Add API to exclude module calls from logging

Add UI for testing two-factor after enrollment
aafecf0fb2
2026-03-11 05:12:03 +00:00 · 2026-03-10 23:25:22 +02:00 · 2026-03-10 22:33:02 +02:00 · 2026-03-10 18:05:59 +02:00 · 2026-03-10 17:29:18 +02:00 · 2026-03-10 17:29:17 +02:00
421 changed files with 9988 additions and 3258 deletions
--- a/.github/workflows/webmin.dev+webmin.yml
+++ b/.github/workflows/webmin.dev+webmin.yml
@@ -6,21 +6,22 @@ on:
      - master
  release:
    types:
-      - published
+      - prereleased
      - released
 jobs:
  build:
    uses: webmin/webmin-ci-cd/.github/workflows/master-workflow.yml@main
    with:
      build-type: package
-      project-name: webmin
+      project-name: ${{ github.event.repository.name }}
      is-release: ${{ github.event_name == 'release' }}
      is-prerelease: ${{ github.event.release.prerelease || false }}
    secrets:
      DEV_GPG_PH: ${{ secrets.DEV_GPG_PH }}
      DEV_IP_ADDR: ${{ secrets.DEV_IP_ADDR }}
      DEV_IP_KNOWN_HOSTS: ${{ secrets.DEV_IP_KNOWN_HOSTS }}
      DEV_UPLOAD_SSH_USER: ${{ secrets.DEV_UPLOAD_SSH_USER }}
      DEV_UPLOAD_SSH_DIR: ${{ secrets.DEV_UPLOAD_SSH_DIR }}
      PRERELEASE_UPLOAD_SSH_DIR: ${{ secrets.PRERELEASE_UPLOAD_SSH_DIR }}
      DEV_SSH_PRV_KEY: ${{ secrets.DEV_SSH_PRV_KEY }}
-      DEV_SIGN_BUILD_REPOS_CMD: ${{ secrets.DEV_SIGN_BUILD_REPOS_CMD }}
+      ALL_GPG_PH2: ${{ secrets.ALL_GPG_PH2 }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,94 @@
 ## Changelog
 #### 2.621 (January 25, 2026)
 * Fix to prevent NAT from dropping idle RPC sessions during long transfers
 * Fix to improve the message when socket authentication is used in the MySQL/MariaDB module
 * Fix to make upload tracking work correctly in all situations and on all systems
 * Fix to correctly display the PHP version in the PHP Configuration module when managing packages
 * Update Xterm.js to the latest version with lots of improvements and fixes
 * Update Authentic theme to the latest version with various improvements and fixes:
  * Fix the support for the cloned Terminal module
  * Fix error handling for file uploads when the user is out of quota or the system is out of disk space in the File Manager module
  * Fix to stop loading full file into memory for upload check to prevent memory leak on large uploads in the File Manager module
  * Fix to permanently save the state of the navigation menu and right-side slider when toggled
 #### 2.620 (January 9, 2026)
 * Add ability to use correct driver depending on the database in MySQL/MariaDB module
 * Add improvements to BIND DNS module for better key management
 * Add support for Ubuntu 26.04 development preview
 * Add a config option to increase the RPC timeout
 * Add support for EC SSL certificate and key in the ProFTPd module
 * Add support for using `gpart` in FreeBSD disk management module
 * Add support for Ed25519 public key in User and Groups module
 * Fix RPC session timeout during large file transfers
 * Fix selection and configuration of TLS certificate and key in the ProFTPd module
 * Update Authentic theme to the latest version with various improvements and fixes:
  * Add support for multiple scrollable tabs in the File Manager
  * Fix displaying of the right-side toolbar in File Manager when using Safari
  * Fix to print menu separator when no virtual servers are added yet in Virtualmin
  * Fix bugs in white palette
  * Fix exported file name in data tables
 #### 2.610 (November 23, 2025)
 * Fix to drop dependency on `IO::Pty` Perl module
 * Fix `virtual-server` module server-side search to work correctly
 * Update the Authentic theme to the latest version with various improvements and fixes:
  - Add a range slider to adjust content page margins more precisely
  - Add an option to enable rounded corners for content page
  - Add more customization options for pie charts
  - Fix to increase clickable area for checkboxes in File Manager
  - Fix to correct rotation of pin and unpin button for right side slider
  - Fix color of selected items in the multiselect dropdown
  - Fix to improve the visibility of disabled checkboxes
  - Fix to send saved params in the post body when saving theme configuration
    [More details...](https://github.com/webmin/authentic-theme/releases/tag/26.20)
 #### 2.600 (November 9, 2025)
 * Add an options to enable the slow query log in the MySQL/MariaDB module [#2560](https://github.com/webmin/webmin/issues/2560)
 * Add ability to install multiple PHP extensions at once in the PHP Configuration module
 * Add ability to show package URL in the Software Packages module [#1141](https://github.com/virtualmin/virtualmin-gpl/issues/1141)
 * Add support to show Debian package install time in the Software Packages module
 * Add support to show detailed Webmin server stats using new `webmin stats` CLI command [forum.virtualmin.com/t/135556](https://forum.virtualmin.com/t/is-this-memory-used-a-bit-high/135556/6?u=ilia)
 * Add a major Authentic theme UI update with lots of visual and structural improvements for a smoother and more modern experience
 [More details...](https://forum.virtualmin.com/t/authentic-theme-version-26-00-release-overview/135755?u=ilia)
 * Fix EOL library fatal error for OS in development [#2121](https://github.com/webmin/webmin/issues/2121)
 * Fix correctly saving jails with parameters containing quotes in the Fail2Ban module [#2572](https://github.com/webmin/webmin/issues/2572)
 * Fix file is always renamed as the effective user in the Upload and Download module [#1054](https://github.com/webmin/webmin/issues/1054)
 #### 2.520 (October 4, 2025)
 * Fix to make sure the mail URL uses a well-known host name [security]
 * Fix support for other Raspberry Pi sensors [#2545](https://github.com/webmin/webmin/issues/2545)
 * Fix the printing of the bottom button row in the form column table
 * Fix to recommend Perl `Sys::Syslog` module [#2557](https://github.com/webmin/webmin/issues/2557)
 * Fix to avoid using short hostname in HTTPS redirects when an FQDN is available
 * Fix to use _/proc_ sampler instead of `vmstat` for the same output with much lower overhead
 * Fix to query specific fields in FreeBSD memory stats collection, cutting CPU use by 80%
 * Fix to kill Webmin subprocesses during RC stop on FreeBSD and other systems
 * Fix to correctly fetch command version in `PPTP VPN Client` module [#2567](https://github.com/webmin/webmin/issues/2567)
 * Add a complete overhaul of `var_dump` subroutine, which is now fully portable
 * Update the Authentic theme to the latest version with various fixes:
  - Fix the text color when reading email in the Read User Mail module [webmin#2555](https://github.com/webmin/webmin/issues/2555)
  - Fix to ensure the selected color palette is correctly stored when changed manually [webmin#2552](https://github.com/webmin/webmin/issues/2552)
  - Fix a bug when the Webmin version label was missing when copying to clipboard system information from the dashboard
  - Fix DNS query spike from network stats collection on FreeBSD [webmin#2556](https://github.com/webmin/webmin/issues/2556)
  - Fix to display the appropriate icon for proxy mode on new Bunny DNS
  - Fix spinner color in toast messages for dark palette
  - Fix other bugs and add various small improvements
 #### 2.510 (September 16, 2025)
 * Fix to ensure DNSSEC re-signing period is less than 30 days in the BIND DNS module
 * Fix to treat 201 as a valid response code in the internal download function
 * Update the Authentic theme to the latest version with various improvements and fixes:
  - Add optimizations to dashboard graphs with dynamic trimming to prevent page lagging
  - Add improvements to how the system cache for the dashboard is updated
  - Add support to correctly reload the page in proxy mode
  - Add an option to choose if default page should always load when switching navigation
  - Fix to ensure the color palette is preserved for the user [webmin#2537](https://github.com/webmin/webmin/issues/2537)
  - Fix algorithm for calculating rows per page in data table pagination
  - Fix the alert info box text color for dark mode
  - Fix critical lags and appearance of Custom Commands module 
 #### 2.501 (September 10, 2025)
 * Add support for Raspberry Pi sensors #2539 #2517
 * Add Squid 7 support
@@ -211,7 +300,7 @@
 * Fix to using the `qrencode` command to generate QR codes locally instead of the remote Google Chart API
 * Fix a number of various other issues
-#### 2.105 (November 09, 2023)
+#### 2.105 (November 9, 2023)
 * Fix param to read only headers [sourceforge.net/usermin-bugs#501](https://sourceforge.net/p/webadmin/usermin-bugs/501/)
 * Fix not to set `reuse` flag on initial Let's Encrypt request
 * Fix to correctly escape mail file names upon deletion
@@ -226,7 +315,7 @@
 * Fix the absent init script for legacy systems after the initial installation
 * Update the Authentic theme to the latest version with various fixes and improvements
-#### 2.103 (October 08, 2023)
+#### 2.103 (October 8, 2023)
 * Add support for hostname detection using `hostnamectl` command
 * Add support for other ACME services
 * Add ability to hide dotfiles in File Manager [#1578](https://github.com/webmin/authentic-theme/issues/1578)
@@ -275,7 +364,7 @@
 * Fix clearing packages caches before checking for updates in status collection #1863
 * Update the Authentic theme to the latest version
-#### 2.020 (March 08, 2023)
+#### 2.020 (March 8, 2023)
 * Add full locale support
 * Add slave zone file format option in BIND DNS module
 * Add support for editing ACLs in File Manager
@@ -445,10 +534,10 @@ This release updates the built-in Let's Encrypt client, adds support for creatin
 #### Version 1.930 (August 18, 2019)
 These updates fix a [security vulnerability](http://webmin.com/security.html) and should be installed IMMEDIATELY by all users. Although it is not exploitable in a Webmin install with the default configuration, upgrading is strongly recommended.
