@@ -213,38 +211,38 @@ function squidguard_validate_times($post, $input_errors)
     $id = get_item_id();
 
     # check name
-    $name = trim($post[FLD_NAME]);
+    $name = trim($post[F_NAME]);
     if(!empty($name)) {
         check_name_format($name, &$input_errors);
 
         # check unique name
-        if (!sg_check_unique_name(MODULE_TIME, $id, $name))
+        if (!sg_check_unique_name(F_TIMES, $name))
              $input_errors[] = "Name '$name' already exists";
     }
 
     # --- check format ---
     $sgx = array();
-    $sgx[FLD_NAME] = $post[FLD_NAME];
-    $sgx[FLD_DESCRIPTION] = $post[FLD_DESCRIPTION];
+    $sgx[F_NAME] = $post[F_NAME];
+    $sgx[F_DESCRIPTION] = $post[F_DESCRIPTION];
     # fields of $post have 'fnameX' format
-    for ($i=0; isset($post[FLD_TIMETYPE."$i"]); $i++) {
+    for ($i=0; isset($post[F_TIMETYPE."$i"]); $i++) {
         # correct and update
-        if (strtolower($post[FLD_TIMETYPE."$i"]) === "date") {
-             $post[FLD_TIMEDAYS."$i"] = '*';
+        if (strtolower($post[F_TIMETYPE."$i"]) === "date") {
+             $post[F_TIMEDAYS."$i"] = '*';
              # date cant be empty
-             if (trim($post[FLD_DATERANGE."$i"]) == '') $post[FLD_DATERANGE."$i"] = "*.*.*";
+             if (trim($post[F_DATERANGE."$i"]) == '') $post[F_DATERANGE."$i"] = "*.*.*";
         }
-        else $post[FLD_DATERANGE."$i"] = '';
+        else $post[F_DATERANGE."$i"] = '';
 
-        if (trim($post[FLD_TIMERANGE."$i"]) == '') $post[FLD_TIMERANGE."$i"] = "00:00-23:59";
+        if (trim($post[F_TIMERANGE."$i"]) == '') $post[F_TIMERANGE."$i"] = "00:00-23:59";
 
         # $post->xml
         $sgx_row = array();
-        $sgx_row[FLD_TIMETYPE]  = $post[FLD_TIMETYPE."$i"];
-        $sgx_row[FLD_TIMEDAYS]  = $post[FLD_TIMEDAYS."$i"];
-        $sgx_row[FLD_DATERANGE] = $post[FLD_DATERANGE."$i"];
-        $sgx_row[FLD_TIMERANGE] = $post[FLD_TIMERANGE."$i"];
-        $sgx[FLD_ITEM][] = $sgx_row;
+        $sgx_row[F_TIMETYPE]  = $post[F_TIMETYPE."$i"];
+        $sgx_row[F_TIMEDAYS]  = $post[F_TIMEDAYS."$i"];
+        $sgx_row[F_DATERANGE] = $post[F_DATERANGE."$i"];
+        $sgx_row[F_TIMERANGE] = $post[F_TIMERANGE."$i"];
+        $sgx[F_ITEM][] = $sgx_row;
     }
     #
     sg_check_time($sgx, &$input_errors);
@@ -256,23 +254,23 @@ function squidguard_validate_times($post, $input_errors)
 # ------------------------------------------------------------------------------
 function squidguard_validate_destination($post, $input_errors) {
     # check name
-    $name = trim($post[FLD_NAME]);
+    $name = trim($post[F_NAME]);
     if(!empty($name)) {
         check_name_format($name, &$input_errors);
 
         # check unique name
-        if (!sg_check_unique_name(MODULE_DESTINATION, $name))
+        if (!sg_check_unique_name(F_DESTINATIONS, $name))
              $input_errors[] = "Name '$name' already exists";
     }
 
     # --- check format ---
     $sgx = array();
-    $sgx[FLD_NAME]        = $post[FLD_NAME];
-    $sgx[FLD_URLS]        = $post[FLD_URLS];
-    $sgx[FLD_DOMAINS]     = $post[FLD_DOMAINS];
-    $sgx[FLD_EXPRESSIONS] = $post[FLD_EXPRESSIONS];
-    $sgx[FLD_RMOD]        = $post[FLD_RMOD];
-    $sgx[FLD_REDIRECT]    = $post[FLD_REDIRECT];
+    $sgx[F_NAME]        = $post[F_NAME];
+    $sgx[F_URLS]        = $post[F_URLS];
+    $sgx[F_DOMAINS]     = $post[F_DOMAINS];
+    $sgx[F_EXPRESSIONS] = $post[F_EXPRESSIONS];
+    $sgx[F_RMOD]        = $post[F_RMOD];
+    $sgx[F_REDIRECT]    = $post[F_REDIRECT];
     #
     sg_check_dest($sgx, &$input_errors);
 }
@@ -282,13 +280,13 @@ function squidguard_validate_destination($post, $input_errors) {
 # ------------------------------------------------------------------------------
 function squidguard_validate_rewrite($post, $input_errors) {
          # check name
-         $name = trim($post[FLD_NAME]);
+         $name = trim($post[F_NAME]);
          if(!empty($name)) {
              # check name format <char><symbols without space> - Ab123
              check_name_format($name, &$input_errors);
 
              # check unique name
-             if (!sg_check_unique_name(MODULE_REWRITE, $name))
+             if (!sg_check_unique_name(F_REWRITES, $name))
                  $input_errors[] = "Name '$name' already exists";
          }
 }
@@ -297,8 +295,6 @@ function squidguard_validate_rewrite($post, $input_errors) {
 # squidguard_resync
 # -----------------------------------------------------------------------------
 function squidguard_resync() {
-    global $config;
-    $conf = $config['installedpackages'][MODULE_GENERAL]['config'][0];
     $upload_file = '';
     $submit = '';
     $url    = '';
@@ -309,22 +305,22 @@ function squidguard_resync() {
     $proxy  = isset($_POST['blacklist_proxy']) ? $_POST['blacklist_proxy'] : $_GET['blacklist_proxy'];
 
     # blacklist upload
-   if ($submit == BLACKLIST_BTN_URL) {
-       if ($url)
-           sg_reconfigure_blacklist($url, $proxy);
-   }
-
-   # blacklist restore last (if exists)
-   if ($submit == BLACKLIST_BTN_LAST) {
-       restore_arc_blacklist();
-   }
-
-   # apply changes
-   if ($submit == APPLY_BTN) {
+    if ($submit == BLACKLIST_BTN_URL) {
+        if ($url)
+            sg_reconfigure_blacklist($url, $proxy);
+    }
+
+    # blacklist restore last (if exists)
+    if ($submit == BLACKLIST_BTN_LAST) {
+        restore_arc_blacklist();
+    }
+
+    # apply changes
+    if ($submit == APPLY_BTN) {
 #           write_config('Update squidGuard options.'); # store, if not 'Save' button
 # перенести в validate для детектирования ошибок?
-       sg_reconfigure();
-   }
+        sg_reconfigure();
+    }
 }
 
 # -----------------------------------------------------------------------------
@@ -332,53 +328,36 @@ function squidguard_resync() {
 # -----------------------------------------------------------------------------
 
 function squidguard_resync_acl() {
-    global $config;
+    global $config; # !!! ORDER !!!
+
     $conf = $config['installedpackages'][MODULE_ACL]['config'];
     $id = isset($_POST['id']) ? $_POST['id'] : $_GET['id'];
 
     # --- sources part ---
     # move current id by order
-    if (($id !== '') and is_array($conf) /*and ($id !== intval($conf[$id]['order']))*/) {
-
+    if (($id !== '') and is_array($conf)) {
         $src_new = array();
+
         foreach ($conf as $key => $src) {
-            $order = $src['order'];
-            $n_key = '';    # n_key: [order]_x[key]; x: =0[up]; = 5[nothing]; =9[down];
-
-            $k1    = sprintf("%04d", $order);
-            $k3    = sprintf("%04d", $key);
-
-            # new: move to last
-            if (!isset($src['order']) or ($src['order'] === ''))
-                $n_key = "99995{$k3}";
-            # current: moveup; movedown; nothing;
-            elseif (intval($key) === intval($id)) {
-                if (intval($order) < intval($key))
-                    $n_key = "{$k1}0{$k3}";
-                elseif (intval($order) > intval($key))
-                    $n_key = "{$k1}9{$k3}";
-                else
-                    $n_key = "{$k1}5{$k3}";
-                # other: nothing
-            } else
-                $n_key = "{$k1}5{$k3}";
-            # update with key
+            $order = $src[F_ORDER];
+            # n_key: no_move=$key+$order or move=$order+$key
+            $n_key = is_numeric($order) ? sprintf("%04d%04d", $order, $key) : sprintf("%04d%04d", $key, 9999);
+            unset($src[F_ORDER]); # ! must be unset for display correct default position in 'select'!
             $src_new[$n_key] = $src;
         }
         # sort by key
         ksort($src_new);
         reset($src_new);
 
-        # make keys '0, 1, 2, ...', and update order
-        $src_new = array_values($src_new);
-        foreach ($src_new as $key => $src) {
-            $src_new[$key]['order'] = $key;
-        }
+        $src_new = array_values($src_new); # make keys '0, 1, 2, ...'
 
         # renew config
         unset ($config['installedpackages'][MODULE_ACL]['config']);
         $config['installedpackages'][MODULE_ACL]['config'] = $src_new;
         write_config('Update squidguardacl config');
+
+        # renew global $squidguard_config
+        sg_init(convert_pfxml_to_sgxml());
     }
 }
 
@@ -387,14 +366,27 @@ function squidguard_resync_acl() {
 # =============================================================================
 
 # -----------------------------------------------------------------------------
-# get_pkg_items_list
+# get_pkgconf/sgconf_items_list
 # -----------------------------------------------------------------------------
-function get_pkg_items_list($pkg_gui_name, $fieldname) {
-    $res = '';
+function get_pkgconf_items_list($pkg_gui_name, $fieldname) {
     global $config;
+    $res = '';
+
     $conf = $config['installedpackages'][$pkg_gui_name]['config'];
     if (is_array($conf))
         foreach($conf as $cf) $res[] = $cf[$fieldname];
+
+    return $res;
+}
+
+function get_sgconf_items_list($data_group, $fieldname) {
+    global $squidguard_config;
+    $res = '';
+
+    $conf = $squidguard_config[$data_group]['item'];
+    if (is_array($conf))
+        foreach($conf as $cf) $res[] = $cf[$fieldname];
+
     return $res;
 }
 
@@ -428,12 +420,13 @@ function squidguard_before_form($pkg) {
     }
 }
 
-
 # -----------------------------------------------------------------------------
 # squidguard_before_form_acl
 # -----------------------------------------------------------------------------
 function squidguard_before_form_acl($pkg, $is_acl=true) {
-    global $config, $g;
+    global $g;
+    global $squidguard_config;
+
     $current_id   = '';
     $sources      = '';
     $source_items = '';
@@ -449,23 +442,8 @@ function squidguard_before_form_acl($pkg, $is_acl=true) {
     $current_id = isset($_POST['id']) ? $_POST['id'] : $_GET['id'];
     $current_id = ($current_id) ? $current_id : 0;
 
-    # 'source' part of 'acl' page
-    # order option
-    $i=0;
-    foreach($pkg['fields']['field'] as $field) {
-        if ($field['fieldname'] === 'order') {
-            $fld = &$pkg['fields']['field'][$i];
-            $img_up   = "<img src='./themes/{$g['theme']}/images/icons/icon_up.gif'   title='move up' width='17'   height='17' border='0' onclick='on_moveup()'>";
-            $img_down = "<img src='./themes/{$g['theme']}/images/icons/icon_down.gif' title='move down' width='17' height='17' border='0' onclick='on_movedown()'>";
-            $s        = "<b>Move to:</b> $img_up $img_down <br> {$fld['description']}";
-            $fld['description'] = $s;
-        }
-        $i++;
-    }
-    unset($i);
-
     # sources
-    $source_items = get_pkg_items_list('squidguardsrc', 'name');
+    $source_items = get_sgconf_items_list(F_SOURCES, 'name');
     # generate sources list TODO: exclude used names from list, source name used in ACL unique
     $i=0;
     foreach($pkg['fields']['field'] as $field) {
@@ -476,6 +454,14 @@ function squidguard_before_form_acl($pkg, $is_acl=true) {
                     $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm);
             }
         }
+        # test
+        if (is_array($source_items) && $field['fieldname'] == 'order') {
+            $fld = &$pkg['fields']['field'][$i];
+            foreach($source_items as $nmkey => $nm)
+            	$fld['options']['option'][] = array('name'=>$nm, 'value'=>$nmkey);
+           	$fld['options']['option'][] = array('name'=>'--- Last ---', 'value'=>'9999');
+           	$fld['options']['option'][] = array('name'=>'-----', 'value'=>''); # ! this is must be last !
+        }
         $i++;
     }
 
@@ -483,8 +469,10 @@ function squidguard_before_form_acl($pkg, $is_acl=true) {
     # acls pass ---> prepare data for destinations; dest format 'uptime_dests_list [overtime_dests_list]'
     $acl_dest = '';
 
-    $current_id = ($pkg['name'] !== MODULE_DEFAULT) ? $current_id : 0;
-        $acl_dest = $config['installedpackages'][$pkg['name']]['config'][$current_id]['dest'];
+    # acl & default
+    if ($pkg['name'] !== MODULE_DEFAULT)
+         $acl_dest = $squidguard_config[F_ACLS]['item'][$current_id][F_DESTINATIONNAME];
+    else $acl_dest = $squidguard_config[F_DEFAULT][F_DESTINATIONNAME];
 
     if ($acl_dest) {
         $overtime = '';
@@ -516,11 +504,8 @@ function squidguard_before_form_acl($pkg, $is_acl=true) {
     }
 
     # --- Destinations ---
-    $general_cfg = $config['installedpackages'][MODULE_GENERAL]['config'][0];
-    $dest_cfg = $config['installedpackages'][MODULE_DESTINATION]['config'];
-
     # Blacklist
-    if ($general_cfg['blacklist'] === 'on') {
+    if ($squidguard_config[F_BLACKLISTENABLED] === 'on') {
         $blk_entries = sg_entries_blacklist();
         if (!empty($blk_entries)) {
             foreach($blk_entries as $dst)
@@ -532,12 +517,12 @@ function squidguard_before_form_acl($pkg, $is_acl=true) {
     }
 
     # User destinations
-    if ($dest_cfg) {
-        foreach($dest_cfg as $dst)
-            $dest_items[] = array ('name'=>$dst[FLD_NAME],
-                                   'upt_value'=>$acls_up[$dst[FLD_NAME]],
-                                   'ovt_value'=>$acls_over[$dst[FLD_NAME]],
-                                   'description'=>$dst[FLD_DESCRIPTION]);
+    if ($squidguard_config[F_DESTINATIONS]) {
+        foreach($squidguard_config[F_DESTINATIONS] as $dst)
+            $dest_items[] = array ('name'=>$dst[F_NAME],
+                                   'upt_value'=>$acls_up[$dst[F_NAME]],
+                                   'ovt_value'=>$acls_over[$dst[F_NAME]],
+                                   'description'=>$dst[F_DESCRIPTION]);
     }
 
     # Default all
@@ -556,7 +541,7 @@ function squidguard_before_form_acl($pkg, $is_acl=true) {
     }
 
     # rewrites
-    $rewr_names = get_pkg_items_list(MODULE_REWRITE, 'name');
+    $rewr_names = get_sgconf_items_list(F_REWRITES, 'name');
     $i=0;
     foreach($pkg['fields']['field'] as $field) {
         if (($field['fieldname'] == 'rewrite') || ($field['fieldname'] == 'overrewrite')) {
@@ -571,7 +556,7 @@ function squidguard_before_form_acl($pkg, $is_acl=true) {
     }
 
     # - set times field -
-    $time_names = get_pkg_items_list('squidguardtime', 'name');
+    $time_names = get_sgconf_items_list(F_TIMES, 'name');
     $i=0;
     foreach($pkg['fields']['field'] as $field) {
         if ($field['fieldname'] === 'time') {
@@ -593,6 +578,7 @@ function squidguard_before_form_acl($pkg, $is_acl=true) {
 define('LOGSHOW_BUFSIZE', 16384);
 
 function squidguard_before_form_log($pkg) {
+	# ! nothing for config - only report. Possible use global $config !
     global $config;
     $i=0;
     $move_pos = 0;
@@ -728,7 +714,8 @@ function squidguard_before_form_log($pkg) {
 # -----------------------------------------------------------------------------
 function make_grid_general_items($id = '')
 {
-    global $config;
+    global $squidguard_config;
+
     $bg_color = "bgcolor='#dddddd'";
     $res = '';
     $res .= "<table width='100%'>";
@@ -749,7 +736,7 @@ function make_grid_general_items($id = '')
         $res .= "<tr $bg_color><td><big>SquidGuard service state: <b>$sgstate</b></big></td></tr>";
     }
     elseif ($id === 'gui_log') {
-        if ($config['installedpackages']['squidguardgeneral']['config'][0]['view_gui_log'] == 'on') {
+        if ($squidguard_config['view_gui_log'] == 'on') {
             $log_content = sg_getlog(50);
             $log_content = str_replace("\n","<br>", $log_content);
             $res .= "<tr $bg_color><td><font size='-1'><b>Web GUI log (Latest 50)</b></font></td></tr>";
@@ -776,6 +763,8 @@ function make_grid_blacklist() {
 # make_grid_controls
 # -----------------------------------------------------------------------------
 function make_grid_controls($type, $items, $enable_overtime = true) {
+    global $g;
+
     $res = '';
     $tbl = '';
     $color = '';
@@ -819,7 +808,7 @@ function make_grid_controls($type, $items, $enable_overtime = true) {
 
         $tbl .= "<tr>";
         # uptime table
-        $tnm  = PREFLD_UPTIME . $name;
+        $tnm  = PREF_UPTIME . $name;
         $tbl .= "<td $color></td>";
         $tbl .= "<td $color>$description [$name]</td>";
         $tbl .= "<td $color>access</td>";
@@ -838,7 +827,7 @@ function make_grid_controls($type, $items, $enable_overtime = true) {
 
         # overtime table
         if ($enable_overtime) {
-            $tnm  = PREFLD_OVERTIME . $name;
+            $tnm  = PREF_OVERTIME . $name;
             $tbl .= "<td $color></td>";
             $tbl .= "<td $color>$description [$name]</td>";
             $tbl .= "<td $color>access</td>";
@@ -864,9 +853,9 @@ function make_grid_controls($type, $items, $enable_overtime = true) {
         $thdr = '';
         $hdr1up = "<big>Destination rules</big>";
         $hdr1ov = "<big>Destination rules in overtime</big>";
-        $hds3   = "Rules priority: [1]: 'white'(whitelist); [2]: 'deny'(blacklist); [3]: 'allow'; [4]: end-rule('allow' ro 'deny'). For permit of the exceptions from blacklist, use 'white' option.";
+        $hds3   = "ACCESS: 'white' - always pass; 'deny' - block; 'allow' - pass, if not blocked.";
         if ($enable_overtime) {
-            $thdr .= "<tr><td colspan='8' align=left>$hds3<hr></td></tr>";
+            $thdr .= "<tr><td colspan='8' align=left>$hds3</td></tr>";
             $thdr .= "<tr $color><th colspan='4' align=middle>$hdr1up</th><th colspan='4' align=middle>$hdr1ov</th></tr>";
             $thdr .= "<tr $color><td colspan='4' align=middle></td><td colspan='4' align=middle>If <b>'Time'</b> not defined, this ruleset will be ignored</td></tr>";
             # formatting
@@ -880,6 +869,19 @@ function make_grid_controls($type, $items, $enable_overtime = true) {
         }
 
         $res .= "<table cellspacing='0' width='100%'> $thdr $tbl </table>";
+
+        $rstyle = "";
+	 $ha = "<div $color>" .
+              "<span onClick='document.getElementById(\"destrules\").style.display = \"block\";' style=\"cursor: pointer;\">" .
+              "<font size='-12'><big>Destination ruleset (click)</big>&nbsp;" .
+              "<img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Show rules'>&nbsp;" .
+              "</span>" .
+               "<span style=\"cursor: pointer;\">" .
+              "<img src='./themes/{$g['theme']}/images/icons/icon_block.gif' title='Hide rules' onClick='document.getElementById(\"destrules\").style.display = \"none\";'>" .
+              "</span>" .
+              "</div>";
+        $res = "<hr>$ha<div id=\"destrules\" style='DISPLAY: none'>$res</div>";
+
     }
     return $res;
 }
@@ -891,8 +893,7 @@ function sg_check_unique_name($module_id, $name, $log='') {
     $res = true;
     $id = (isset($_GET['id'])) ? $_GET['id'] : $_POST['id'];
 
-    $name_list = get_pkg_items_list($module_id, 'name');
-    $name_list_count = count($name_list);
+    $name_list = get_sgconf_items_list($module_id, 'name');
     $name_val = (is_array($name_list)) ? array_count_values($name_list) : array();
     $count_names = $name_val[$name];
 
@@ -901,7 +902,7 @@ function sg_check_unique_name($module_id, $name, $log='') {
     if ($count_names === 1) {
         $nm_key = array_search($name, $name_list);
         # if this new record
-        if ($id >= $name_list_count) { $res = false; }
+        if ($id >= count($name_list)) { $res = false; }
         # if not self record
         elseif ($nm_key && (intval($id) !== intval($nm_key))) { $res = false; }
     }
@@ -945,7 +946,6 @@ function squidguard_deinstall_command() {
 # ------------------------------------------------------------------------------
 # SquidGuard print JavaSrcript
 # ------------------------------------------------------------------------------
-
 function squidGuard_print_javascript() {
     $javascript = '';
 
@@ -965,31 +965,6 @@ function squidGuard_print_javascript() {
         $javascript .= "\n<script language='JavaScript'>";
         $javascript .= "\n<!--";
         $javascript .= "\n    document.iform.dest.disabled=1;";
-        # source JS part
-        $javascript .= "\n    function on_updatecontrols() {";
-        $javascript .= "\n        document.iform.elements['order'].disabled = 0;";
-        $javascript .= "\n        document.iform.elements['order'].onfocus = on_orderfocus;";
-        $javascript .= "\n    }";
-        $javascript .= "\n    function on_orderfocus() {";
-        $javascript .= "\n        document.iform.elements['order'].blur();";
-        $javascript .= "\n    }";
-        $javascript .= "\n    function on_moveup() {";
-        $javascript .= "\n        var order = parseInt(document.iform.elements['order'].value)";
-        $javascript .= "\n        if (order > 0)";
-        $javascript .= "\n             order = order - 1;";
-        $javascript .= "\n        else order = 0;";
-        $javascript .= "\n        document.iform.elements['order'].value = order;";
-        $javascript .= "\n    }";
-        $javascript .= "\n    function on_movedown() {";
-        $javascript .= "\n        var order = parseInt(document.iform.elements['order'].value)";
-        $javascript .= "\n        if (order >= 0)";
-        $javascript .= "\n             order = order + 1;";
-        $javascript .= "\n        else order = 0;";
-        $javascript .= "\n        document.iform.elements['order'].value = order;";
-        $javascript .= "\n    }";
-        $javascript .= "\n    on_updatecontrols();";
-        $javascript .= "\n    ";
-        # end source JS part
         $javascript .= "\n//-->";
         $javascript .= "\n</script>";
 
@@ -1066,19 +1041,22 @@ function convert_pfxml_to_sgxml() {
     $sgxml = array();
     $pfxml = $config['installedpackages'][MODULE_GENERAL]['config'][0];
 
-    $sgxml[FLD_LOGDIR]           = SQUIDGUARD_LOGDIR;
-    $sgxml[FLD_DBHOME]           = SQUIDGUARD_DBHOME;
-    $sgxml[FLD_BINPATH]          = SQUIDGUARD_BINPATH;
-    $sgxml[FLD_WORKDIR]          = SQUIDGUARD_WORKDIR;
-    $sgxml[FLD_SGCONF_XML]       = SQUIDGUARD_WORKDIR . SQUIDGUARD_CONFXML;
-    $sgxml[FLD_ENABLED]          = $pfxml[FLD_SQUIDGUARDENABLE];
-    $sgxml[FLD_BLACKLISTENABLED] = $pfxml[FLD_BLACKLIST];
-    $sgxml[FLD_SOURCES]          = convert_pfxml_to_sgxml_source($config);
-    $sgxml[FLD_DESTINATIONS]     = convert_pfxml_to_sgxml_destination($config);
-    $sgxml[FLD_REWRITES]         = convert_pfxml_to_sgxml_rewrite($config);
-    $sgxml[FLD_TIMES]            = convert_pfxml_to_sgxml_time($config);
-    $sgxml[FLD_ACLS]             = convert_pfxml_to_sgxml_acl($config);
-    $sgxml[FLD_DEFAULT]          = convert_pfxml_to_sgxml_default($config);
+    $sgxml[F_LOGDIR]           = SQUIDGUARD_LOGDIR;
+    $sgxml[F_DBHOME]           = SQUIDGUARD_DBHOME;
+    $sgxml[F_BINPATH]          = SQUIDGUARD_BINPATH;
+    $sgxml[F_WORKDIR]          = SQUIDGUARD_WORKDIR;
+    $sgxml[F_SGCONF_XML]       = SQUIDGUARD_WORKDIR . SQUIDGUARD_CONFXML;
+    $sgxml[F_ENABLED]          = $pfxml[F_SQUIDGUARDENABLE];
+    $sgxml[F_BLACKLISTENABLED] = $pfxml[F_BLACKLIST];
+    $sgxml[F_SOURCES]          = convert_pfxml_to_sgxml_source($config);
+    $sgxml[F_DESTINATIONS]     = convert_pfxml_to_sgxml_destination($config);
+    $sgxml[F_REWRITES]         = convert_pfxml_to_sgxml_rewrite($config);
+    $sgxml[F_TIMES]            = convert_pfxml_to_sgxml_time($config);
+    $sgxml[F_ACLS]             = convert_pfxml_to_sgxml_acl($config);
+    $sgxml[F_DEFAULT]          = convert_pfxml_to_sgxml_default($config);
+
+	# other
+    $sgxml['view_gui_log'] = $pfxml['view_gui_log'];
 
     # transparent
     $squidxml = $config['installedpackages']['squid']['config'][0];
@@ -1087,20 +1065,20 @@ function convert_pfxml_to_sgxml() {
         $guiport = $config['system']['webgui']['port'];
         $guiprotocol = $config['system']['webgui']['protocol'];
 
-        $sgxml[FLD_SQUID_TRANSPARENT_MODE] = 'on';
-        $sgxml[FLD_CURRENT_LAN_IP] = $lanip;
-        $sgxml[FLD_CURRENT_GUI_PORT] = $guiport;
-        $sgxml[FLD_CURRENT_GUI_PROTO] = $guiprotocol;
+        $sgxml[F_SQUID_TRANSPARENT_MODE] = 'on';
+        $sgxml[F_CURRENT_LAN_IP] = $lanip;
+        $sgxml[F_CURRENT_GUI_PORT] = $guiport;
+        $sgxml[F_CURRENT_GUI_PROTO] = $guiprotocol;
     } else {
-        unset($sgxml[FLD_SQUID_TRANSPARENT_MODE]);
-        unset($sgxml[FLD_CURRENT_LAN_IP]);
-        unset($sgxml[FLD_CURRENT_GUI_PORT]);
-        unset($sgxml[FLD_CURRENT_GUI_PROTO]);
+        unset($sgxml[F_SQUID_TRANSPARENT_MODE]);
+        unset($sgxml[F_CURRENT_LAN_IP]);
+        unset($sgxml[F_CURRENT_GUI_PORT]);
+        unset($sgxml[F_CURRENT_GUI_PROTO]);
     }
 