-#### Version 1.920 (July 04, 2019)
+#### Version 1.920 (July 4, 2019)
 This update includes the latest theme version, translation updates, the ability to disable hosts file entries, easier monitoring of bootup actions, and a bunch of bugfixes.
-#### Version 1.910 (May 09, 2019)
+#### Version 1.910 (May 9, 2019)
 This release includes theme and translation updates, a page for editing package repositories, cron and status module improvements, and a bunch of other bugfixes and small improvements.
 #### Version 1.900 (November 19, 2018)
@@ -460,7 +549,7 @@ This version includes Ubuntu 18 network config support, translation updates, mul
 #### Version 1.880 (March 16, 2018)
 This version includes German, Catalan and Bulgarian translation updates, a new version of the Authentic theme, support for directly editing the MySQL and PostgreSQL config files, Let's Encrypt bugfixes, more control over system status email notifications, and more.
-#### Version 1.870 (December 08, 2018)
+#### Version 1.870 (December 8, 2018)
 This release includes many translation updates, fixes for Let's Encrypt support, UI cleanups, and most importantly a new major version of the Authentic theme.
 #### Version 1.860 (October 10, 2017)
@@ -469,7 +558,7 @@ This release includes Let's Encrypt DNS fixes, Majordomo module improvements, XS
 #### Version 1.850 (June 28, 2017)
 This release includes Let's Encrypt fixes, Majordomo module improvements, FirewallD forwarding support, translation updates, an update to the Authentic theme, and a bunch of other bugfixes.
-#### Version 1.840 (May 08, 2017)
+#### Version 1.840 (May 8, 2017)
 This major release includes a large theme update, XSS security fixes, per-domain SSL cert support, thin-provisioned LVM support, Let's Encrypt improvements, translation updates, and the usual gang of bugfixes. Also available is Usermin 1.710, which contains many of the same updates.
 #### Version 1.830 (December 29, 2016)
--- a/README.md
+++ b/README.md
@@ -19,11 +19,11 @@
 **Webmin** is a web-based system administration tool for Unix-like servers, and services with about _1,000,000_ yearly installations worldwide. Using it, it is possible to configure operating system internals, such as users, disk quotas, services or configuration files, as well as modify, and control open-source apps, such as BIND DNS Server, Apache HTTP Server, PHP, MySQL, and many more.
 <p align="center">
-  <a href="https://webmin.com/screenshots/#gh-light-mode-only" target="_blank">
+  <a href="https://webmin.com/screenshots/?theme=light#gh-light-mode-only" target="_blank">
-    <img width="1440" alt="Dashboard screenshot" src="https://user-images.githubusercontent.com/4426533/218264253-c08fb45a-8d75-44bf-93b3-37a2ecae3d20.png">
+    <img width="1440" alt="Dashboard screenshot" src="https://github.com/user-attachments/assets/a01d0a78-4130-4665-9284-814955ae1c97">
  </a>
-  <a href="https://webmin.com/screenshots/#gh-dark-mode-only" target="_blank">
+  <a href="https://webmin.com/screenshots/?theme=dark#gh-dark-mode-only" target="_blank">
-    <img width="1440" alt="Dashboard screenshot" src="https://user-images.githubusercontent.com/4426533/218265232-31140aa6-ada1-4019-bd75-04240aeabc83.png">
+    <img width="1440" alt="Dashboard screenshot" src="https://github.com/user-attachments/assets/da4b90a0-c002-4e10-8b34-5acb251bbec9">
  </a>
 </p>
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,23 +1,242 @@
 ## Reporting Security Issues
-Please send all reports of security issues found in Webmin to security@webmin.com
+> [!WARNING]
-via email, ideally PGP encrypted with the key from https://www.webmin.com/jcameron-key.asc .
+> **Found a bug?** If you’ve found a new security-related issue, email
 > [security@webmin.com](mailto:security@webmin.com).
-Potential security issues, in descending order of impact, include :
+### Webmin 2.510 and below [October 9, 2025]
 #### Host header injection vulnerability in the password reset feature [CVE-2025-61541]
-* Remotely exploitable attacks that allow `root` access to Webmin without
+- If the password reset feature is enabled, an attacker can use a specially
-  any credentials.
+  crafted host header to cause the password reset email to contain a link to a
  malicious site.
-* Privilege escalation vulnerabilities that allow non-`root` users of Webmin
+  > Thanks to Nyein Chan Aung and Mg Demon for reporting this.
  to run commands or access files as `root`.
-* XSS attacks that target users already logged into Webmin when they visit
+### Webmin 2.202 and below [February 26, 2025]
-  another website.
+#### SSL certificates from clients may be trusted unexpectedly
-Things that are not actually security issues include :
+- If Webmin is configured to trust remote IP addresses provided by a proxy *and*
  you have users authenticating using client SSL certificates, a browser
  connecting directly (not via the proxy) can provide a forged header to fake
  the client certificate.
-* XSS attacks that are blocked by Webmin's referrer checks, which are enabled
+- Upgrade to Webmin 2.301 or later, and if there is any chance of direct
-  by default.
+  requests by clients disable this at **Webmin ⇾ Webmin Configuration ⇾ IP
  Access Control** page using **Trust level for proxy headers** option.
-* Attacks that require modifications to Webmin's code or configuration, which
+  > Thanks to Keigo YAMAZAKI from LAC Co., Ltd. for reporting this.
-  can only be done by someone who already has `root` permissions.
+
 ### Webmin 2.105 and below [April 15, 2024]
 #### Privilege escalation by non-root users [CVE-2024-12828]
 - A less-privileged Webmin user can execute commands as root via a vulnerability in the shell autocomplete feature.
 - All Virtualmin admins and Webmin admins who have created additional accounts should upgrade to version 2.111 as soon as possible!
  > Thanks to Trend Micro’s Zero Day Initiative for finding and reporting this issue.
 ### Webmin 1.995 and Usermin 1.850 and below [June 30, 2022]
 #### XSS vulnerability in the HTTP Tunnel module
 - If a less-privileged Webmin user is given permission to edit the configuration of the HTTP Tunnel module, he/she could use this to introduce a vulnerability that captures cookies belonging to other Webmin users that use the module.
  > Thanks to [BLACK MENACE][2] and [PYBRO][3] for reporting this issue.
 - An HTML email crafted by an attacker could capture browser cookies when opened.
  > Thanks to [ly1g3][4] for reporting this bug.
 ### Webmin 1.991 and below [April 18, 2022]
 #### Privilege escalation exploit [CVE-2022-30708]
 - Less privileged Webmin users (excluding those created by Virtualmin and Cloudmin) can modify arbitrary files with root privileges, and so run commands as root. All systems with additional untrusted Webmin users should upgrade immediately.
  > Thanks to [esp0xdeadbeef][5] and [V1s3r1on][6] for finding and reporting this issue!
 ### Webmin 1.984 and below [December 26, 2021]
 #### File Manager privilege exploit [CVE-2022-0824 and CVE-2022-0829]
 - Less privileged Webmin users who do not have any File Manager module restrictions configured can access files with root privileges, if using the default Authentic theme. All systems with additional untrusted Webmin users should upgrade immediately. Note that Virtualmin systems are not effected by this bug, due to the way domain owner Webmin users are configured.
  > Thanks to Faisal Fs ([faisalfs10x][7]) from [NetbyteSEC][8] for finding and reporting this issue!
 ### Virtualmin Procmail wrapper version 1.0
 #### Privilege escalation exploit
 - Version 1.0 of the `procmail-wrapper` package installed with Virtualmin has a vulnerability that can be used by anyone with SSH access to gain `root` privileges. To prevent this, all Virtualmin users should upgrade to version 1.1 or later immediately.