     # store cfg cache
-    $cfg_xml = dump_xml_config($sgxml, FLD_SQUIDGUARD);
-    file_put_contents($sgxml[FLD_SGCONF_XML], $cfg_xml);
+    $cfg_xml = dump_xml_config($sgxml, F_SQUIDGUARD);
+    file_put_contents($sgxml[F_SGCONF_XML], $cfg_xml);
 
     return $sgxml;
 }
@@ -1117,15 +1095,15 @@ function convert_pfxml_to_sgxml() {
 # Source IP and domain move to one field, added 'username'.
 function convert_pfxml_to_sgxml_source($pfconfig) {
     $sgxml = array();
-    $pfxml = $pfconfig['installedpackages']['squidguardacl']['config'];
+    $pfxml = $pfconfig['installedpackages'][MODULE_ACL]['config'];
     if (is_array($pfxml)) {
         foreach($pfxml as $pfx) {
             $sgx = array();
-            $sgx[FLD_NAME]        = $pfx['name'];
-            $sgx[FLD_SOURCE]      = $pfx[FLD_SOURCE];
-            $sgx[FLD_LOG]         = $pfx[FLD_ENABLELOG];
-            $sgx[FLD_DESCRIPTION] = $pfx['description'];
-            $sgxml[FLD_ITEM][]    = $sgx;
+            $sgx[F_NAME]        = $pfx['name'];
+            $sgx[F_SOURCE]      = $pfx[F_SOURCE];
+            $sgx[F_LOG]         = $pfx[F_ENABLELOG];
+            $sgx[F_DESCRIPTION] = $pfx['description'];
+            $sgxml[F_ITEM][]    = $sgx;
          }
     }
     return $sgxml;
@@ -1137,19 +1115,19 @@ function convert_pfxml_to_sgxml_source($pfconfig) {
 # -----------------------------------------------------------------
 function convert_pfxml_to_sgxml_destination($pfconfig) {
     $sgxml = array();
-    $pfxml = $pfconfig['installedpackages']['squidguarddest']['config'];
+    $pfxml = $pfconfig['installedpackages'][MODULE_DESTINATION]['config'];
     if (is_array($pfxml)) {
         foreach($pfxml as $pfx) {
             $sgx = array();
-            $sgx[FLD_NAME]         = $pfx['name'];
-            $sgx[FLD_URLS]         = $pfx['urls'];
-            $sgx[FLD_DOMAINS]      = $pfx[FLD_DOMAINS];
-            $sgx[FLD_EXPRESSIONS]  = $pfx['expressions'];
-            $sgx[FLD_RMOD]         = isset($pfx[FLD_RMOD]) ? $pfx[FLD_RMOD] : RMOD_NONE;
-            $sgx[FLD_REDIRECT]     = $pfx[FLD_REDIRECT];
-            $sgx[FLD_DESCRIPTION]  = $pfx['description'];
-            $sgx[FLD_LOG]          = $pfx[FLD_ENABLELOG];
-            $sgxml[FLD_ITEM][]     = $sgx;
+            $sgx[F_NAME]         = $pfx['name'];
+            $sgx[F_URLS]         = $pfx['urls'];
+            $sgx[F_DOMAINS]      = $pfx[F_DOMAINS];
+            $sgx[F_EXPRESSIONS]  = $pfx['expressions'];
+            $sgx[F_RMOD]         = isset($pfx[F_RMOD]) ? $pfx[F_RMOD] : RMOD_NONE;
+            $sgx[F_REDIRECT]     = $pfx[F_REDIRECT];
+            $sgx[F_DESCRIPTION]  = $pfx['description'];
+            $sgx[F_LOG]          = $pfx[F_ENABLELOG];
+            $sgxml[F_ITEM][]     = $sgx;
         }
     }
     return $sgxml;
@@ -1162,26 +1140,36 @@ function convert_pfxml_to_sgxml_destination($pfconfig) {
 function convert_pfxml_to_sgxml_rewrite($pfconfig) {
     $sgxml = array();
 
-    $pfxml = $pfconfig['installedpackages']['squidguardrewrite']['config'];
+    $pfxml = $pfconfig['installedpackages'][MODULE_REWRITE]['config'];
     if (is_array($pfxml)) {
         foreach($pfxml as $pfx) {
             $sgx = array();
-            $sgx[FLD_NAME]        = $pfx['name'];
-            $sgx[FLD_DESCRIPTION] = $pfx['description'];
-            $sgx[FLD_LOG]         = $pfx[FLD_ENABLELOG];
+            $sgx[F_NAME]        = $pfx['name'];
+            $sgx[F_DESCRIPTION] = $pfx['description'];
+            $sgx[F_LOG]         = $pfx[F_ENABLELOG];
 
             if (is_array($pfx['row'])) {
                 foreach($pfx['row'] as $pfx_row) {
                     $sgx_row = array();
-                    $sgx_row[FLD_TARGETURL] = $pfx_row['targeturl'];
-                    $sgx_row[FLD_REPLACETO] = $pfx_row['replaceto'];
-                    $sgx[FLD_ITEM][] = $sgx_row;
+                    $sgx_row[F_TARGETURL] = $pfx_row['targeturl'];
+                    $sgx_row[F_REPLACETO] = $pfx_row['replaceto'];
+
+                    $mode = '';
+                    if (strpos($pfx_row[F_MODE], 'nocase') !== false) $mode .= 'i';
+                    if (strpos($pfx_row[F_MODE], 'redirect') !== false) $mode .= 'r';
+                    $sgx_row[F_MODE] = $mode; # ! sys options only  - not for GUI !
+
+                    $sgx[F_ITEM][] = $sgx_row;
                  }
             }
 
-            $sgxml[FLD_ITEM][] = $sgx;
+            $sgxml[F_ITEM][] = $sgx;
         }
     }
+
+    # additional: google safeserach
+    $sgxml[F_ITEM][] = squidguard_adt_rewrite_safesrch();
+
     return $sgxml;
 }
 
@@ -1192,25 +1180,25 @@ function convert_pfxml_to_sgxml_rewrite($pfconfig) {
 function convert_pfxml_to_sgxml_time($pfconfig) {
     $sgxml = array();
 
-    $pfxml = $pfconfig['installedpackages']['squidguardtime']['config'];
+    $pfxml = $pfconfig['installedpackages'][MODULE_TIME]['config'];
     if (is_array($pfxml)) {
         foreach($pfxml as $pfx) {
             $sgx = array();
-            $sgx[FLD_NAME]                = $pfx[FLD_NAME];
-            $sgx[FLD_DESCRIPTION]        = $pfx[FLD_DESCRIPTION];
+            $sgx[F_NAME]                = $pfx[F_NAME];
+            $sgx[F_DESCRIPTION]        = $pfx[F_DESCRIPTION];
 
             if (is_array($pfx['row'])) {
                 foreach($pfx['row'] as $pfx_row) {
                     $sgx_row = array();
-                    $sgx_row[FLD_TIMETYPE]  = $pfx_row[FLD_TIMETYPE];
-                    $sgx_row[FLD_TIMEDAYS]  = $pfx_row[FLD_TIMEDAYS];
-                    $sgx_row[FLD_DATERANGE] = $pfx_row[FLD_DATERANGE];
-                    $sgx_row[FLD_TIMERANGE] = $pfx_row[FLD_TIMERANGE];
-                    $sgx[FLD_ITEM][] = $sgx_row;
+                    $sgx_row[F_TIMETYPE]  = $pfx_row[F_TIMETYPE];
+                    $sgx_row[F_TIMEDAYS]  = $pfx_row[F_TIMEDAYS];
+                    $sgx_row[F_DATERANGE] = $pfx_row[F_DATERANGE];
+                    $sgx_row[F_TIMERANGE] = $pfx_row[F_TIMERANGE];
+                    $sgx[F_ITEM][] = $sgx_row;
                 }
             }
 
-            $sgxml[FLD_ITEM][] = $sgx;
+            $sgxml[F_ITEM][] = $sgx;
         }
     }
 
@@ -1224,45 +1212,53 @@ function convert_pfxml_to_sgxml_time($pfconfig) {
 function convert_pfxml_to_sgxml_acl($pfconfig) {
     $sgxml = array();
 
-    $pfxml = $pfconfig['installedpackages']['squidguardacl']['config'];
+    $pfxml = $pfconfig['installedpackages'][MODULE_ACL]['config'];
     if (is_array($pfxml)) {
         foreach($pfxml as $pfx) {
             $sgx = array();
-            $sgx[FLD_NAME]          = $pfx[FLD_NAME];    # [04-01-2008] new ver
-            $sgx[FLD_DESCRIPTION]   = $pfx[FLD_DESCRIPTION];
-            $sgx[FLD_DISABLED]      = $pfx[FLD_DISABLED];
-            $sgx[FLD_TIMENAME]      = $pfx[FLD_TIME];
-            $sgx[FLD_REDIRECT]      = $pfx[FLD_REDIRECT];
-            $sgx[FLD_RMOD]          = isset($pfx[FLD_RMOD]) ? $pfx[FLD_RMOD] : RMOD_NONE;
-            $sgx[FLD_REWRITENAME]   = $pfx[FLD_REWRITE];
-            $sgx[FLD_LOG]           = $pfx[FLD_ENABLELOG];
-            $sgx[FLD_NOTALLOWINGIP] = $pfx[FLD_NOTALLOWINGIP];
+            $sgx[F_NAME]          = $pfx[F_NAME];    # [04-01-2008] new ver
+            $sgx[F_DESCRIPTION]   = $pfx[F_DESCRIPTION];
+            $sgx[F_DISABLED]      = $pfx[F_DISABLED];
+            $sgx[F_TIMENAME]      = $pfx[F_TIME];
+            $sgx[F_REDIRECT]      = $pfx[F_REDIRECT];
+            $sgx[F_RMOD]          = isset($pfx[F_RMOD]) ? $pfx[F_RMOD] : RMOD_NONE;
+            $sgx[F_REWRITENAME]   = $pfx[F_REWRITE];
+            $sgx[F_LOG]           = $pfx[F_ENABLELOG];
+            $sgx[F_NOTALLOWINGIP] = $pfx[F_NOTALLOWINGIP];
+            $sgx[F_ORDER]         = $pfx[F_ORDER];
 
             # for overtime
-            $sgx[FLD_OVERREDIRECT]    = $pfx[FLD_REDIRECT]; # disabled ->- $pfx[FLD_OVERREDIRECT];
-            $sgx[FLD_OVERREWRITENAME] = $pfx[FLD_OVERREWRITE];
+            $sgx[F_OVERREDIRECT]    = $pfx[F_REDIRECT]; # disabled ->- $pfx[F_OVERREDIRECT];
+            $sgx[F_OVERREWRITENAME] = $pfx[F_OVERREWRITE];
 
             # destinations
             if (strpos($pfx['dest'], '[') === false) {
-                $sgx[FLD_DESTINATIONNAME]     = trim($pfx['dest']);
-                $sgx[FLD_OVERDESTINATIONNAME] = '';
+                $sgx[F_DESTINATIONNAME]     = trim($pfx['dest']);
+                $sgx[F_OVERDESTINATIONNAME] = '';
             }
             else {
-                $sgx[FLD_DESTINATIONNAME]     = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) );
-                $sgx[FLD_OVERDESTINATIONNAME] = trim( strstr($pfx['dest'], '[') );
-                $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace(']', '', $sgx[FLD_OVERDESTINATIONNAME]) );
-                $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace('[', '', $sgx[FLD_OVERDESTINATIONNAME]) );
+                $sgx[F_DESTINATIONNAME]     = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) );
+                $sgx[F_OVERDESTINATIONNAME] = trim( strstr($pfx['dest'], '[') );
+                $sgx[F_OVERDESTINATIONNAME] = trim( str_replace(']', '', $sgx[F_OVERDESTINATIONNAME]) );
+                $sgx[F_OVERDESTINATIONNAME] = trim( str_replace('[', '', $sgx[F_OVERDESTINATIONNAME]) );
             }
 
             # !ATTENTION! '!all' must be convert to 'none'
-            $sgx[FLD_DESTINATIONNAME]     = str_replace("!all", "none", $sgx[FLD_DESTINATIONNAME]);
-            $sgx[FLD_OVERDESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_OVERDESTINATIONNAME]);
+            $sgx[F_DESTINATIONNAME]     = str_replace("!all", "none", $sgx[F_DESTINATIONNAME]);
+            $sgx[F_OVERDESTINATIONNAME] = str_replace("!all", "none", $sgx[F_OVERDESTINATIONNAME]);
 
             # if empty - adding 'none'
-            if (!$sgx[FLD_DESTINATIONNAME])     $sgx[FLD_DESTINATIONNAME] = "none";
-            if (!$sgx[FLD_OVERDESTINATIONNAME]) $sgx[FLD_OVERDESTINATIONNAME] = "none";
+            if (!$sgx[F_DESTINATIONNAME])     $sgx[F_DESTINATIONNAME] = "none";
+            if (!$sgx[F_OVERDESTINATIONNAME]) $sgx[F_OVERDESTINATIONNAME] = "none";
+
+            # safesearch
+           if ($pfx[SAFESEARCH] === 'on') {
+               # assign safesearch rewrite
+               $sgx[F_REWRITENAME] = SAFESEARCH;
+               $sgx[F_OVERREWRITENAME] = SAFESEARCH;
+           }
 
-            $sgxml[FLD_ITEM][] = $sgx;
+            $sgxml[F_ITEM][] = $sgx;
         }
     }
     return $sgxml;
@@ -1273,30 +1269,36 @@ function convert_pfxml_to_sgxml_acl($pfconfig) {
 # sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename]
 # -----------------------------------------------------------------
 function convert_pfxml_to_sgxml_default($pfconfig) {
-    $pfxml = $pfconfig['installedpackages']['squidguarddefault']['config'];
+    $pfxml = $pfconfig['installedpackages'][MODULE_DEFAULT]['config'];
 
     $pfx = $pfxml[0];
     $sgx = array();
-    $sgx[FLD_NAME]        = 'default';
-    $sgx[FLD_DESCRIPTION] = '';
-    $sgx[FLD_DISABLED]    = '';
-    $sgx[FLD_TIMENAME]    = $pfx[FLD_TIME];
-    $sgx[FLD_RMOD]        = isset($pfx[FLD_RMOD]) ? $pfx[FLD_RMOD] : RMOD_INT_ERRORPAGE;
-    $sgx[FLD_REDIRECT]    = $pfx[FLD_REDIRECT];
-    $sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE];
-    $sgx[FLD_LOG]         = $pfx[FLD_ENABLELOG];
-    $sgx[FLD_NOTALLOWINGIP] = $pfx[FLD_NOTALLOWINGIP];
+    $sgx[F_NAME]        = 'default';
+    $sgx[F_DESCRIPTION] = '';
+    $sgx[F_DISABLED]    = '';
+    $sgx[F_TIMENAME]    = $pfx[F_TIME];
+    $sgx[F_RMOD]        = isset($pfx[F_RMOD]) ? $pfx[F_RMOD] : RMOD_INT_ERRORPAGE;
+    $sgx[F_REDIRECT]    = $pfx[F_REDIRECT];
+    $sgx[F_REWRITENAME] = $pfx[F_REWRITE];
+    $sgx[F_LOG]         = $pfx[F_ENABLELOG];
+    $sgx[F_NOTALLOWINGIP] = $pfx[F_NOTALLOWINGIP];
 
     # destinations
     if (strpos($pfx['dest'], '[') === false)
-         $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']);
-    else $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) );
+         $sgx[F_DESTINATIONNAME] = trim($pfx['dest']);
+    else $sgx[F_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) );
 
     # !ATTENTION! '!all' must be convert to 'none'
-    $sgx[FLD_DESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_DESTINATIONNAME]);
+    $sgx[F_DESTINATIONNAME] = str_replace("!all", "none", $sgx[F_DESTINATIONNAME]);
 
     # if empty - adding 'none'
-    if (!$sgx[FLD_DESTINATIONNAME]) $sgx[FLD_DESTINATIONNAME] = "none";
+    if (!$sgx[F_DESTINATIONNAME]) $sgx[F_DESTINATIONNAME] = "none";
+
+    # safesearch
+    if ($pfx[SAFESEARCH] === 'on') {
+        # assign safesearch rewrite
+        $sgx[F_REWRITENAME] = SAFESEARCH;
+    }
 
     return $sgx;
 }
@@ -1304,36 +1306,75 @@ function convert_pfxml_to_sgxml_default($pfconfig) {
 # =================================================================
 # Capability
 # =================================================================
-# capability update source from old config version
+# convert old ver. squidguard config.
 function capability_update_source() {
+	# ! use global var $config ONLY !
     global $config;
     $conf_changed = false;
 
-    if (isset($config['installedpackages']['squidguardacl']['config'])) {
-        $tconf = &$config['installedpackages']['squidguardacl']['config'];
+    if (isset($config['installedpackages'][MODULE_ACL]['config'])) {
+        $tconf = &$config['installedpackages'][MODULE_ACL]['config'];
         foreach($tconf as $key => $cfg) {
             if (isset($cfg['iplist'])) {
-                $tconf[$key][FLD_SOURCE] .= " " . $cfg['iplist'];
+                $tconf[$key][F_SOURCE] .= " " . $cfg['iplist'];
                 unset($tconf[$key]['iplist']);
                 $conf_changed = true;
             }
-            if (isset($cfg[FLD_DOMAINS])) {
-                $tconf[$key][FLD_SOURCE] .= " " . $cfg[FLD_DOMAINS];
-                unset($tconf[$key][FLD_DOMAINS]);
+            if (isset($cfg[F_DOMAINS])) {
+                $tconf[$key][F_SOURCE] .= " " . $cfg[F_DOMAINS];
+                unset($tconf[$key][F_DOMAINS]);
                 $conf_changed = true;
             }
         }
 
-        if ($conf_changed) write_config('Update squidguardacl config');
+        if ($conf_changed) write_config('Convert old ver. squidguard config.');
     }
-
 }
 # ------------------------------------------------------------------
 # get_item_id - get item 'id' from get/post
 # ------------------------------------------------------------------
 function get_item_id()
 {
-         return  isset($_GET['id']) ? $_GET['id'] : $_POST['id'];
+    return  isset($_GET['id']) ? $_GET['id'] : $_POST['id'];
+}
+
+# ==================================================================
+# additional
+# ==================================================================
+# safesearch rewrite
+function squidguard_adt_rewrite_safesrch()
+{
+    $res = array();
+
+    # safesearch
+    $res[F_NAME] = SAFESEARCH;
+    $res[F_DESCRIPTION] = "Google, Yandex safesearch";
+    $res[F_LOG]         = 'on';
+    squidguard_adt_safesrch_add(&$res[F_ITEM]);
+
+    return $res;
+}
+
+function squidguard_adt_safesrch_add($rewrite_item)
+{
+    if (!is_array($rewrite_item)) $rewrite_item = array();
+
+    # Google
+    $rewrite_item[] = array(F_TARGETURL => '(google\..*/search?.*q=.*)', F_REPLACETO => '\1\&safe=active', F_MODE => 'i');
+    $rewrite_item[] = array(F_TARGETURL => '(google\..*/images.*q=.*)',  F_REPLACETO => '\1\&safe=active', F_MODE => 'i');
+    $rewrite_item[] = array(F_TARGETURL => '(google\..*/groups.*q=.*)',  F_REPLACETO => '\1\&safe=active', F_MODE => 'i');
+    $rewrite_item[] = array(F_TARGETURL => '(google\..*/news.*q=.*)',    F_REPLACETO => '\1\&safe=active', F_MODE => 'i');
+
+    # Yandex
+    $rewrite_item[] = array(F_TARGETURL => '(yandex\..*/yandsearch?.*text=.*)', F_REPLACETO => '\1\&fyandex=1', F_MODE => 'i');
+
+    # Yahoo
+    $rewrite_item[] = array(F_TARGETURL => '(search\.yahoo\..*/search.*p=.*)', F_REPLACETO => '\1\&vm=r', F_MODE => 'i');
+
+    # MSN Live search
+    $rewrite_item[] = array(F_TARGETURL => '(search\.live\..*/.*q=.*)', F_REPLACETO => '\1\&adlt=strict', F_MODE => 'i');
+    $rewrite_item[] = array(F_TARGETURL => '(search\.msn\..*/.*q=.*)', F_REPLACETO => '\1\&adlt=strict', F_MODE => 'i');
+
+    return $rewrite_item;
 }
-# ------------------------------------------------------------------
 ?>
diff --git a/packages/squidGuard/squidguard_acl.xml b/packages/squidGuard/squidguard_acl.xml
index f7e8c7b7..a71979a3 100644
--- a/packages/squidGuard/squidguard_acl.xml
+++ b/packages/squidGuard/squidguard_acl.xml
@@ -48,13 +48,9 @@
 
         <adddeleteeditpagefields>
                 <columnitem>
-                        <fielddescr>Disable</fielddescr>
+                        <fielddescr>Disabled</fielddescr>
                         <fieldname>disabled</fieldname>
                 </columnitem>
-                <columnitem>
-                        <fielddescr>Order</fielddescr>
-                        <fieldname>order</fieldname>
-                </columnitem>
                 <columnitem>
                         <fielddescr>Name</fielddescr>
                         <fieldname>name</fieldname>
@@ -100,15 +96,13 @@
                         <fielddescr>Order</fielddescr>
                         <fieldname>order</fieldname>
                         <description>
-                                The order defines a place in the list of ACL. &lt;br&gt;
+                                Select the new position for ACL item. ACL are evaluated on a first-match source basis.&lt;br&gt;
                                 &lt;b&gt;Note:&lt;/b&gt; &lt;br&gt;
                                 Search for a suitable ACL by field 'source' will occur before the first match. If you want to define an exception for some sources (IP) from the IP range, put them on first of the list. &lt;br&gt;
                                 &lt;b&gt;For example:&lt;/b&gt; &lt;br&gt;
-                                Right order:
-                                ACL0 with source ip 10.0.0.15, then ACL1 with ip-range 10.0.0.0/24 &lt;br&gt;
+                                ACL with single (or short range) source ip 10.0.0.15, must be placed before ACL with more large ip range 10.0.0.0/24 &lt;br&gt;
                         </description>
-                        <type>input</type>
-                        <size>5</size>
+                        <type>select</type>
                 </field>
                 <field>
                         <fielddescr>Source IP adresses and domains</fielddescr>
@@ -166,12 +160,12 @@
                         <fielddescr>Not to allow IP addresses in URL</fielddescr>
                         <fieldname>notallowingip</fieldname>
                         <description>
-                                To make sure that people don't bypass the URL filter
+                                To make sure that people don't bypass the URL filter.
                                 by simply using the IP addresses instead of the fully qualified domain names, you can check this option.
                         </description>
                         <type>checkbox</type>
                 </field>
-              <field>
+                <field>
                         <fielddescr>Redirect mode</fielddescr>
                         <fieldname>redirect_mode</fieldname>
                         <description>
@@ -225,6 +219,16 @@
                         <rows>2</rows>
                 </field>
 -->
+                <field>
+                        <fielddescr>Spec: Use safe search engine</fielddescr>
+                        <fieldname>safesearch</fieldname>
+                        <description>
+                                To protect your children from adult content, you can use the protected mode of search engines. 
+                                Now it is supported by Google, Yandex, Yahoo, MSN, Live Search. Make sure that the search engines can, and others, it is recommended to prohibit.
+                                &lt;br&gt;Note: ! This option overrides 'Rewrite' setting. !
+                        </description>
+                        <type>checkbox</type>
+                </field>
                 <field>
                         <fielddescr>Rewrite</fielddescr>
                         <fieldname>rewrite</fieldname>
diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc
index 0f6eec45..f683a19c 100644
--- a/packages/squidGuard/squidguard_configurator.inc
+++ b/packages/squidGuard/squidguard_configurator.inc
@@ -194,59 +194,61 @@ sg_init();
 # ------------------------------------------------------------------------------
 # squidguard system fields
 # ------------------------------------------------------------------------------
-define('FLD_SQUIDGUARD',          'squidGuard');
-define('FLD_LOGDIR',              'logdir');
-define('FLD_DBHOME',              'dbhome');
-define('FLD_WORKDIR',             'workdir');
-define('FLD_BINPATH',             'binpath');
-define('FLD_PROCCESSCOUNT',       'process_count');
-define('FLD_SQUIDCONFIGFILE',     'squid_configfile');
-define('FLD_ENABLED',             'enabled');
-define('FLD_BLACKLISTENABLED',    'blacklist_enabled');
-define('FLD_SGCONF_XML',          'sgxml_file');
+define('F_SQUIDGUARD',          'squidGuard');
+define('F_LOGDIR',              'logdir');
+define('F_DBHOME',              'dbhome');
+define('F_WORKDIR',             'workdir');
+define('F_BINPATH',             'binpath');
+define('F_PROCCESSCOUNT',       'process_count');
+define('F_SQUIDCONFIGFILE',     'squid_configfile');
+define('F_ENABLED',             'enabled');
+define('F_BLACKLISTENABLED',    'blacklist_enabled');
+define('F_SGCONF_XML',          'sgxml_file');
 