 ### Webmin 1.973 and below [March 7, 2021]
 #### XSS vulnerabilities if Webmin is installed using the `setup.pl` script [CVE-2021-31760, CVE-2021-31761 and CVE-2021-31762]
 - If Webmin is installed using the non-recommended `setup.pl` script, checking for unknown referers is not enabled by default. This opens the system up to XSS and CSRF attacks using malicious links. Fortunately the standard `rpm`, `deb`, `pkg` and `tar` packages do not use this script and so are not vulnerable. If you did install using the `setup.pl` script, the vulnerability can be fixed by adding the line `referers_none=1` to `/etc/webmin/config` file.
 > Thanks to Meshal ( Mesh3l\_911 ) [@Mesh3l\_911][9] and Mohammed ( Z0ldyck ) [@electronicbots][10] for finding and reporting this issue!
 ### Webmin 1.941 and below [January 16, 2020]
 #### XSS vulnerability in the Command Shell module [CVE-2020-8820 and CVE-2020-8821]
 - A user with privileges to create custom commands could exploit other users via unescaped HTML.
 > Thanks to Mauro Caseres for reporting this and the following issue.
 ### Webmin 1.941 and below [January 16, 2020]
 #### XSS vulnerability in the Read Mail module [CVE-2020-12670]
 - Saving a malicious HTML attachment could trigger and XSS vulnerability.
 ### Webmin 1.882 to 1.921 [July 6, 2019]
 #### Remote Command Execution [CVE-2019-15231]
 - Webmin releases between these versions contain a vulnerability that allows remote command execution! Version 1.890 is vulnerable in a default install and should be upgraded immediately - other versions are only vulnerable if changing of expired passwords is enabled, which is not the case by default.
  Either way, upgrading to version 1.930 is strongly recommended. Alternately, if running versions 1.900 to 1.920, edit `/etc/webmin/miniserv.conf`, remove the `passwd_mode=` line, then run `/etc/webmin/restart` command.
 {{< details-start post-indent-details "More details.."  >}}
    Webmin version 1.890 was released with a backdoor that could allow anyone with knowledge of it to execute commands as root. Versions 1.900 to 1.920 also contained a backdoor using similar code, but it was not exploitable in a default Webmin install. Only if the admin had enabled the feature at **Webmin ⇾ Webmin Configuration ⇾ Authentication** to allow changing of expired passwords could it be used by an attacker.
    Neither of these were accidental bugs - rather, the Webmin source code had been maliciously modified to add a non-obvious vulnerability. It appears that this happened as follows :
    - At some time in April 2018, the Webmin development build server was exploited and a vulnerability added to the `password_change.cgi` script. Because the timestamp on the file was set back, it did not show up in any Git diffs. This was included in the Webmin 1.890 release.
    - The vulnerable file was reverted to the checked-in version from GitHub, but sometime in July 2018 the file was modified again by the attacker. However, this time the exploit was added to code that is only executed if changing of expired passwords is enabled. This was included in the Webmin 1.900 release.
    - On September 10th 2018, the vulnerable build server was decommissioned and replaced with a newly installed server running CentOS 7. However, the build directory containing the modified file was copied across from backups made on the original server.
    - On August 17th 2019, we were informed that a 0-day exploit that made use of the vulnerability had been released. In response, the exploit code was removed and Webmin version 1.930 created and released to all users.
    In order to prevent similar attacks in future, we're doing the following :
    - Updating the build process to use only checked-in code from GitHub, rather than a local directory that is kept in sync.
    - Rotated all passwords and keys accessible from the old build system.
    - Auditing all GitHub commits over the past year to look for commits that may have introduced similar vulnerabilities.
 {{< details-end >}}
 ### Webmin 1.900 [November 19, 2018]
 #### Remote Command Execution (Metasploit)
 - This is _not_ a workable exploit as it requires that the attacker already know the root password. Hence there is no fix for it in Webmin.
 ### Webmin 1.900 and below [November 19, 2018]
 #### Malicious HTTP headers in downloaded URLs
 - If the Upload and Download or File Manager module is used to fetch an un-trusted URL. If a Webmin user downloads a file from a malicious URL, HTTP headers returned can be used exploit an XSS vulnerability.
 > Thanks to independent security researcher, John Page aka hyp3rlinx, who reported this vulnerability to Beyond Security's SecuriTeam Secure Disclosure program.
 ### Webmin 1.800 and below [May 26, 2016]
 #### Authentic theme configuration page vulnerability
 - Only an issue if your system has un-trusted users with Webmin access and is using the new Authentic theme. A non-root Webmin user could use the theme configuration page to execute commands as root.
 #### Authentic theme remote access vulnerability
 - Only if the Authentic theme is enabled globally. An attacker could execute commands remotely as root, as long as there was no firewall blocking access to Webmin's port 10000.
 ### Webmin 1.750 and below [May 12, 2015]
 #### XSS (cross-site scripting) vulnerability in `xmlrpc.cgi` script [CVE-2015-1990]
 - A malicious website could create links or JavaScript referencing the `xmlrpc.cgi` script, triggered when a user logged into Webmin visits the attacking site.
 > Thanks to Peter Allor from IBM for finding and reporting this issue.
 ### Webmin 1.720 and below [November 24, 2014]
 #### Read Mail module vulnerable to malicious links
 - If un-trusted users have both SSH access and the ability to use Read User Mail module (as is the case for Virtualmin domain owners), a malicious link could be created to allow reading any file on the system, even those owned by _root_.
 > Thanks to Patrick William from RACK911 labs for finding this bug.
 ### Webmin 1.700 and below [August 11, 2014]
 #### Shellshock vulnerability
 - If your _bash_ shell is vulnerable to _shellshock_, it can be exploited by attackers who have a Webmin login to run arbitrary commands as _root_. Updating to version 1.710 (or updating _bash_) will fix this issue.
 ### Webmin 1.590 and below [June 30, 2012]
 #### XSS (cross-site scripting) security hole
 - A malicious website could create links or JavaScript referencing the File Manager module that allowed execution of arbitrary commands via Webmin when the website is viewed by the victim. See [CERT vulnerability note VU#788478][12] for more details. Thanks to Jared Allar from the American Information Security Group for reporting this problem.
 #### Referer checks don't include port
 - If an attacker has control over `http://example.com/` then he/she could create a page with malicious JavaScript that could take over a Webmin session at `https://example.com:10000/` when `http://example.com/` is viewed by the victim.
 > Thanks to Marcin Teodorczyk for finding this issue.
 ### Webmin 1.540 and below [April 20, 2011]
 #### XSS (cross-site scripting) security hole
 - This vulnerability can be triggered if an attacker changes his Unix username via a tool like `chfn`, and a page listing usernames is then viewed by the root user in Webmin.
 > Thanks to Javier Bassi for reporting this bug.
 ### Virtualmin 3.70 and below [June 23, 2009]
 #### Unsafe file writes in Virtualmin
 - This bug allows a virtual server owner to read or write to arbitrary files on the system by creating malicious symbolic links and then having Virtualmin perform operations on those links. Upgrading to version 3.70 is strongly recommended if your system has un-trusted domain owners.
 ### Webmin 1.390 and below, Usermin 1.320 and below [February 8, 2008]
 #### XSS (cross-site scripting) security hole
 - This attack could open users who visit un-trusted websites while having Webmin open in the same browser up to having their session cookie captured, which could then allow an attacker to login to Webmin without a password. The quick fix is to go to the **Webmin Configuration** module, click on the **Trusted Referers** icon, set **Referrer checking enabled?** to **Yes**, and un-check the box **Trust links from unknown referrers**. Webmin 1.400 and Usermin 1.330 will make these settings the defaults.
 ### Webmin 1.380 and below [November 3, 2007]
 #### Windows-only command execution bug
 - Any user logged into Webmin can execute any command using special URL parameters. This could be used by less-privileged Webmin users to raise their level of access.
 > Thanks for Keigo Yamazaki of Little eArth Corporation for finding this bug.
 ### Webmin 1.374 and below, Usermin 1.277 and below
 #### XSS bug in `pam_login.cgi` script
 - A malicious link to Webmin `pam_login.cgi` script can be used to execute JavaScript within the Webmin server context, and perhaps steal session cookies.
 ### Webmin 1.330 and below, Usermin 1.260 and below
 #### XSS bug in `chooser.cgi` script
 - When using Webmin or Usermin to browse files on a system that were created by an attacker, a specially crafted filename could be used to inject arbitrary JavaScript into the browser.
 ### Webmin 1.296 and below, Usermin 1.226 and below
 #### Remote source code access
 - An attacker can view the source code of Webmin CGI and Perl programs using a specially crafted URL. Because the source code for Webmin is freely available, this issue should only be of concern to sites that have custom modules for which they want the source to remain hidden.
 #### XSS bug
 - The XSS bug makes use of a similar technique to craft a URL that can allow arbitrary JavaScript to be executed in the user's browser if a malicious link is clicked on.
 > Thanks for Keigo Yamazaki of Little eArth Corporation for finding this bug.