 # other fields
-define('FLD_ITEM',                'item');
-define('FLD_TIMES',               'times');
-define('FLD_SOURCES',             'sources');
-define('FLD_DESTINATIONS',        'destinations');
-define('FLD_REWRITES',            'rewrites');
-define('FLD_ACLS',                'acls');
-define('FLD_DEFAULT',             'default');
-define('FLD_NAME',                'name');
-define('FLD_DESCRIPTION',         'description');
-define('FLD_IP',                  'ip');
-define('FLD_URLS',                'urls');
-define('FLD_DOMAINS',             'domains');
-define('FLD_EXPRESSIONS',         'expressions');
-define('FLD_REDIRECT',            'redirect');
-define('FLD_TARGETURL',           'targeturl');
-define('FLD_REPLACETO',           'replaceto');
-define('FLD_LOG',                 'log');
-define('FLD_ITEM',                'item');
-define('FLD_DISABLED',            'disabled');
-define('FLD_TIMENAME',            'timename');
-define('FLD_DESTINATIONNAME',     'destname');
-define('FLD_REDIRECT',            'redirect');
-define('FLD_REWRITE',             'rewrite');
-define('FLD_REWRITENAME',         'rewritename');
-define('FLD_OVERDESTINATIONNAME', 'overdestname');
-define('FLD_OVERREDIRECT',        'overredirect');
-define('FLD_OVERREWRITE',         'overrewrite');
-define('FLD_OVERREWRITENAME',     'overrewritename');
-define('FLD_TIMETYPE',            'timetype');
-define('FLD_TIMEDAYS',            'timedays');
-define('FLD_DATRANGE',            'daterange');
-define('FLD_TIMERANGE',           'sg_timerange');
-define('FLD_RMOD',                'redirect_mode');                     # [redirect_mode] = rmod_int <base- use sgerror.php>; rmod_301; rmod_302;
-define('FLD_NOTALLOWINGIP',       'notallowingip');                     # not allowing ip in URL
-define('FLD_USERNAME',            'username');
+define('F_ITEM',                'item');
+define('F_TIMES',               'times');
+define('F_SOURCES',             'sources');
+define('F_DESTINATIONS',        'destinations');
+define('F_REWRITES',            'rewrites');
+define('F_ACLS',                'acls');
+define('F_DEFAULT',             'default');
+define('F_NAME',                'name');
+define('F_DESCRIPTION',         'description');
+define('F_IP',                  'ip');
+define('F_URLS',                'urls');
+define('F_DOMAINS',             'domains');
+define('F_EXPRESSIONS',         'expressions');
+define('F_REDIRECT',            'redirect');
+define('F_TARGETURL',           'targeturl');
+define('F_REPLACETO',           'replaceto');
+define('F_LOG',                 'log');
+define('F_ITEM',                'item');
+define('F_DISABLED',            'disabled');
+define('F_TIMENAME',            'timename');
+define('F_DESTINATIONNAME',     'destname');
+define('F_REDIRECT',            'redirect');
+define('F_REWRITE',             'rewrite');
+define('F_MODE',                'mode');
+define('F_REWRITENAME',         'rewritename');
+define('F_OVERDESTINATIONNAME', 'overdestname');
+define('F_OVERREDIRECT',        'overredirect');
+define('F_OVERREWRITE',         'overrewrite');
+define('F_OVERREWRITENAME',     'overrewritename');
+define('F_TIMETYPE',            'timetype');
+define('F_TIMEDAYS',            'timedays');
+define('F_DATRANGE',            'daterange');
+define('F_TIMERANGE',           'sg_timerange');
+define('F_RMOD',                'redirect_mode');                     # [redirect_mode] = rmod_int <base- use sgerror.php>; rmod_301; rmod_302;
+define('F_NOTALLOWINGIP',       'notallowingip');                     # not allowing ip in URL
+define('F_USERNAME',            'username');
+define('F_ORDER',               'order');
 
 # transparent mode
-define('FLD_SQUID_TRANSPARENT_MODE',   'squid_transparent_mode');
-define('FLD_CURRENT_LAN_IP',           'current_lan_ip');
-define('FLD_CURRENT_GUI_PORT',         'current_gui_port');
-define('FLD_CURRENT_GUI_PROTO',        'current_gui_protocol');
+define('F_SQUID_TRANSPARENT_MODE',   'squid_transparent_mode');
+define('F_CURRENT_LAN_IP',           'current_lan_ip');
+define('F_CURRENT_GUI_PORT',         'current_gui_port');
+define('F_CURRENT_GUI_PROTO',        'current_gui_protocol');
 
 # ------------------------------------------------------------------------------
 # sg_init - initialize config array
@@ -258,12 +260,12 @@ function sg_init($init = '')
     $squidguard_config = array();
     if(empty($init) or !is_array($init) ) {
         # default init (for generate minimal config)
-        $squidguard_config[FLD_LOGDIR]          = SQUIDGUARD_LOGDIR_DEF;
-        $squidguard_config[FLD_DBHOME]          = SQUIDGUARD_DBHOME_DEF;
-        $squidguard_config[FLD_WORKDIR]         = SQUIDGUARD_WORKDIR_DEF;
-        $squidguard_config[FLD_BINPATH]         = SQUIDGUARD_BINPATH_DEF;
-        $squidguard_config[FLD_SQUIDCONFIGFILE] = SQUID_CONFIGFILE;
-        $squidguard_config[FLD_PROCCESSCOUNT]   = REDIRECTOR_PROCESS_COUNT;
+        $squidguard_config[F_LOGDIR]          = SQUIDGUARD_LOGDIR_DEF;
+        $squidguard_config[F_DBHOME]          = SQUIDGUARD_DBHOME_DEF;
+        $squidguard_config[F_WORKDIR]         = SQUIDGUARD_WORKDIR_DEF;
+        $squidguard_config[F_BINPATH]         = SQUIDGUARD_BINPATH_DEF;
+        $squidguard_config[F_SQUIDCONFIGFILE] = SQUID_CONFIGFILE;
+        $squidguard_config[F_PROCCESSCOUNT]   = REDIRECTOR_PROCESS_COUNT;
     } else {
         $squidguard_config = $init;
     }
@@ -283,7 +285,7 @@ function sg_load_configxml($filename)
         $xmlconf = file_get_contents($filename);
 
         if (!empty($xmlconf)) {
-            $squidguard_config = $xmlconf[FLD_SQUIDGUARD];
+            $squidguard_config = $xmlconf[F_SQUIDGUARD];
             sg_addlog("sg_load_configxml: Success update from '$filename'.", 1);
         } else
             sg_addlog("sg_load_configxml: Error, file '$filename' is empty.", 2);
@@ -298,7 +300,7 @@ function sg_save_configxml($filename)
 {
     global $squidguard_config;
 
-    file_put_contents($filename, dump_xml_config($squidguard_config, FLD_SQUIDGUARD));
+    file_put_contents($filename, dump_xml_config($squidguard_config, F_SQUIDGUARD));
 }
 
 # ------------------------------------------------------------------------------
@@ -318,11 +320,11 @@ function sg_reconfigure()
     # 3. generate squidGuard config
     $conf = sg_create_config();
     if ($conf) {
-        if ($squidguard_config[FLD_WORKDIR])
-            $conf_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE;
+        if ($squidguard_config[F_WORKDIR])
+            $conf_file = $squidguard_config[F_WORKDIR] . SQUIDGUARD_CONFIGFILE;
         file_put_contents($conf_file, $conf);
         file_put_contents('/usr/local/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by default
-        set_file_access($squidguard_config[FLD_WORKDIR], OWNER_NAME, 0755);
+        set_file_access($squidguard_config[F_WORKDIR], OWNER_NAME, 0755);
         sg_addlog("sg_reconfigure: save squidGuard config to '$conf_file'.", 1);
     } else
         sg_addlog("sg_reconfigure: error make squidGuard config.", 2);
@@ -360,9 +362,9 @@ function squid_reconfigure($remove_only = '')
     }
 
     # add new options - if squidGuard enabled
-    if (empty($remove_only) && ($squidguard_config[FLD_ENABLED] === 'on')) {
-        $redirector_path = $squidguard_config[FLD_BINPATH] . '/squidGuard';
-        $redirector_conf = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE;
+    if (empty($remove_only) && ($squidguard_config[F_ENABLED] === 'on')) {
+        $redirector_path = $squidguard_config[F_BINPATH] . '/squidGuard';
+        $redirector_conf = $squidguard_config[F_WORKDIR] . SQUIDGUARD_CONFIGFILE;
 
         $conf[] = REDIRECTOR_PROGRAM_OPT . " $redirector_path -c $redirector_conf";
         $conf[] = REDIRECT_BYPASS_OPT    . " on";
@@ -388,7 +390,7 @@ function sg_check_system()
     global $squidguard_config;
 
     # check work_dir & create if not exists
-    $work_dir = $squidguard_config[FLD_WORKDIR];
+    $work_dir = $squidguard_config[F_WORKDIR];
     if (!empty($work_dir)) {
         # check dir's
         if (!file_exists($work_dir)) {
@@ -400,7 +402,7 @@ function sg_check_system()
     unset($work_dir);
 
     # check log_dir & create if not exists
-    $log_dir = $squidguard_config[FLD_LOGDIR];
+    $log_dir = $squidguard_config[F_LOGDIR];
     if (!empty($log_dir)) {
         if (!file_exists($log_dir)) {
             mwexec("mkdir -p $log_dir");
@@ -413,7 +415,7 @@ function sg_check_system()
     unset($log_dir);
 
     # check db dir
-    $db_dir = $squidguard_config[FLD_DBHOME];
+    $db_dir = $squidguard_config[F_DBHOME];
     if (!empty($db_dir)) {
         if (!file_exists($db_dir)) {
             mwexec("mkdir -p $db_dir");
@@ -432,7 +434,7 @@ function sg_check_system()
 function sg_reconfigure_user_db()
 {
     global $squidguard_config;
-    $dbhome = $squidguard_config[FLD_DBHOME];
+    $dbhome = $squidguard_config[F_DBHOME];
 
     sg_addlog("sg_reconfigure_user_db: Begin with '$dbhome'", 1);
 
@@ -447,16 +449,16 @@ function sg_reconfigure_user_db()
     }
 
     # update destinations to db
-    $dests = $squidguard_config[FLD_DESTINATIONS];
+    $dests = $squidguard_config[F_DESTINATIONS];
     if(!empty($dests)){
         $dst_names = Array();
         $dst_list  = Array();
 
         sg_addlog("sg_reconfigure_user_db: Add user entries", 1);
-        foreach($dests[FLD_ITEM] as $dst) {
-            $path = "$dbhome/" . $dst[FLD_NAME];
+        foreach($dests[F_ITEM] as $dst) {
+            $path = "$dbhome/" . $dst[F_NAME];
             $dst_names[] = $path;
-            $dst_list["usr_{$dst[FLD_NAME]}"] = $dst[FLD_NAME];
+            $dst_list["usr_{$dst[F_NAME]}"] = $dst[F_NAME];
 
             # 1. check destination catalog and create them, if need
             if (!file_exists($path)) {
@@ -468,30 +470,30 @@ function sg_reconfigure_user_db()
             }
 
             # 2. build domains file
-            $domains = $dst[FLD_DOMAINS];
+            $domains = $dst[F_DOMAINS];
             if (!empty($domains)) {
                 $content = trim(str_replace(" ", "\n", $domains));
                 file_put_contents($path . '/domains', $content);
-                sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} domains '$domains';", 1);
+                sg_addlog("sg_reconfigure_user_db: -- add {$dst[F_NAME]} domains '$domains';", 1);
             }
             unset($domains);
 
             # 3. build urls file
-            $urls = $dst[FLD_URLS];
+            $urls = $dst[F_URLS];
             if (!empty($urls)) {
                 $content = trim(str_replace(" ", "\n", $urls));
                 file_put_contents($path . '/urls', $content);
-                    sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} urls '$content';", 1);
+                    sg_addlog("sg_reconfigure_user_db: -- add {$dst[F_NAME]} urls '$content';", 1);
             }
             unset($urls);
 
             # 4. build expression file
-            $expr = $dst[FLD_EXPRESSIONS];
+            $expr = $dst[F_EXPRESSIONS];
             if (!empty($expr)) {
                 $content = trim(str_replace("|", " ", $expr)); # delete first and last unnecessary '|' symbol
                 $content = str_replace(" ", "|", $content);
                 file_put_contents($path . '/expressions', $content);
-                sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} expressions '$content';", 1);
+                sg_addlog("sg_reconfigure_user_db: -- add {$dst[F_NAME]} expressions '$content';", 1);
             }
             unset($expr);
         }
@@ -516,8 +518,8 @@ function sg_remove_unused_db_entries()
     global $squidguard_config;
     $db_entries = array();
     $file_list = '';
-    $dbhome  = $squidguard_config[FLD_DBHOME];
-    $workdir = $squidguard_config[FLD_WORKDIR];
+    $dbhome  = $squidguard_config[F_DBHOME];
+    $workdir = $squidguard_config[F_WORKDIR];
 
     # black list entries
     # * worked only with 'blacklist entries list file - else may be deleted black list entry
@@ -528,10 +530,10 @@ function sg_remove_unused_db_entries()
         $db_entries = explode("\n", file_get_contents($workdir . SQUIDGUARD_BLK_ENTRIES));
 
         # $db_entries + add user entries
-        $dests = $squidguard_config[FLD_DESTINATIONS];
+        $dests = $squidguard_config[F_DESTINATIONS];
         if (!empty($dests)) {
-            foreach($dests[FLD_ITEM] as $dst)
-                $db_entries[] = $dst[FLD_NAME];
+            foreach($dests[F_ITEM] as $dst)
+                $db_entries[] = $dst[F_NAME];
         }
 
         # diff between file list and entries list
@@ -569,8 +571,8 @@ function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist)
     global $squidguard_config;
     $conf   = '';
     $conf_path = '';
-    $logdir = $squidguard_config[FLD_LOGDIR];
-    $dbhome = $squidguard_config[FLD_DBHOME];
+    $logdir = $squidguard_config[F_LOGDIR];
+    $dbhome = $squidguard_config[F_DBHOME];
 
     # current dbhome dir
     if (!empty($rdb_dbhome)) $dbhome = $rdb_dbhome;
@@ -589,7 +591,7 @@ function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist)
     $sh_scr = Array();
     $sh_scr[] = "#!/bin/sh";
     $sh_scr[] = "cd $dbhome";
-    $sh_scr[] = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $conf_path -C all";
+    $sh_scr[] = $squidguard_config[F_BINPATH] . "/squidGuard -c $conf_path -C all";
     $sh_scr[] = "wait"; # wait while SG rebuild DB
 
     # set DB owner and right access
@@ -629,8 +631,8 @@ function sg_addlog($log, $level = 0)
 
     # define logfile
     if (!empty($squidguard_config)) {
-        if (file_exists($squidguard_config[FLD_LOGDIR]))
-        $logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE;
+        if (file_exists($squidguard_config[F_LOGDIR]))
+        $logfile = $squidguard_config[F_LOGDIR] . SQUIDGUARDCONF_LOGFILE;
     } else
         $log_content[] = "$dt : " . "sg_addlog: Error: squidguard_config is empty";
 
@@ -657,8 +659,8 @@ function sg_getlog($last_entries_count)
     $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARDCONF_LOGFILE;
 
     # define logfile
-    if (!empty($squidguard_config) && file_exists($squidguard_config[FLD_LOGDIR]))
-        $logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE;
+    if (!empty($squidguard_config) && file_exists($squidguard_config[F_LOGDIR]))
+        $logfile = $squidguard_config[F_LOGDIR] . SQUIDGUARDCONF_LOGFILE;
 