 ### Webmin 1.290 and below, Usermin 1.220 and below
 #### Arbitrary remote file access
 - An attacker without a login to Webmin can read the contents of any file on the server using a specially crafted URL. All users should upgrade to version 1.290 as soon as possible, or setup IP access control in Webmin.
 > Thanks to Kenny Chen for bringing this to my attention.
 ### Webmin 1.280 and below
 #### Windows arbitrary file access
 - If running Webmin on Windows, an attacker can remotely view the contents of any file on your system using a specially crafted URL. This does not affect other operating systems, but if you use Webmin on Windows you should upgrade to version 1.280 or later.
 > Thanks to Keigo Yamazaki of Little eArth Corporation for discovering this bug.
 ### Webmin 1.250 and below, Usermin 1.180 and below
 #### Perl syslog input attack
 - When logging of failing login attempts via `syslog` is enabled, an attacker can crash and possibly take over the Webmin webserver, due to un-checked input being passed to Perl's `syslog` function. Upgrading to the latest release of Webmin is recommended.
 > Thanks to Jack at Dyad Security for reporting this problem to me.
 ### Webmin 1.220 and below, Usermin 1.150 and below
 #### Full PAM conversations' mode remote attack
 - Affects systems when the option **Support full PAM conversations?** is enabled on the **Webmin ⇾ Webmin Configuration ⇾ Authentication** page. When this option is enabled in Webmin or Usermin, an attacker can gain remote access to Webmin without needing to supply a valid login or password. Fortunately this option is not enabled by default and is rarely used unless you have a PAM setup that requires more than just a username and password, but upgrading is advised anyway. <br />
 > Thanks to Keigo Yamazaki of Little eArth Corporation and [JPCERT/CC][13] for discovering and notifying me of this bug.
 ### Webmin 1.175 and below, Usermin 1.104 and below
 #### Brute force password guessing attack
 - Prior Webmin and Usermin versions do not have password timeouts turned on by default, so an attacker can try every possible password for the _root_ or admin user until he/she finds the correct one.  
 The solution is to enable password timeouts, so that repeated attempts to login as the same user will become progressively slower. This can be done by following these steps :
    * Go to the **Webmin Configuration** module.
    * Click on the **Authentication** icon.
    * Select the **Enable password timeouts** button.
    * Click the **Save** button at the bottom of the page.
   This problem is also present in Usermin, and can be prevented by following the same steps in the **Usermin Configuration** module.
 ### Webmin 1.150 and below, Usermin 1.080 and below
 #### XSS vulnerability
 - When viewing HTML email, several potentially dangerous types of URLs can be passed through. This can be used to perform malicious actions like executing commands as the logged-in Usermin user.
 #### Module configurations are visible
 - Even if a Webmin user does not have access to a module, he/she can still view it's Module Config page by entering a URL that calls `config.cgi` with the module name as a parameter.
 #### Account lockout attack
 - By sending a specially constructed password, an attacker can lock out other users if password timeouts are enabled.
  [2]: https://github.com/bl4ckmenace
  [3]: https://github.com/Pybro09
  [4]: https://github.com/ly1g3
  [5]: https://github.com/esp0xdeadbeef
  [6]: https://github.com/V1s3r1on
  [7]: https://github.com/faisalfs10x/
  [8]: https://www.netbytesec.com/
  [9]: https://twitter.com/Mesh3l_911
  [10]: https://twitter.com/electronicbots
  [12]: http://www.kb.cert.org/vuls/id/788478
  [13]: http://www.jpcert.or.jp/
--- a/WebminCore.pm
+++ b/WebminCore.pm
--- a/acl/edit_unix.cgi
+++ b/acl/edit_unix.cgi
@@ -82,7 +82,7 @@ print &ui_table_row($text{'unix_restrict2'},
 print &ui_table_row("",
 	&ui_checkbox("shells_deny", 1, $text{'unix_shells'},
 		     $miniserv{'shells_deny'} ? 1 : 0)." ".
-	&ui_filebox("shells", $miniserv{'shells_deny'} || "/etc/shells", 40));
+	&ui_filebox("shells", $miniserv{'shells_deny'} || "/etc/shells", 25));
 print &ui_table_end();
 print &ui_form_end([ [ undef, $text{'save'} ] ]);
--- a/acl/edit_user.cgi
+++ b/acl/edit_user.cgi
@@ -238,6 +238,18 @@ my @themes = grep { !$_->{'overlay'} } @all;
 my @overlays = grep { $_->{'overlay'} } @all;
 if ($access{'theme'}) {
 	my $tconf_link;
 	my %tinfo = &webmin::get_theme_info($user{'theme'});
 	if ($user{'theme'} && $user{'theme'} eq $tinfo{'dir'} &&
 	    $user{'name'} eq $remote_user &&
 	    $tinfo{'config_link'}) {
 		$tconf_link = &ui_tag('span', &ui_link(
 			"@{[&get_webprefix()]}/$tinfo{'config_link'}",
 			&ui_tag('span', '⚙', 
 				{ class => 'theme-config-char',
 				  title => $text{'themes_configure'} }),
 			'text-link'), { style => 'position: relative;' });
 		}
 	# Current theme
 	my @topts = ( );
 	push(@topts, !$user{'theme'} ? [ '', $text{'edit_themedef'} ] : ());
@@ -247,7 +259,8 @@ if ($access{'theme'}) {
 	print &ui_table_row($text{'edit_theme'},
 		&ui_radio("theme_def", defined($user{'theme'}) ? 0 : 1,
 		  [ [ 1, $text{'edit_themeglobal'} ],
-		    [ 0, &ui_select("theme", $user{'theme'}, \@topts) ] ]));
+		    [ 0, &ui_select("theme", $user{'theme'}, \@topts).
 		    	 $tconf_link ] ]));
 	}
 if ($access{'theme'} && @overlays) {
--- a/acl/index.cgi
+++ b/acl/index.cgi
@@ -7,7 +7,7 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './acl-lib.pl';
-our (%in, %text, %config, %access, $base_remote_user);
+our (%in, %text, %config, %gconfig, %access, $base_remote_user);
 &ReadParse();
 &ui_print_header(undef, $text{'index_title'}, "", undef, 1, 1);
@@ -206,7 +206,7 @@ if (uc($ENV{'HTTPS'}) eq "ON" && $miniserv{'ca'}) {
 push(@icons, "images/twofactor.gif");
 push(@links, "twofactor_form.cgi");
 push(@titles, $text{'index_twofactor'});
-if ($access{'rbacenable'}) {
+if ($access{'rbacenable'} && $gconfig{'os_type'} eq 'solaris') {
 	push(@icons, "images/rbac.gif");
 	push(@links, "edit_rbac.cgi");
 	push(@titles, $text{'index_rbac'});
@@ -291,7 +291,13 @@ return &ui_checkbox("d", $user->{'name'}, "", 0).
       ($ro ? "<b>" : "").
       &ui_link("$cgi?$param=".&urlize($user->{'name'}),
 	        $user->{'name'}).
-       ($user->{'twofactor_id'} ? "*" : "").
+       ($user->{'twofactor_id'}
       	? &ui_tag('sup', '⚷', 
            { title => $text{'index_twofactor_enabled'},
 	      class => 'twofactor-enabled-icon',
 	      style => 'font-size: 11px; margin-left: 5px; cursor: default;'.
                       'display: inline-block; transform: rotate(90deg);' } )
 	: "").
       ($ro ? "</b>" : "").
       ($lck ? "</i>" : "");
 }
--- a/acl/lang/en
+++ b/acl/lang/en
@@ -6,6 +6,7 @@ index_screate=Create a new safe user.
 index_convert=Convert Unix To Webmin Users
 index_cert=Request an SSL Certificate
 index_twofactor=Two-Factor Authentication
 index_twofactor_enabled=Two-factor authentication is enabled for this user
 index_certmsg=Click this button to request an SSL certificate that will allow you to securely login to Webmin without having to enter a username and password.
 index_return=user list
 index_none=None
@@ -358,16 +359,16 @@ sessions_user=Webmin user
 sessions_login_ago=Last active ago
 sessions_login=Last active at
 sessions_host=IP address
-sessions_lview=View logs..
+sessions_lview=View logs
-sessions_actions=Actions..
+sessions_actions=Actions
-sessions_all=All sessions..
+sessions_all=All sessions
-sessions_logouts=Also show logged-out sessions..
+sessions_logouts=Also show logged-out sessions
 sessions_state=State
 sessions_action=Actions
 sessions_this=This login
 sessions_in=Logged in
 sessions_out=Logged out
-sessions_kill=Disconnect..
+sessions_kill=Disconnect
 logins_title=Recent Webmin logins
@@ -513,9 +514,18 @@ twofactor_enable=Enroll For Two-Factor Authentication
 twofactor_header=Two-factor authentication enrollment details
 twofactor_enrolling=Enrolling for two-factor authentication with provider $1 ..
 twofactor_failed=.. enrollment failed : $1
-twofactor_done=.. complete. Your ID with this provider is <tt>$1</tt>.