     # get log last 100 entries
     if (file_exists($logfile)) {
@@ -702,25 +704,25 @@ function sg_create_config()
 
     # --- Header ---
     $sgconf[] = CONFIG_SG_HEADER;
-    $sgconf[] = "logdir {$squidguard_config[FLD_LOGDIR]}";
-    $sgconf[] = "dbhome {$squidguard_config[FLD_DBHOME]}";
+    $sgconf[] = "logdir {$squidguard_config[F_LOGDIR]}";
+    $sgconf[] = "dbhome {$squidguard_config[F_DBHOME]}";
 
     # --- Times ---
-    if ($squidguard_config[FLD_TIMES]) {
+    if ($squidguard_config[F_TIMES]) {
         $temp_str = '';
-        foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) {
+        foreach($squidguard_config[F_TIMES][F_ITEM] as $tm) {
             $sg_tag->clear();
-            $sg_tag->set("time", $tm[FLD_NAME], "", $tm[FLD_DESCRIPTION]);
+            $sg_tag->set("time", $tm[F_NAME], "", $tm[F_DESCRIPTION]);
 
-            foreach($tm[FLD_ITEM] as $itm) {
-                $dts = ($itm[FLD_TIMETYPE] === "weekly") ? $itm[FLD_TIMEDAYS] : $itm[FLD_DATERANGE];
-                $sg_tag->items[] = "{$itm[FLD_TIMETYPE]} $dts {$itm[FLD_TIMERANGE]}";
+            foreach($tm[F_ITEM] as $itm) {
+                $dts = ($itm[F_TIMETYPE] === "weekly") ? $itm[F_TIMEDAYS] : $itm[F_DATERANGE];
+                $sg_tag->items[] = "{$itm[F_TIMETYPE]} $dts {$itm[F_TIMERANGE]}";
             }
             $sgconf[] = "";
             $sgconf[] = $sg_tag->tag_text();
 
             # log
-            $temp_str .= " {$tm[FLD_NAME]}";
+            $temp_str .= " {$tm[F_NAME]}";
         }
         # log
         $temp_str = !empty($temp_str) ? $temp_str : "Nothing.";
@@ -728,14 +730,14 @@ function sg_create_config()
     }
 
     # --- Sources ---
-    if ($squidguard_config[FLD_SOURCES]) {
+    if ($squidguard_config[F_SOURCES]) {
         $temp_str = '';
-        foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) {
+        foreach($squidguard_config[F_SOURCES][F_ITEM] as $src) {
             $sg_tag->clear();
-            $sg_tag->set("src", $src[FLD_NAME], "", $src[FLD_DESCRIPTION]);
+            $sg_tag->set("src", $src[F_NAME], "", $src[F_DESCRIPTION]);
 
             # separate IP, domains, usernames
-            $tsrc = explode(" ", trim($src[FLD_SOURCE]));
+            $tsrc = explode(" ", trim($src[F_SOURCE]));
             foreach($tsrc as $sr) {
                     $sr = trim($sr);
                     if     (empty($sr))           continue;
@@ -743,13 +745,13 @@ function sg_create_config()
                     elseif (is_domain_valid($sr)) $sg_tag->items[] = "domain $sr";
                     elseif (is_username($sr))     $sg_tag->items[] = "user   " . str_replace("'", "", $sr);
             }
-            if ($src[FLD_LOG])      $sg_tag->items[] = "log " . SQUIDGUARD_ACCESSBLOCK_FILE;
+            if ($src[F_LOG])      $sg_tag->items[] = "log " . SQUIDGUARD_ACCESSBLOCK_FILE;
 
             $sgconf[] = "";
             $sgconf[] = $sg_tag->tag_text();
 
             # log
-            $temp_str .= " " . $src[FLD_NAME];
+            $temp_str .= " " . $src[F_NAME];
         }
         # log
         $temp_str = !empty($temp_str) ? $temp_str : "Nothing.";
@@ -760,28 +762,28 @@ function sg_create_config()
     # Note! Blacklist must be added to config permanently. It's need for rebuild DB now
 
     $db_entries = sg_entries_blacklist();
-    if (($squidguard_config[FLD_BLACKLISTENABLED] === 'on') and $db_entries) {
+    if (($squidguard_config[F_BLACKLISTENABLED] === 'on') and $db_entries) {
         $log_entr_added = '';
         $log_entr_ignored = '';
         sg_addlog("sg_create_config: add blacklist entries", 1);
         foreach($db_entries as $key => $ent) {
             $ent_state = array();
-            $file_dms  = "{$squidguard_config[FLD_DBHOME]}/$ent/domains";
-            $file_urls = "{$squidguard_config[FLD_DBHOME]}/$ent/urls";
-            $file_expr = "{$squidguard_config[FLD_DBHOME]}/$ent/expressions";
+            $file_dms  = "{$squidguard_config[F_DBHOME]}/$ent/domains";
+            $file_urls = "{$squidguard_config[F_DBHOME]}/$ent/urls";
+            $file_expr = "{$squidguard_config[F_DBHOME]}/$ent/expressions";
 
             # check blacklist acl state
             if (file_exists($file_dms)) {
                 $ent_state['exists'] = 'on';
-                $ent_state[FLD_DOMAINS] = 'on';
+                $ent_state[F_DOMAINS] = 'on';
             }
             if (file_exists($file_urls)) {
                 $ent_state['exists'] = 'on';
-                $ent_state[FLD_URLS] = 'on';
+                $ent_state[F_URLS] = 'on';
             }
             if (file_exists($file_expr)) {
                 $ent_state['exists'] = 'on';
-                $ent_state[FLD_EXPRESSIONS] = 'on';
+                $ent_state[F_EXPRESSIONS] = 'on';
             }
 
             # create config if blacklist item exists
@@ -789,9 +791,9 @@ function sg_create_config()
                 $sg_tag->clear();
                 $sg_tag->set("dest", $ent, "", "");
 
-                if ($ent_state[FLD_DOMAINS])     $sg_tag->items[] = "domainlist $ent/domains";
-                if ($ent_state[FLD_EXPRESSIONS]) $sg_tag->items[] = "expressionlist $ent/expressions";
-                if ($ent_state[FLD_URLS])        $sg_tag->items[] = "urllist $ent/urls";
+                if ($ent_state[F_DOMAINS])     $sg_tag->items[] = "domainlist $ent/domains";
+                if ($ent_state[F_EXPRESSIONS]) $sg_tag->items[] = "expressionlist $ent/expressions";
+                if ($ent_state[F_URLS])        $sg_tag->items[] = "urllist $ent/urls";
                 $sg_tag->items[] = "log ". SQUIDGUARD_ACCESSBLOCK_FILE;
 
                 $sgconf[] = "";
@@ -811,22 +813,22 @@ function sg_create_config()
     }
 
     # --- Destinations ---
-    if ($squidguard_config[FLD_DESTINATIONS]) {
+    if ($squidguard_config[F_DESTINATIONS]) {
         $temp_str = '';
-        foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) {
-            $dstname = $dst[FLD_NAME];
+        foreach($squidguard_config[F_DESTINATIONS][F_ITEM] as $dst) {
+            $dstname = $dst[F_NAME];
             $sg_tag->clear();
-            $sg_tag->set("dest", $dst[FLD_NAME], "", $dst[FLD_DESCRIPTION]);
+            $sg_tag->set("dest", $dst[F_NAME], "", $dst[F_DESCRIPTION]);
 
-            if ($dst[FLD_DOMAINS])
+            if ($dst[F_DOMAINS])
                 $sg_tag->items[] = "domainlist $dstname/domains";
-            if ($dst[FLD_EXPRESSIONS])
+            if ($dst[F_EXPRESSIONS])
                 $sg_tag->items[] = "expressionlist $dstname/expressions";
-            if ($dst[FLD_URLS])
+            if ($dst[F_URLS])
                 $sg_tag->items[] = "urllist $dstname/urls";
-            if ($dst[FLD_RMOD] != RMOD_NONE)
-                $sg_tag->items[] = "redirect " . sg_redirector_base_url($dst[FLD_REDIRECT], $dst[FLD_RMOD]);
-            if ($dst[FLD_LOG])
+            if ($dst[F_RMOD] != RMOD_NONE)
+                $sg_tag->items[] = "redirect " . sg_redirector_base_url($dst[F_REDIRECT], $dst[F_RMOD]);
+            if ($dst[F_LOG])
                 $sg_tag->items[] = "log " . SQUIDGUARD_ACCESSBLOCK_FILE;
 
             $sgconf[] = "";
@@ -841,31 +843,31 @@ function sg_create_config()
     }
 
     # --- Rewrites ---
-    if ($squidguard_config[FLD_REWRITES]) {
+    if ($squidguard_config[F_REWRITES]) {
         $temp_str = '';
         $log_entr_added = '';
         $log_entr_err = '';
-        foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rew) {
+        foreach($squidguard_config[F_REWRITES][F_ITEM] as $rew) {
             $sg_tag->clear();
-            $sg_tag->set("rew", $rew[FLD_NAME], "", "");
+            $sg_tag->set("rew", $rew[F_NAME], "", "");
 
-            if (is_array($rew[FLD_ITEM])) {
-                foreach ($rew[FLD_ITEM] as $rw)
-                    $sg_tag->items[] = "s@{$rw[FLD_TARGETURL]}@{$rw[FLD_REPLACETO]}@r";
+            if (is_array($rew[F_ITEM])) {
+                foreach ($rew[F_ITEM] as $rw)
+                    $sg_tag->items[] = "s@{$rw[F_TARGETURL]}@{$rw[F_REPLACETO]}@{$rw[F_MODE]}";
 
-                if ($rew[FLD_LOG])
+                if ($rew[F_LOG])
                     $sg_tag->items[] = "log " . SQUIDGUARD_ACCESSBLOCK_FILE;
 
                 $sgconf[] = "";
                 $sgconf[] = $sg_tag->tag_text();
                 # log
-                $log_entr_added .= " {$rew[FLD_NAME]};";
+                $log_entr_added .= " {$rew[F_NAME]};";
             }
             else {
                 $sgconf[] = "";
-                $sgconf[] = "# Rewrite {$rew[FLD_NAME]} error.";
+                $sgconf[] = "# Rewrite {$rew[F_NAME]} error.";
                 # log
-                $log_entr_err .= " {$rew[FLD_NAME]};";
+                $log_entr_err .= " {$rew[F_NAME]};";
             }
         }
 
@@ -879,53 +881,53 @@ function sg_create_config()
     # --- ACL ---
     $sg_tag->clear();
     $sg_tag->set("acl", "", "", "");
-    if ($squidguard_config[FLD_ACLS]) {
+    if ($squidguard_config[F_ACLS]) {
         $temp_str = '';
         $log_entr_added = '';
-        foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) {
-            if (!$acl[FLD_DISABLED]) {
+        foreach($squidguard_config[F_ACLS][F_ITEM] as $acl) {
+            if (!$acl[F_DISABLED]) {
                 $sg_acltag = new TSgTag;
-                $sg_acltag->set($acl[FLD_NAME], "", $acl[FLD_TIMENAME], $acl[FLD_DESCRIPTION]);
+                $sg_acltag->set($acl[F_NAME], "", $acl[F_TIMENAME], $acl[F_DESCRIPTION]);
 
                 # delete blacklist entries from 'pass' if blacklist disabled
-                if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') {
-                    acl_remove_blacklist_items(&$acl[FLD_DESTINATIONNAME]);
-                    acl_remove_blacklist_items(&$acl[FLD_OVERDESTINATIONNAME]);
+                if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') {
+                    acl_remove_blacklist_items(&$acl[F_DESTINATIONNAME]);
+                    acl_remove_blacklist_items(&$acl[F_OVERDESTINATIONNAME]);
                 }
 
                 # not allowing IP in URL
-                if ($acl[FLD_NOTALLOWINGIP]) {
-                    $acl[FLD_DESTINATIONNAME]     = "!in-addr {$acl[FLD_DESTINATIONNAME]}";
-                    $acl[FLD_OVERDESTINATIONNAME] = "!in-addr {$acl[FLD_OVERDESTINATIONNAME]}";
+                if ($acl[F_NOTALLOWINGIP]) {
+                    $acl[F_DESTINATIONNAME]     = "!in-addr {$acl[F_DESTINATIONNAME]}";
+                    $acl[F_OVERDESTINATIONNAME] = "!in-addr {$acl[F_OVERDESTINATIONNAME]}";
                 }
 
                 # re-order acl pass (<allow><deny<all|none>)
-                $acl[FLD_DESTINATIONNAME]     = sg_aclpass_reorder($acl[FLD_DESTINATIONNAME]);
-                $acl[FLD_OVERDESTINATIONNAME] = sg_aclpass_reorder($acl[FLD_OVERDESTINATIONNAME]);
+                $acl[F_DESTINATIONNAME]     = sg_aclpass_reorder($acl[F_DESTINATIONNAME]);
+                $acl[F_OVERDESTINATIONNAME] = sg_aclpass_reorder($acl[F_OVERDESTINATIONNAME]);
 
                 # ontime
-                $sg_acltag->items[] = "pass {$acl[FLD_DESTINATIONNAME]}";
-                if ($acl[FLD_RMOD] != RMOD_NONE)
-                $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[FLD_REDIRECT], $acl[FLD_RMOD]);
-                if ($acl[FLD_REWRITENAME])
-                    $sg_acltag->items[] = "rewrite {$acl[FLD_REWRITENAME]}";
-                if ($acl[FLD_LOG])
+                $sg_acltag->items[] = "pass {$acl[F_DESTINATIONNAME]}";
+                if ($acl[F_RMOD] != RMOD_NONE)
+                $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[F_REDIRECT], $acl[F_RMOD]);
+                if ($acl[F_REWRITENAME])
+                    $sg_acltag->items[] = "rewrite {$acl[F_REWRITENAME]}";
+                if ($acl[F_LOG])
                     $sg_acltag->items[] = "log " . SQUIDGUARD_ACCESSBLOCK_FILE;
 