+twofactor_done=.. completed, with ID <tt>$1</tt>
 twofactor_setup=Two-factor authentication has not been enabled on this system yet, but can be turned on using the <a href='$1'>Webmin Configuration</a> module.
 twofactor_ebutton=No button clicked!
 twofactor_testdesc=Before logging out, you can test your new two-factor authentication setup here by entering a token. If for some reason it doesn't work, turn off two-factor authentication and try setting it up again.
 twofactor_testfield=Two-factor token
 twofactor_test=Validate Token
 twofactor_terr=Failed to test two-factor setup
 twofactor_etestuser=Login does not have two-factor enabled!
 twofactor_testing=Testing two-factor validation with $1 ..
 twofactor_testfailed=.. test failed! Maybe the wrong token was entered, or your authentication app has not been configured correctly?
 twofactor_testok=.. test passed! You can now safely login using two-factor authentication.
 twofactor_testdis=Disable Two-Factor Now
 forgot_title=Send Password Reset Link
 forgot_err=Failed to send password reset link
--- a/acl/save_twofactor.cgi
+++ b/acl/save_twofactor.cgi
@@ -55,7 +55,7 @@ if ($in{'enable'}) {
 		my $mfunc = "webmin::message_twofactor_".
 			    $miniserv{'twofactor_provider'};
 		if (defined(&{\&{$mfunc}})) {
-			print &{\&{$mfunc}}($user);
+			print "<p></p>".&{\&{$mfunc}}($user);
 			}
 		# Save user
@@ -65,6 +65,15 @@ if ($in{'enable'}) {
 		&webmin_log("twofactor", "user", $user->{'name'},
 			    { 'provider' => $user->{'twofactor_provider'},
 			      'id' => $user->{'twofactor_id'} });
 		# Show a test form, so the user can validate
 		print &ui_form_start("test_twofactor.cgi");
 		print $text{'twofactor_testdesc'},"<p>\n";
 		print "$text{'twofactor_testfield'}&nbsp;\n",
 		      &ui_textbox("test", undef, 12),"\n";
 		print &ui_hidden("user", $in{'user'}) if ($in{'user'});
 		print "<p>\n";
 		print &ui_form_end([ [ undef, $text{'twofactor_test'} ] ]);
 		}
 	&ui_print_footer("", $text{'index_return'});
--- a/acl/test_twofactor.cgi
+++ b/acl/test_twofactor.cgi
@@ -0,0 +1,47 @@
 #!/usr/local/bin/perl
 # Validate a user-supplied two-factor token
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './acl-lib.pl';
 our (%in, %text, %access, $base_remote_user);
 &foreign_require("webmin");
 &error_setup($text{'twofactor_terr'});
 &ReadParse();
 # Get the user
 my @users = &list_users();
 my $user;
 if ($in{'user'}) {
 	&can_edit_user($in{'user'}) || &error($text{'edit_euser'});
 	($user) = grep { $_->{'name'} eq $in{'user'} } @users;
 	}
 else {
 	($user) = grep { $_->{'name'} eq $base_remote_user } @users;
 	}
 $user || &error($text{'twofactor_euser'});
 $user->{'twofactor_provider'} || &error($text{'twofactor_etestuser'});
 my @provs = &webmin::list_twofactor_providers();
 my ($prov) = grep { $_->[0] eq $user->{'twofactor_provider'} } @provs;
 # Call the validation function
 &ui_print_header(undef, $text{'twofactor_title'}, "");
 print &text('twofactor_testing', $prov->[1]),"<br>\n";
 my $func = "webmin::validate_twofactor_".$user->{'twofactor_provider'};
 my $err = &{\&{$func}}($user->{'twofactor_id'}, $in{'test'},
 		       $user->{'twofactor_apikey'});
 if ($err) {
 	print &text('twofactor_testfailed', $err),"<p>\n";
 	print &ui_form_start("save_twofactor.cgi");
 	print &ui_hidden("user", $in{'user'}) if ($in{'user'});
 	print &ui_form_end([ [ "disable", $text{'twofactor_testdis'} ] ]);
 	}
 else {
 	print $text{'twofactor_testok'},"<p>\n";
 	}
 &ui_print_footer("", $text{'index_return'});
--- a/apache/allmanual_save.cgi
+++ b/apache/allmanual_save.cgi
@@ -12,7 +12,7 @@ $conf = &get_config();
 &indexof($in{'file'}, @files) >= 0 || &error($text{'manual_efile'});
 $temp = &transname();
-&execute_command("cp ".quotemeta($in{'file'})." $temp");
+&execute_command("cp ".quotemeta($in{'file'})." ".quotemeta($temp));
 $in{'data'} =~ s/\r//g;
 &lock_file($in{'file'});
 &open_tempfile(FILE, ">$in{'file'}");
@@ -22,7 +22,7 @@ $in{'data'} =~ s/\r//g;
 if ($config{'test_manual'}) {
 	$err = &test_config();
 	if ($err) {
-		&execute_command("mv $temp '$in{'file'}'");
+		&execute_command("mv ".quotemeta($temp)." ".quotemeta($in{'file'}));
 		&error(&text('manual_etest', "<pre>$err</pre>"));
 		}
 	}
@@ -30,4 +30,3 @@ unlink($temp);
 &format_config_file($in{'file'});
 &webmin_log("manual", undef, undef, { 'file' => $in{'file'} });
 &redirect("index.cgi?mode=global");
--- a/apache/apache-lib.pl
+++ b/apache/apache-lib.pl
@@ -812,9 +812,16 @@ foreach my $d (@$conf) {
 # Convert a relative path to being under the server root
 sub server_root
 {
-if (!$_[0]) { return undef; }
+my ($path) = @_;
-elsif ($_[0] =~ /^\//) { return $_[0]; }
+if (!$path) {
-else { return "$config{'httpd_dir'}/$_[0]"; }
+	return undef;
 	}
 elsif ($path =~ /^\//) {
 	return $path;
 	}
 else {
 	return "$config{'httpd_dir'}/$path";
 	}
 }
 sub dump_config
@@ -1235,6 +1242,9 @@ sub restart_button
 local $args = "redir=".&urlize(&this_url());
 local @rv;
 if (&is_apache_running()) {
 	if ($access{'stop'}) {
 		push(@rv, &ui_link("stop.cgi?$args", $text{'apache_stop'}) );
 		}
 	if ($access{'apply'}) {
 		my $n = &needs_config_restart();
 		if ($n) {
@@ -1245,9 +1255,6 @@ if (&is_apache_running()) {
 			push(@rv, &ui_link("restart.cgi?$args", $text{'apache_apply'}) );
 			}
 		}
 	if ($access{'stop'}) {
 		push(@rv, &ui_link("stop.cgi?$args", $text{'apache_stop'}) );
 		}
 	}
 elsif ($access{'stop'}) {
 	push(@rv, &ui_link("start.cgi?$args", $text{'apache_start'}) );
@@ -1432,7 +1439,7 @@ sub allowed_auth_file
 local $_;
 return 1 if ($access{'dir'} eq '/');
 return 0 if ($_[0] =~ /\.\./);
-local $f = &server_root($_[0], &get_config());
+local $f = &server_root($_[0]);
 return 0 if (-l $f && !&allowed_auth_file(readlink($f)));
 local $l = length($access{'dir'});
 return length($f) >= $l && substr($f, 0, $l) eq $access{'dir'};
@@ -1442,7 +1449,7 @@ return length($f) >= $l && substr($f, 0, $l) eq $access{'dir'};
 # Returns 1 if the directory in some path exists
 sub directory_exists
 {
-local $path = &server_root($_[0], &get_config());
+local $path = &server_root($_[0]);
 if ($path =~ /^(\S*\/)([^\/]+)$/) {
 	return -d $1;
 	}
@@ -1618,7 +1625,7 @@ local $conf = &get_config();
 local $pidfilestr = &find_directive_struct("PidFile", $conf);
 local $pidfile = $pidfilestr ? $pidfilestr->{'words'}->[0]
 		       	     : "logs/httpd.pid";
-return &server_root($pidfile, $conf);
+return &server_root($pidfile);
 }
 # restart_apache()
@@ -1803,8 +1810,8 @@ if (!&is_apache_running()) {
 		return $text{'start_eunknown'};
 		}
 	else {
-		$errorlog = &server_root($errorlog, $conf);
+		$errorlog = &server_root($errorlog);
-		$out = `tail -5 $errorlog`;
+		$out = &backquote_command("tail -5 ".quotemeta($errorlog));
 		return "$text{'start_eafter'} : <pre>$out</pre>";
 		}
 	}
@@ -1820,7 +1827,7 @@ local $conf = &get_config();
 local $errorlogstr = &find_directive_struct("ErrorLog", $conf);