                 # overtime
-                if ($acl[FLD_TIMENAME]) {
+                if ($acl[F_TIMENAME]) {
                     $sg_acltag->items[] = "} else {";
-                    $sg_acltag->items[] = "pass {$acl[FLD_OVERDESTINATIONNAME]}";
-                    if ($acl[FLD_REDIRECMODE] !== RMOD_NONE)
-                        $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[FLD_OVERREDIRECT], $acl[FLD_RMOD]);
-                    if ($acl[FLD_OVERREWRITENAME])
-                        $sg_acltag->items[] = "rewrite {$acl[FLD_OVERREWRITENAME]}";
-                    if ($acl[FLD_LOG])
+                    $sg_acltag->items[] = "pass {$acl[F_OVERDESTINATIONNAME]}";
+                    if ($acl[F_REDIRECMODE] !== RMOD_NONE)
+                        $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[F_OVERREDIRECT], $acl[F_RMOD]);
+                    if ($acl[F_OVERREWRITENAME])
+                        $sg_acltag->items[] = "rewrite {$acl[F_OVERREWRITENAME]}";
+                    if ($acl[F_LOG])
                         $sg_acltag->items[] = "log " . SQUIDGUARD_ACCESSBLOCK_FILE;
                 }
                 $sg_tag->items[] = $sg_acltag;
             }
-            $log_entr_added .= " {$acl[FLD_NAME]};";
+            $log_entr_added .= " {$acl[F_NAME]};";
         }
         # log
         $log_entr_added = !empty($log_entr_added) ? $log_entr_added : "Nothing.";
@@ -935,29 +937,29 @@ function sg_create_config()
     # --- Default ---
     $sg_tag_def = new TSgTag;
     $sg_tag_def->set("default", "", "", "");
-    $def = $squidguard_config[FLD_DEFAULT];
+    $def = $squidguard_config[F_DEFAULT];
     sg_addlog("sg_create_config: add Default", 1);
     if ($def) {
         $temp_str = '';
 
         # delete blacklist entries from 'pass' if blacklist disabled
-        if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on')
-            acl_remove_blacklist_items(&$def[FLD_DESTINATIONNAME]);
+        if ($squidguard_config[F_BLACKLISTENABLED] !== 'on')
+            acl_remove_blacklist_items(&$def[F_DESTINATIONNAME]);
 
         # not allowing IP in URL
-        if ($def[FLD_NOTALLOWINGIP])
-            $def[FLD_DESTINATIONNAME] = "!in-addr " . $def[FLD_DESTINATIONNAME];
+        if ($def[F_NOTALLOWINGIP])
+            $def[F_DESTINATIONNAME] = "!in-addr " . $def[F_DESTINATIONNAME];
 
         # re-order acl pass (<allow><deny<all|none>)
-        $def[FLD_DESTINATIONNAME] = sg_aclpass_reorder($def[FLD_DESTINATIONNAME]);
+        $def[F_DESTINATIONNAME] = sg_aclpass_reorder($def[F_DESTINATIONNAME]);
 
         # ! 'Default' must use without times !
-        $sg_tag_def->items[] = "pass {$def[FLD_DESTINATIONNAME]}";
-        if ($def[FLD_RMOD] !== RMOD_NONE)
-            $sg_tag_def->items[] = "redirect " .  sg_redirector_base_url($def[FLD_REDIRECT], $def[FLD_RMOD]);
-        if ($def[FLD_REWRITENAME])
-            $sg_tag_def->items[] = "rewrite {$def[FLD_REWRITENAME]}";
-        if ($def[FLD_LOG])
+        $sg_tag_def->items[] = "pass {$def[F_DESTINATIONNAME]}";
+        if ($def[F_RMOD] !== RMOD_NONE)
+            $sg_tag_def->items[] = "redirect " .  sg_redirector_base_url($def[F_REDIRECT], $def[F_RMOD]);
+        if ($def[F_REWRITENAME])
+            $sg_tag_def->items[] = "rewrite {$def[F_REWRITENAME]}";
+        if ($def[F_LOG])
             $sg_tag_def->items[] = "log " . SQUIDGUARD_ACCESSBLOCK_FILE;
 
     } # <- if def
@@ -995,8 +997,8 @@ function sg_create_simple_config($blk_dbhome, $blk_destlist, $redirect_to = "404
 {
     global $squidguard_config;
     $sgconf = array();
-    $logdir = $squidguard_config[FLD_LOGDIR];
-    $dbhome = $squidguard_config[FLD_DBHOME];
+    $logdir = $squidguard_config[F_LOGDIR];
+    $dbhome = $squidguard_config[F_DBHOME];
 
     # current dbhome dir
     if (!empty($blk_dbhome)) $dbhome = $blk_dbhome;
@@ -1053,9 +1055,9 @@ function sg_redirector_base_url($rdr_info, $redirect_mode)
     $rdr_path = '';
 
     # gui port, ip & proto
-    $guiip = (!empty($squidguard_config[FLD_CURRENT_LAN_IP])) ? $squidguard_config[FLD_CURRENT_LAN_IP] : '127.0.0.1';
-    $guiport = (!empty($squidguard_config[FLD_CURRENT_GUI_PORT])) ? $squidguard_config[FLD_CURRENT_GUI_PORT] : '80';
-    $guiproto = ($squidguard_config[FLD_CURRENT_GUI_PROTO] === "https") ? "https" : "http";
+    $guiip = (!empty($squidguard_config[F_CURRENT_LAN_IP])) ? $squidguard_config[F_CURRENT_LAN_IP] : '127.0.0.1';
+    $guiport = (!empty($squidguard_config[F_CURRENT_GUI_PORT])) ? $squidguard_config[F_CURRENT_GUI_PORT] : '80';
+    $guiproto = ($squidguard_config[F_CURRENT_GUI_PROTO] === "https") ? "https" : "http";
     $rdr_path = "$guiproto://$guiip:$guiport" . REDIRECT_BASE_URL;
 
     # check redirect
@@ -1120,18 +1122,18 @@ function sg_check_config_data ($input_errors)
 {
     global $squidguard_config;
     $elog = array();
-    $times        = sg_list_itemsfield($squidguard_config[FLD_TIMES], FLD_NAME);
-    $sources      = sg_list_itemsfield($squidguard_config[FLD_SOURCES], FLD_NAME);
-    $destinations = sg_list_itemsfield($squidguard_config[FLD_DESTINATIONS], FLD_NAME);
-    $rewrites     = sg_list_itemsfield($squidguard_config[FLD_REWRITES], FLD_NAME);
+    $times        = sg_list_itemsfield($squidguard_config[F_TIMES], F_NAME);
+    $sources      = sg_list_itemsfield($squidguard_config[F_SOURCES], F_NAME);
+    $destinations = sg_list_itemsfield($squidguard_config[F_DESTINATIONS], F_NAME);
+    $rewrites     = sg_list_itemsfield($squidguard_config[F_REWRITES], F_NAME);
     $acls = array();
 
     # --- Times ---
-    if ($squidguard_config[FLD_TIMES]) {
+    if ($squidguard_config[F_TIMES]) {
         $key_tm = array_count_values($times);
-        foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) {
+        foreach($squidguard_config[F_TIMES][F_ITEM] as $tm) {
             # check name as unique and name format
-            $tm_name = $tm[FLD_NAME];
+            $tm_name = $tm[F_NAME];
             $err_s = '';
             if (!check_name_format($tm_name, &$err_s))
                 $elog[] = "(T1) TIME '$tm_name' error: >>> $err_s";
@@ -1145,11 +1147,11 @@ function sg_check_config_data ($input_errors)
     }
 
     # --- Sources ---
-    if ($squidguard_config[FLD_SOURCES]) {
+    if ($squidguard_config[F_SOURCES]) {
         $key_src = array_count_values($sources);
-        foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) {
+        foreach($squidguard_config[F_SOURCES][F_ITEM] as $src) {
             # check name as unique and name format
-            $src_name = $src[FLD_NAME];
+            $src_name = $src[F_NAME];
             $err_s = '';
             if (!check_name_format($src_name, &$err_s))
                 $elog[] = "(A1) ACL '$src_name'error: $err_s";
@@ -1162,11 +1164,11 @@ function sg_check_config_data ($input_errors)
     }
 
     # --- Destinations ---
-    if ($squidguard_config[FLD_DESTINATIONS]) {
+    if ($squidguard_config[F_DESTINATIONS]) {
         $key_dst = array_count_values($destinations);
-        foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) {
+        foreach($squidguard_config[F_DESTINATIONS][F_ITEM] as $dst) {
             # check name as unique and name format
-            $dst_name = $dst[FLD_NAME];
+            $dst_name = $dst[F_NAME];
             $err_s = '';
             if (!check_name_format($dst_name, &$err_s))
                 $elog[] = "(D1) DEST '$dst_name' error: $err_s";
@@ -1179,14 +1181,14 @@ function sg_check_config_data ($input_errors)
     }
 
     # --- Blacklist ---
-    $blk_entries_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
+    $blk_entries_file = $squidguard_config[F_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
     if (file_exists($blk_entries_file)) {
         $blk_entr = explode("\n", file_get_contents($blk_entries_file));
         foreach($blk_entr as $entr) {
             if ($entr) {
                 $destinations[] = $entr;
                 # check entry for exists
-                $dbfile = $squidguard_config[FLD_DBHOME] . "/$entr";
+                $dbfile = $squidguard_config[F_DBHOME] . "/$entr";
                 if (!file_exists($dbfile))
                     $elog[] = "(B1) BLACKLIST '$entr' error: file '$dbfile' not found";
             }
@@ -1194,11 +1196,11 @@ function sg_check_config_data ($input_errors)
     }
 
     # --- Rewrites ---
-    if ($squidguard_config[FLD_REWRITES]) {
+    if ($squidguard_config[F_REWRITES]) {
         $key_rw = array_count_values($rewrites);
-        foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rw) {
+        foreach($squidguard_config[F_REWRITES][F_ITEM] as $rw) {
             # check check name as unique and name format
-            $rw_name = $rw[FLD_NAME];
+            $rw_name = $rw[F_NAME];
             $err_s = '';
             if (!check_name_format($rw_name, &$err_s))
                 $elog[] = "(R1) REWRITE '$rw_name' error: $err_s";
@@ -1214,13 +1216,13 @@ function sg_check_config_data ($input_errors)
     $key_rewrites = array_count_values($rewrites);
 
     # --- ACLs ---
-    if ($squidguard_config[FLD_ACLS]) {
+    if ($squidguard_config[F_ACLS]) {
         $acls = array();
-        foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) {
+        foreach($squidguard_config[F_ACLS][F_ITEM] as $acl) {
             # skip disabled acl
-            if ($acls[FLD_DISABLED]) continue;
+            if ($acls[F_DISABLED]) continue;
 
-            $acl_name = $acl[FLD_NAME];
+            $acl_name = $acl[F_NAME];
 
             # check acl name for unique and exists (as source items)
             if ($acl_name and !$key_sources[$acl_name])
@@ -1232,13 +1234,13 @@ function sg_check_config_data ($input_errors)
                 $elog[] = "(A2) ACL '$acl_name' error: duplicate acl name '$acl_name'";
 
             # check time
-            $time = $acl[FLD_TIMENAME];
+            $time = $acl[F_TIMENAME];
             if ($time and !$key_times[$time]) # time name must exists
                 $elog[] = "(A3) ACL '$acl_name' error: time name '$time' not found";
 
             # check destinations
-            if ($acl[FLD_DESTINATIONNAME]) {
-                $acldest = $acl[FLD_DESTINATIONNAME];
+            if ($acl[F_DESTINATIONNAME]) {
+                $acldest = $acl[F_DESTINATIONNAME];
                 $acldest = str_replace("!", "", $acldest);
                 $acldest = str_replace("^", "", $acldest);
                 $acldest = explode(" ", $acldest);
@@ -1253,13 +1255,13 @@ function sg_check_config_data ($input_errors)
                 }
             } else {
                 $elog[] = "(A6) ACL '$acl_name' error: ontime pass list is empty. Added 'none'.";
-                $acl[FLD_DESTINATIONNAME] = "none";
+                $acl[F_DESTINATIONNAME] = "none";
             }
 
             # check overtime destinations
             if ($time) {
-                if ($acl[FLD_OVERDESTINATIONNAME]) {
-                    $acloverdest = $acl[FLD_OVERDESTINATIONNAME];
+                if ($acl[F_OVERDESTINATIONNAME]) {
+                    $acloverdest = $acl[F_OVERDESTINATIONNAME];
                     $acloverdest = str_replace("!", "", $acloverdest);
                     $acloverdest = str_replace("^", "", $acloverdest);
                     $acloverdest = explode(" ", $acloverdest);
@@ -1274,38 +1276,38 @@ function sg_check_config_data ($input_errors)
                     }
                 } else {
                     $elog[] = "(A9) ACL '$acl_name' error: overtime pass list is empty. Added 'none'.";
-                    $acl[FLD_OVERDESTINATIONNAME] = "none";
+                    $acl[F_OVERDESTINATIONNAME] = "none";
                 }
             }
 
             # check rewrite
-            $rew = $acl[FLD_REWRITENAME];
+            $rew = $acl[F_REWRITENAME];
             if ($rew and !$key_rewrites[$rew])
                 $elog[] = "(AA) ACL '$acl_name' error: rewrite name '$rew' not found";
 