 local $errorlog = $errorlogstr ? $errorlogstr->{'words'}->[0]
 			       : "logs/error_log";
-$errorlog = &server_root($errorlog, $conf);
+$errorlog = &server_root($errorlog);
 return $errorlog;
 }
@@ -2297,4 +2304,3 @@ sub clear_apache_modules_cache
 }
 1;
--- a/apache/backup_config.pl
+++ b/apache/backup_config.pl
@@ -14,23 +14,23 @@ push(@rv, map { $_->{'file'} } @$conf);
 # Add mime types file
 local $mfile = &find_directive("TypesConfig", $conf);
 if (!$mfile) { $mfile = $config{'mime_types'}; }
-if (!$mfile) { $mfile = &server_root("etc/mime.types", $conf); }
+if (!$mfile) { $mfile = &server_root("etc/mime.types"); }
-if (!-r $mfile) { $mfile = &server_root("conf/mime.types", $conf); }
+if (!-r $mfile) { $mfile = &server_root("conf/mime.types"); }
 if ($mfile) {
-	push(@rv, &server_root($mfile, $conf));
+	push(@rv, &server_root($mfile));
 	}
 # Add mime magic file
 local $magic = &find_directive("MimeMagicFile", $conf);
 if ($magic) {
-	push(@rv, &server_root($magic, $conf));
+	push(@rv, &server_root($magic));
 	}
 # Add all auth files
 local $auth;
 foreach $auth (&find_all_directives($conf, "AuthUserFile"),
 	       &find_all_directives($conf, "AuthGroupFile")) {
-	push(@rv, &server_root($auth, $conf));
+	push(@rv, &server_root($auth));
 	}
 return &unique(@rv);
--- a/apache/create_virt.cgi
+++ b/apache/create_virt.cgi
@@ -119,8 +119,10 @@ elsif ($in{'fmode'} == 1) {
 else {
 	# Use a user-specified file
 	$f = $in{'file'};
 	&allowed_auth_file($f) ||
 		&error(&text('cvirt_efile', &html_escape($f), $!));
 	}
-r $f || open(FILE, ">>$f") || &error(&text('cvirt_efile', &html_escape($f), $!));
+-r $f || open(FILE, ">>", $f) || &error(&text('cvirt_efile', &html_escape($f), $!));
 close(FILE);
 &lock_apache_files();
--- a/apache/edit_global.cgi
+++ b/apache/edit_global.cgi
@@ -22,9 +22,9 @@ print &ui_form_end([ [ "", $text{'save'} ] ]);
 if ($in{'type'} == 6) {
 	$mfile = &find_directive("TypesConfig", $conf);
 	if (!$mfile) { $mfile = $config{'mime_types'}; }
-	if (!$mfile) { $mfile = &server_root("etc/mime.types", $conf); }
+	if (!$mfile) { $mfile = &server_root("etc/mime.types"); }
-	if (!-r $mfile) { $mfile = &server_root("conf/mime.types", $conf); }
+	if (!-r $mfile) { $mfile = &server_root("conf/mime.types"); }
-	$mfile = &server_root($mfile, $conf);
+	$mfile = &server_root($mfile);
 	print &ui_hr();
 	print &ui_subheading($text{'global_mime'});
 	print "$text{'global_mimedesc'}<p>\n";
--- a/apache/edit_gmime_type.cgi
+++ b/apache/edit_gmime_type.cgi
@@ -5,9 +5,19 @@
 require './apache-lib.pl';
 &ReadParse();
 $access{'global'}==1 || &error($text{'mime_ecannot'});
 # Validate that the file parameter matches the actual MIME types file
 $conf = &get_config();
 $mfile = &find_directive("TypesConfig", $conf);
 if (!$mfile) { $mfile = $config{'mime_types'}; }
 if (!$mfile) { $mfile = &server_root("etc/mime.types", $conf); }
 if (!-r $mfile) { $mfile = &server_root("conf/mime.types", $conf); }
 $mfile = &server_root($mfile);
 $in{'file'} eq $mfile || &error($text{'mime_ecannot'});
 if (defined($in{'line'})) {
 	&ui_print_header(undef, $text{'mime_edit'}, "");
-	open(MIME, "<$in{'file'}");
+	open(MIME, "<", $in{'file'});
 	for($i=0; $i<=$in{'line'}; $i++) {
 		$line = <MIME>;
 		}
--- a/apache/lang/en
+++ b/apache/lang/en
@@ -161,6 +161,7 @@ manual_efile=Invalid Apache config file
 manual_etest=Configuration file error detected : $1
 manual_editfile=Edit config file:
 manual_switch=Edit
 manual_evirt=Virtual host could not be found after manual changes - maybe the ServerName was changed?
 dir_title=Per-Directory Options
 dir_proxyall=All proxy requests
--- a/apache/list_authgroups.cgi
+++ b/apache/list_authgroups.cgi
@@ -11,7 +11,7 @@ $conf = &get_config();
 	&error(&text('authg_ecannot', $in{'file'}));
 $desc = &text('authg_header', "<tt>$in{'file'}</tt>");
 &ui_print_header($desc, $text{'authg_title'}, "");
-$f = &server_root($in{'file'}, $conf);
+$f = &server_root($in{'file'});
@groups = sort { $a->{'name'} cmp $b->{'name'} } &list_authgroups($in{'file'});
 if (@groups) {
--- a/apache/list_authusers.cgi
+++ b/apache/list_authusers.cgi
@@ -11,7 +11,7 @@ $conf = &get_config();
 	&error(&text('authu_ecannot', $in{'file'}));
 $desc = &text('authu_header', "<tt>$in{'file'}</tt>");
 &ui_print_header($desc, $text{'authu_title'}, "");
-$f = &server_root($in{'file'}, $conf);
+$f = &server_root($in{'file'});
@users = sort { $a cmp $b } &list_authusers($f);
 if (@users) {
--- a/apache/manual_save.cgi
+++ b/apache/manual_save.cgi
@@ -73,6 +73,14 @@ if ($config{'test_manual'}) {
 		&error(&text('manual_etest',
 			     "<pre>".&html_escape($err)."</pre>"));
 		}
 	if (defined($in{'virt'}) && !defined($in{'idx'})) {
 		undef(@get_config_cache);
 		($conf, $v) = &get_virtual_config($in{'virt'});
 		if (!$v) {
 			&copy_source_dest($temp, $file);
 			&error($text{'manual_evirt'});
 			}
 		}
 	}
 unlink($temp);
 &unlock_file($file);
--- a/apache/restart.cgi
+++ b/apache/restart.cgi
@@ -34,11 +34,10 @@ if (!$running) {
 		&error($text{'restart_eunknown'});
 		}
 	else {
-		$errorlog = &server_root($errorlog, $conf);
+		$errorlog = &server_root($errorlog);
-		$out = `tail -5 $errorlog`;
+		$out = &backquote_command("tail -5 ".quotemeta($errorlog));
 		&error("<pre>$out</pre>");
 		}
 	}
 &webmin_log("apply");
 &redirect($in{'redir'});
--- a/apache/save_gmime_type.cgi
+++ b/apache/save_gmime_type.cgi
@@ -6,13 +6,22 @@ require './apache-lib.pl';
 &ReadParse();
 $access{'global'}==1 || &error($text{'mime_ecannot'});
 # Validate that the file parameter matches the actual MIME types file
 $conf = &get_config();
 $mfile = &find_directive("TypesConfig", $conf);
 if (!$mfile) { $mfile = $config{'mime_types'}; }
 if (!$mfile) { $mfile = &server_root("etc/mime.types", $conf); }
 if (!-r $mfile) { $mfile = &server_root("conf/mime.types", $conf); }
 $mfile = &server_root($mfile);
 $in{'file'} eq $mfile || &error($text{'mime_ecannot'});
 &error_setup($text{'mime_err'});
 if ($in{'type'} !~ /^(\S+)\/(\S+)$/) {
 	&error(&text('mime_etype', $in{'type'}));
 	}
 &lock_file($in{'file'});
-open(MIME, "<$in{'file'}");
+open(MIME, "<", $in{'file'});
@mime = <MIME>;
 close(MIME);
 $line = "$in{'type'} ".join(" ", split(/\s+/, $in{'exts'}))."\n";
--- a/backup-config/backup-config-lib.pl
+++ b/backup-config/backup-config-lib.pl
@@ -158,7 +158,7 @@ $rv .= "<table id='show_backup_destination' cellpadding=1 cellspacing=0>";
 # Local file field
 $rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 0, undef, $mode == 0)."</td>\n";
-$rv .= "<td>$text{'backup_mode0'}&nbsp;</td><td colspan='3'>".
+$rv .= "<td>".&ui_tag('strong', $text{'backup_mode0'})."&nbsp;</td><td colspan='3'>".
 	&ui_textbox("$_[0]_file", $mode == 0 ? $path : "", 60, undef, undef,
 	    ($_[2] != 1 && $config{'date_subs'}) ?
 	        'placeholder="/backups/configs-%y-%m-%d-%H-%M-%S.tar.gz"' : undef).
@@ -166,7 +166,7 @@ $rv .= "<td>$text{'backup_mode0'}&nbsp;</td><td colspan='3'>".
 # FTP file fields
 $rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 1, undef, $mode == 1)."</td>\n";
-$rv .= "<td>$text{'backup_mode1'}&nbsp;</td><td>".
+$rv .= "<td>".&ui_tag('strong', $text{'backup_mode1'})."&nbsp;</td><td>".
 	&ui_textbox("$_[0]_server", $mode == 1 ? $server : undef, 20).
 	"</td>\n";
 $rv .= "<td>&nbsp;$text{'backup_path'}&nbsp;</td><td> ".
@@ -186,7 +186,7 @@ $rv .= "<td colspan='4'>$text{'backup_port'} ".
 # SCP file fields
 $rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 2, undef, $mode == 2)."</td>\n";
-$rv .= "<td>$text{'backup_mode2'}&nbsp;</td><td>".
+$rv .= "<td>".&ui_tag('strong', $text{'backup_mode2'})."&nbsp;</td><td>".
 	&ui_textbox("$_[0]_sserver", $mode == 2 ? $server : undef, 20).
 	"</td>\n";
 $rv .= "<td>&nbsp;$text{'backup_path'}&nbsp;</td><td> ".
@@ -208,7 +208,7 @@ if ($_[2] == 1) {
 	# Uploaded file field
 	$rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 3, undef, $mode == 3).
 		"</td>\n";
-	$rv .= "<td colspan=4>$text{'backup_mode3'} ".
+	$rv .= "<td colspan=4>".&ui_tag('strong', $text{'backup_mode3'})." ".
 		&ui_upload("$_[0]_upload", 40).
 		"</td> </tr>\n";
 	}
@@ -216,7 +216,8 @@ elsif ($_[2] == 2) {
 	# Output to browser option
 	$rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 4, undef, $mode == 4).
 		"</td>\n";
-	$rv .= "<td colspan=4>$text{'backup_mode4'}</td> </tr>\n";
+	$rv .= "<td colspan=4>".&ui_tag('strong', $text{'backup_mode4'}).
 		"</td> </tr>\n";
 	}
 $rv .= "</table>\n";
--- a/backup-config/backup.pl
+++ b/backup-config/backup.pl
@@ -5,7 +5,7 @@ use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
-our (%text, %config, $no_acl_check);
+our (%text, %config, $no_acl_check, %gconfig);
 $no_acl_check++;
 require './backup-config-lib.pl';
 &foreign_require("mailboxes", "mailboxes-lib.pl");
@@ -76,11 +76,10 @@ if (($err || $backup->{'emode'} == 0) && $backup->{'email'}) {
 		       $postmsg;
 		$subject = &text('email_sok', $host);
 		}
-	&mailboxes::send_text_mail($config{'from_addr'} ||
+	&mailboxes::send_text_mail(
-				   &mailboxes::get_from_address(),
+		$config{'from_addr'} || &mailboxes::get_from_address(),
-				   $backup->{'email'},
+		$backup->{'email'} eq '*' ? $gconfig{'webmin_email_to'}
-				   undef,
+					  : $backup->{'email'},
-				   $subject,
+		undef, $subject, $msg);
 				   $msg);
 	}
--- a/backup-config/edit.cgi
+++ b/backup-config/edit.cgi
@@ -10,11 +10,14 @@ our (%in, %text, %gconfig);
 &ReadParse();
 my $backup;
 my $wet = $gconfig{'webmin_email_to'};
 if ($in{'new'}) {
 	&ui_print_header(undef, $text{'edit_title1'}, "");
 	$backup = { 'emode' => 0,
-		    'email' => $gconfig{'webmin_email_to'},
+		    'email' => $wet ? '*' : undef,
 		    'sched' => 1,
 		    'configfile' => 1,
 		    'nofiles' => 0,
 		    'mins' => 0,
 		    'hours' => 0,
 		    'days' => '*',
@@ -72,7 +75,10 @@ print &ui_hidden_table_start($text{'edit_header3'}, "width=100%", 2,
 # Show email address
 print &ui_table_row($text{'edit_email'},
-		    &ui_textbox("email", $backup->{'email'}, 40));
+	$wet ? &ui_opt_textbox("email",
 			$backup->{'email'} eq '*' ? undef : $backup->{'email'},
 			40, &text('edit_email_def', "<tt>$wet</tt>"))
 	     : &ui_textbox("email", $backup->{'email'}, 40));
 # Show email mode
 print &ui_table_row($text{'edit_emode'},
--- a/backup-config/lang/en
+++ b/backup-config/lang/en
@@ -27,6 +27,7 @@ edit_header=Scheduled backup options
 edit_header2=Pre and post backup commands
 edit_header3=Backup schedule
 edit_email=Email result to address
 edit_email_def=Webmin default ($1)
 edit_emode=When to send email
 edit_emode0=Always
 edit_emode1=Only when an error occurs
--- a/backup-config/save.cgi
+++ b/backup-config/save.cgi
@@ -36,7 +36,7 @@ else {
 	$backup->{'dest'} = &parse_backup_destination("dest", \%in);
 	&cron::parse_times_input($backup, \%in);
 	$backup->{'emode'} = $in{'emode'};
-	$backup->{'email'} = $in{'email'};
+	$backup->{'email'} = $in{'email_def'} ? '*' : $in{'email'};
 	$backup->{'pre'} = $in{'pre'};
 	$backup->{'post'} = $in{'post'};
 	$backup->{'sched'} = $in{'sched'};
--- a/bin/server
+++ b/bin/server
@@ -22,7 +22,7 @@ sub main
    # If username passed as regular param
    my $cmd = scalar(@ARGV) == 1 && $ARGV[0];
    $cmd = $opt{'command'} if ($opt{'command'});
-    if ($cmd !~ /^(status|start|stop|restart|reload|force-restart|kill)$/) {
+    if ($cmd !~ /^(stats|status|start|stop|restart|reload|force-restart|kill)$/) {
        $cmd = undef;
    }
@@ -92,6 +92,395 @@ sub run
        }
        exit $rs;
    }
    if ($o->{'cmd'} =~ /^(stats)$/) {
        my $rs = 0;
        if (-x $systemctlcmd) {
            my $format_bytes = sub {
                my $bytes = shift;
                return "0" unless defined $bytes && $bytes =~ /^\d+$/;
                my $mb = $bytes / 1048576;
                my $gb = $mb / 1024;
                if ($gb >= 1) {
                    return sprintf("%.2f GB", $gb);
                } elsif ($mb >= 1) {
                    return sprintf("%.2f MB", $mb);
                } else {
                    return sprintf("%.2f KB", $bytes / 1024);
                }
            };
            # Check if service is running first
            my $is_active_cmd = qq{systemctl is-active "$service" 2>/dev/null};
            my $is_active = `$is_active_cmd`;
            $rs = $? >> 8;
            chomp($is_active);
            if ($rs != 0 || $is_active ne 'active') {
                print "Service '$service' is not running (status: $is_active)\n";
                return 2;
            }
            # Get main pid
            my $main_pid_cmd = qq{systemctl show -p MainPID --value "$service"};
            my $main_pid = `$main_pid_cmd`;
            $rs = $? >> 8;
            return $rs if $rs != 0;
            chomp($main_pid);
            if (!$main_pid || $main_pid eq '0') {
                print "Service '$service' has no main PID\n";
                return;
            }
            # Get process list
            my $cmd = qq{
                CG=\$(systemctl show -p ControlGroup --value "$service"); 
                P=\$({ cat /sys/fs/cgroup"\$CG"/cgroup.procs; systemctl show -p MainPID --value "$service"; } | sort -u); 
                COLUMNS=10000 ps --cols 10000 -ww --no-headers -o pid=,ppid=,rss=,pmem=,pcpu=,args= --sort=-rss -p \$P |
                awk 'function h(k){m=k/1024;g=m/1024;return g>=1?sprintf("%.2fG",g):sprintf("%.1fM",m)} BEGIN{printf "%6s %6s %9s %6s %6s  %-s\\n","PID","PPID","RSS_KiB","%MEM","%CPU","CMD (RSS_human)"} {cmd=substr(\$0,index(\$0,\$6)); printf "%6s %6s %9s %6s %6s  %s (%s)\\n",\$1,\$2,\$3,\$4,\$5,cmd,h(\$3)}'
            };
            my $out = `$cmd`;
            $rs = $? >> 8;
            return $rs if $rs != 0;
            # Extract pids from the output
            my @all_pids;
            foreach my $line (split(/\n/, $out)) {
                if ($line =~ /^\s*(\d+)\s+/) {
                    push @all_pids, $1;
                }
            }
            if (!@all_pids) {
                print "No processes found for service '$service'\n";
                return 3;
            }
            # Reorder with main pid first, then rest sorted by size
            my @pids;
            if ($main_pid && $main_pid ne '' && grep { $_ eq $main_pid } @all_pids) {
                push @pids, $main_pid;
                push @pids, grep { $_ ne $main_pid } @all_pids;
            } else {
                @pids = @all_pids;
            }
            # Print the table with main pid marked
            foreach my $line (split(/\n/, $out)) {
                if ($line =~ /^\s*$main_pid\s+/ && $main_pid) {
                    chomp($line);
                    print "$line [MAIN]\n";
                } else {
                    print "$line\n";
                }
            }
            # Check if lsof is available
            my $has_lsof = has_command('lsof');
            # Get detailed info for each pid
            foreach my $pid (@pids) {
                my $is_main = ($pid eq $main_pid) ? " [MAIN PROCESS]" : "";
                # Check if process still exists
                unless (-d "/proc/$pid") {
                    print "\n\nProcess $pid no longer exists, skipping...\n";
                    next;