             # check overtime rewrite
-            $overrew = $acl[FLD_OVERREWRITENAME];
+            $overrew = $acl[F_OVERREWRITENAME];
             if ($time and $overrew and !$key_rewrites[$overrew])
                 $elog[] = "(AB) ACL '$acl_name' error: overtime rewrite name '$overrew' not found";
 
             # check redirect
-            $redir = $acl[FLD_REDIRECT];
-            $overredir = $acl[FLD_OVERREDIRECT];
+            $redir = $acl[F_REDIRECT];
+            $overredir = $acl[F_OVERREDIRECT];
         }
     }
 
     # --- Default ---
-    if ($squidguard_config[FLD_ACLS]) {
-        $def = $squidguard_config[FLD_DEFAULT];
+    if ($squidguard_config[F_ACLS]) {
+        $def = $squidguard_config[F_DEFAULT];
 
         # check time
-        $time = $def[FLD_TIMENAME];
+        $time = $def[F_TIMENAME];
         if ($time and !$key_times[$time]) # time name must exists
             $elog[] = "(DF1) ACL 'default' error: time name '$time' not found";
 
         # check destinations
-        if ($def[FLD_DESTINATIONNAME]) {
-            $defdest = $def[FLD_DESTINATIONNAME];
+        if ($def[F_DESTINATIONNAME]) {
+            $defdest = $def[F_DESTINATIONNAME];
             $defdest = str_replace("!", "", $defdest);
             $defdest = str_replace("^", "", $defdest);
             $defdest = explode(" ", $defdest);
@@ -1320,22 +1322,22 @@ function sg_check_config_data ($input_errors)
             }
         } else {
             $elog[] = "(DF4) ACL 'default' error: ontime pass list is empty. Added 'none'.";
-            $def[FLD_DESTINATIONNAME] = "none";
+            $def[F_DESTINATIONNAME] = "none";
         }
 
         # check rewrite
-        $rew = $def[FLD_REWRITENAME];
+        $rew = $def[F_REWRITENAME];
         if ($rew and !$key_rewrites[$rew])
             $elog[] = "(DF5) ACL 'default' error: rewrite name '$rew' not found";
 
         # check overtime rewrite
-        $overrew = $def[FLD_OVERREWRITENAME];
+        $overrew = $def[F_OVERREWRITENAME];
         if ($time and $overrew and !$key_rewrites[$overrew])
             $elog[] = "(DF6) ACL 'default' error: overtime rewrite name '$overrew' not found";
 
         # check redirect
-        $redir = $def[FLD_REDIRECT];
-        $overredir = $def[FLD_OVERREDIRECT];
+        $redir = $def[F_REDIRECT];
+        $overredir = $def[F_OVERREDIRECT];
     }
 
     # update log
@@ -1416,8 +1418,8 @@ function sg_update_blacklist($from_file)
 
     if (file_exists($from_file)) {
         # check work and DB dir's
-        if (file_exists($squidguard_config[FLD_DBHOME]))  $dbhome = $squidguard_config[FLD_DBHOME];
-        if (file_exists($squidguard_config[FLD_WORKDIR])) $workdir = $squidguard_config[FLD_WORKDIR];
+        if (file_exists($squidguard_config[F_DBHOME]))  $dbhome = $squidguard_config[F_DBHOME];
+        if (file_exists($squidguard_config[F_WORKDIR])) $workdir = $squidguard_config[F_WORKDIR];
         # delete old tmp dir's
         if (file_exists($tmp_unpack_dir)) mwexec("rm -R  . $tmp_unpack_dir");
         if (file_exists($arc_db_dir))     mwexec("rm -R  . $arc_db_dir");
@@ -1469,7 +1471,7 @@ function sg_update_blacklist($from_file)
                 set_file_access  ($blklist_file, OWNER_NAME, 0755);
 
                 # -- DISABLED -- save copy to squidGuard config dir
-#               $blklist_file = "{$squidguard_config[FLD_WORKDIR]}/" . SQUIDGUARD_BLK_ENTRIES;
+#               $blklist_file = "{$squidguard_config[F_WORKDIR]}/" . SQUIDGUARD_BLK_ENTRIES;
 #               file_put_contents($blklist_file, implode("\n", array_keys($blk_items)));
 #               set_file_access  ($blklist_file, OWNER_NAME, 0755);
                 sg_addlog("sg_update_blacklist: Create DB entries list '$blklist_file'.", 1);
@@ -1485,7 +1487,7 @@ function sg_update_blacklist($from_file)
             $sh_scr = Array();
             $sh_scr[] = "#!/bin/sh";
             $sh_scr[] = "cd $arc_db_dir";
-            $sh_scr[] = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $conf_path -C all";
+            $sh_scr[] = $squidguard_config[F_BINPATH] . "/squidGuard -c $conf_path -C all";
             $sh_scr[] = "wait"; # wait while SG rebuild DB
             $sh_scr[] = "chown -R -v " . OWNER_NAME . " $arc_db_dir";
             $sh_scr[] = "chmod -R -v 0755 $arc_db_dir";
@@ -1500,7 +1502,7 @@ function sg_update_blacklist($from_file)
 
             # if new blacklist some as already installed, then restart squid for changes to take effects
             $blk_items_old = '';
-            $blk_file_old = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
+            $blk_file_old = $squidguard_config[F_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
             if (file_exists($blk_items_old))
                     $blk_items_old = file_get_contents($blk_file_old);
             if (!empty($blk_items_old) && ($blk_items_old === implode("\n", array_keys($blk_items)))) {
@@ -1537,8 +1539,8 @@ function sg_entries_blacklist()
     $contents = '';
 
     $fl = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES;
-    if (file_exists($squidguard_config[FLD_WORKDIR]))
-        $fl = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
+    if (file_exists($squidguard_config[F_WORKDIR]))
+        $fl = $squidguard_config[F_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
     if (file_exists($fl))
         $contents = explode("\n", file_get_contents($fl));
 
@@ -1551,8 +1553,8 @@ function sg_blacklist_rebuild_db()
 {
     global $squidguard_config;
     $dst_list = array();
-    $dbhome  = $squidguard_config[FLD_DBHOME];
-    $workdir = $squidguard_config[FLD_WORKDIR];
+    $dbhome  = $squidguard_config[F_DBHOME];
+    $workdir = $squidguard_config[F_WORKDIR];
 
     # current dbhome and work dir's
     sg_addlog("sg_blacklist_rebuild_db: Start with path '$dbhome'.", 1);
@@ -1728,8 +1730,8 @@ function scan_blacklist_cat($curdir, $key_name, $cat_array)
 function sg_list_itemsfield($xml_items, $fld_name)
 {
     $ls = array();
-    if (is_array($xml_items[FLD_ITEM]))
-        foreach($xml_items[FLD_ITEM] as $it) {
+    if (is_array($xml_items[F_ITEM]))
+        foreach($xml_items[F_ITEM] as $it) {
             $ls[] = $it[$fld_name];
         }
     return $ls;
@@ -1867,20 +1869,20 @@ function sg_check_time($sgtime, $input_errors)
     $days = array("*", "mon", "tue", "wed", "thu", "fri", "sat", "sun");
     $timetypes = array("weekly", "date");
 
-    if (is_array($sgtime[FLD_ITEM])) {
+    if (is_array($sgtime[F_ITEM])) {
         # check date and time
-        foreach ($sgtime[FLD_ITEM] as $item) {
-            if (!in_array(trim($item[FLD_TIMETYPE]), $timetypes))
-                $err .= " Invalid type '{$item[FLD_TIMETYPE]}'.";
-            if (!in_array(trim($item[FLD_TIMEDAYS]), $days))
-                $err .= " Invalid week day '{$item[FLD_TIMEDAYS]}'.";
-            if (trim($item[FLD_DATERANGE])) $err  .= check_date(trim($item[FLD_DATERANGE]));
-            if (trim($item[FLD_TIMERANGE])) $err  .= check_time(trim($item[FLD_TIMERANGE]));
+        foreach ($sgtime[F_ITEM] as $item) {
+            if (!in_array(trim($item[F_TIMETYPE]), $timetypes))
+                $err .= " Invalid type '{$item[F_TIMETYPE]}'.";
+            if (!in_array(trim($item[F_TIMEDAYS]), $days))
+                $err .= " Invalid week day '{$item[F_TIMEDAYS]}'.";
+            if (trim($item[F_DATERANGE])) $err  .= check_date(trim($item[F_DATERANGE]));
+            if (trim($item[F_TIMERANGE])) $err  .= check_time(trim($item[F_TIMERANGE]));
         }
     }
 
     # errors update
-    if (!empty($err)) $input_errors[] = "TIME '{$sgtime[FLD_NAME]}': $err";
+    if (!empty($err)) $input_errors[] = "TIME '{$sgtime[F_NAME]}': $err";
     return empty($err);
 }
 
@@ -1890,9 +1892,9 @@ function sg_check_time($sgtime, $input_errors)
 function sg_check_dest($sgx, $input_errors)
 {
     $elog = array();
-    $dm = explode(" ", $sgx[FLD_DOMAINS]);
-#   $ex = explode(" ", $sgx[FLD_EXPRESSIONS]);
-    $ur = explode(" ", $sgx[FLD_URLS]);
+    $dm = explode(" ", $sgx[F_DOMAINS]);
+#   $ex = explode(" ", $sgx[F_EXPRESSIONS]);
+    $ur = explode(" ", $sgx[F_URLS]);
     array_packitems(&$dm);
     array_packitems(&$ur);
 
@@ -1905,11 +1907,11 @@ function sg_check_dest($sgx, $input_errors)
         if ($u_it && !is_dest_url($u_it)) $elog[] = "Item '$u_it' is not a url.";
 
     # check redirect
-    sg_check_redirect($sgx[FLD_RMOD], $sgx[FLD_REDIRECT], &$elog);
+    sg_check_redirect($sgx[F_RMOD], $sgx[F_REDIRECT], &$elog);
 
     # update log
     if (!empty($elog)) {
-        $elog = "DEST '{$sgx[FLD_NAME]}': " . implode(" ", $elog);
+        $elog = "DEST '{$sgx[F_NAME]}': " . implode(" ", $elog);
         if (is_array($input_errors))
                  $input_errors[] = $elog;
             else $input_errors   = $elog;
@@ -1925,12 +1927,12 @@ function sg_check_src($sgx, $input_errors)
     $elog = array();
 
     # source may be as one ('source') field or as two ('ip' and 'domain') fields
-    $src = (isset($sgx[FLD_SOURCE])) ? $sgx[FLD_SOURCE] : $sgx[FLD_IP] . " " . $sgx[FLD_DOMAINS];
+    $src = (isset($sgx[F_SOURCE])) ? $sgx[F_SOURCE] : $sgx[F_IP] . " " . $sgx[F_DOMAINS];
     $src = explode(" ", $src);
     foreach ($src as $s_item) {
         if ($s_item) {
             if (!is_ipaddr_valid($s_item) and !is_domain_valid($s_item) and !is_username($s_item))
-                $elog[] = "SRC '{$sgx[FLD_NAME]}': Item '$s_item' is not a ip address or a domain or a 'username'.";
+                $elog[] = "SRC '{$sgx[F_NAME]}': Item '$s_item' is not a ip address or a domain or a 'username'.";
         }
     }
 
diff --git a/packages/squidGuard/squidguard_default.xml b/packages/squidGuard/squidguard_default.xml
index 4912b163..78401918 100644
--- a/packages/squidGuard/squidguard_default.xml
+++ b/packages/squidGuard/squidguard_default.xml
@@ -102,6 +102,16 @@
                         <cols>65</cols>
                         <rows>2</rows>
                 </field>
+                <field>
+                        <fielddescr>Spec: Use safe search engine</fielddescr>
+                        <fieldname>safesearch</fieldname>
+                        <description>
+                                To protect your children from adult content, you can use the protected mode of search engines. 
+                                Now it is supported by Google, Yandex, Yahoo, MSN, Live Search. Make sure that the search engines can, and others, it is recommended to prohibit.
+                                &lt;br&gt;Note: ! This option overrides 'Rewrite' setting. !
+                        </description>
+                        <type>checkbox</type>
+                </field>
                 <field>
                         <fielddescr>Rewrite</fielddescr>
                         <fieldname>rewrite</fieldname>
diff --git a/packages/squidGuard/squidguard_rewr.xml b/packages/squidGuard/squidguard_rewr.xml
index dd320426..d126a9ae 100644
--- a/packages/squidGuard/squidguard_rewr.xml
+++ b/packages/squidGuard/squidguard_rewr.xml
@@ -77,21 +77,27 @@
 					<fielddescr>Target URL or regular expression</fielddescr>
 					<fieldname>targeturl</fieldname>
 					<type>input</type>
-					<size>50</size>
+					<size>45</size>
 				</rowhelperfield>
 				<rowhelperfield>
 					<fielddescr>Replace to URL</fielddescr>
 					<fieldname>replaceto</fieldname>
 					<type>input</type>
-					<size>69</size>
-				</rowhelperfield>
-
-<!--				<rowhelperfield>
-					<fielddescr>Case ins.</fielddescr>
-					<fieldname>caseins</fieldname>
-					<type>checkbox</type>
+					<size>45</size>
 				</rowhelperfield>
 				<rowhelperfield>
+					<fielddescr>Opt.</fielddescr>
+					<fieldname>mode</fieldname>
+					<type>select</type>
+                                  <value>no</value>
+                                  <options>
+                                      <option> <name>---------</name> <value>no</value> </option>
+                                      <option> <name>no case  </name> <value>nocase</value> </option>
+                                      <option> <name>redirect </name> <value>redirect</value> </option>
+                                      <option> <name>no case + redirect</name> <value>nocase_redirect</value> </option>
+                                  </options>
+				</rowhelperfield>
+<!--				<rowhelperfield>
 					<fielddescr>Http 301</fielddescr>
 					<fieldname>http301</fieldname>
 					<type>checkbox</type>
-- 
cgit v1.2.3