                }
                print "\n";
                print "╔" . "═"x78 . "╗\n";
                print "║" . sprintf("%-78s", " DETAILED ANALYSIS FOR PID $pid$is_main") . "║\n";
                print "╚" . "═"x78 . "╝\n";
                # Working directory and binary
                print "\n┌─ WORKING DIRECTORY & BINARY " . "─"x49 . "\n";
                my $cwd = `readlink /proc/$pid/cwd 2>/dev/null`;
                chomp($cwd);
                print "CWD:  $cwd\n" if $cwd;
                my $exe = `readlink /proc/$pid/exe 2>/dev/null`;
                chomp($exe);
                print "EXE:  $exe\n" if $exe;
                my $root = `readlink /proc/$pid/root 2>/dev/null`;
                chomp($root);
                print "ROOT: $root\n" if $root && $root ne '/';
                # Environment variables
                print "\n┌─ ENVIRONMENT VARIABLES " . "─"x54 . "\n";
                my $env = `cat /proc/$pid/environ 2>/dev/null | tr '\\0' '\\n' | grep -E '^(PATH|HOME|USER|LANG|TZ|LD_|PYTHON|JAVA|NODE|PORT|HOST|DB_|API_)' | sort`;
                if ($env) {
                    print $env;
                } else {
                    print "Unable to read environment\n";
                }
                # Basic process info
                print "\n┌─ PROCESS INFO " . "─"x63 . "\n";
                my $ps_info = `ps -p $pid -o user=,pid=,ppid=,pri=,ni=,vsz=,rss=,stat=,start=,time=,cmd= 2>/dev/null`;
                if ($ps_info) {
                    print "USER       PID  PPID PRI  NI    VSZ   RSS STAT  START   TIME CMD\n";
                    print $ps_info;
                } else {
                    print "Process no longer exists\n";
                    next;
                }
                # Process tree
                print "\n┌─ PROCESS TREE " . "─"x63 . "\n";
                my $pstree = `pstree -p -a $pid 2>/dev/null`;
                if ($pstree) {
                    print $pstree;
                } else {
                    print "pstree not available\n";
                }
                # Memory and status
                print "\n┌─ MEMORY & STATUS " . "─"x60 . "\n";
                my $status = `grep -E 'VmPeak|VmSize|VmRSS|VmSwap|RssAnon|RssFile|Threads|voluntary_ctxt|nonvoluntary_ctxt' /proc/$pid/status 2>/dev/null`;
                print $status || "N/A\n";
                # Open file descriptors
                print "\n┌─ FILE DESCRIPTORS " . "─"x59 . "\n";
                my $fd_count = `ls -1 /proc/$pid/fd 2>/dev/null | wc -l`;
                chomp($fd_count);
                print "Total Open FDs: $fd_count\n";
                if ($has_lsof) {
                    print "\nFile Descriptor Types:\n";
                    my $fd_types = `lsof +c 0 -p $pid 2>/dev/null | awk 'NR>1 {print \$5}' | sort | uniq -c | sort -rn`;
                    print $fd_types || "Unable to get FD types\n";
                    print "\nDetailed File Descriptors:\n";
                    my $all_fds = `lsof +c 0 -p $pid 2>/dev/null`;
                    $all_fds =~ s/^/     /mg;
                    print $all_fds || "No files open\n";
                } else {
                    print "\n(Install lsof for detailed file descriptor analysis)\n";
                    print "\nOpen FD Sample:\n";
                    my $fd_sample = `ls -la /proc/$pid/fd 2>/dev/null | head -15`;
                    print $fd_sample;
                }
                # Network Connections
                print "\n┌─ NETWORK CONNECTIONS " . "─"x56 . "\n";
                # tcp connections with details
                my $tcp_detailed = `ss -tnp -o 2>/dev/null | grep 'pid=$pid'`;
                my $tcp_count = `echo "$tcp_detailed" | grep -c 'pid=$pid'` || 0;
                chomp($tcp_count);
                print "Active TCP Connections: $tcp_count\n";
                if ($tcp_count > 0) {
                    print "\nTCP Connections (with timers and queues):\n";
                    print $tcp_detailed;
                    print "\nConnection State Summary:\n";
                    my $state_summary = `ss -tnp 2>/dev/null | grep 'pid=$pid' | awk '{print \$1}' | sort | uniq -c | sort -rn`;
                    print $state_summary;
                    print "\nLocal Ports in Use:\n";
                    my $local_ports = `ss -tnp 2>/dev/null | grep 'pid=$pid' | awk '{split(\$4,a,":"); print a[length(a)]}' | sort -n | uniq -c`;
                    print $local_ports || "None\n";
                    print "\nRemote Endpoints:\n";
                    my $remote_ips = `ss -tnp 2>/dev/null | grep 'pid=$pid' | awk '{print \$5}' | cut -d: -f1 | sort | uniq -c | sort -rn`;
                    print $remote_ips || "None\n";
                }
                # tcp listening
                my $tcp_listen = `ss -tlnp 2>/dev/null | grep 'pid=$pid'`;
                if ($tcp_listen) {
                    print "\nTCP Listening Sockets:\n";
                    print $tcp_listen;
                }
                # udp connections
                my $udp_count = `ss -unp 2>/dev/null | grep -c 'pid=$pid'`;
                chomp($udp_count);
                if ($udp_count > 0) {
                    print "\nUDP Connections: $udp_count\n";
                    my $udp_conns = `ss -unp 2>/dev/null | grep 'pid=$pid'`;
                    print $udp_conns;
                }
                # udp listening
                my $udp_listen = `ss -ulnp 2>/dev/null | grep 'pid=$pid'`;
                if ($udp_listen) {
                    print "\nUDP Listening Sockets:\n";
                    print $udp_listen;
                }
                # unix sockets
                my $unix_sockets = `ss -xp 2>/dev/null | grep 'pid=$pid' | wc -l`;
                chomp($unix_sockets);
                if ($unix_sockets > 0) {
                    print "\nUnix Domain Sockets: $unix_sockets\n";
                }
                # I/O Statistics
                print "\n┌─ I/O STATISTICS " . "─"x61 . "\n";
                my $io = `cat /proc/$pid/io 2>/dev/null`;
                if ($io) {
                    print $io;
                    # Parse and show human-readable
                    my ($read_bytes, $write_bytes);
                    if ($io =~ /read_bytes:\s*(\d+)/) {
                        $read_bytes = $1;
                    }
                    if ($io =~ /write_bytes:\s*(\d+)/) {
                        $write_bytes = $1;
                    }
                    if (defined $read_bytes && defined $write_bytes) {
                        print "\nRead: " . $format_bytes->($read_bytes) . 
                              ", Write: " . $format_bytes->($write_bytes) . "\n";
                    }
                } else {
                    print "N/A\n";
                }
                # Resource Limits
                print "\n┌─ RESOURCE LIMITS " . "─"x60 . "\n";
                my $limits = `grep -E 'Max open files|Max processes|Max locked memory|Max address space|Max cpu time' /proc/$pid/limits 2>/dev/null`;
                print $limits || "N/A\n";
                # Cgroup limits
                my $cg_path = `cat /proc/$pid/cgroup 2>/dev/null | grep '^0::' | cut -d: -f3`;
                chomp($cg_path);
                my $cgroup_output = "";
                if ($cg_path) {
                    my $mem_limit = `cat /sys/fs/cgroup$cg_path/memory.max 2>/dev/null`;
                    my $mem_current = `cat /sys/fs/cgroup$cg_path/memory.current 2>/dev/null`;
                    my $cpu_max = `cat /sys/fs/cgroup$cg_path/cpu.max 2>/dev/null`;
                    chomp($mem_limit, $mem_current, $cpu_max);
                    if ($mem_limit && $mem_limit ne 'max') {
                        $cgroup_output .= "Memory Limit:   " . $format_bytes->(int($mem_limit)) . "\n";
                        $cgroup_output .= "Memory Current: " . $format_bytes->(int($mem_current)) . "\n" if $mem_current;
                        if ($mem_current) {
                            my $pct = sprintf("%.1f", ($mem_current / $mem_limit) * 100);
                            $cgroup_output .= "Memory Usage:   $pct%\n";
                        }
                    }
                    if ($cpu_max && $cpu_max ne 'max') {
                        $cgroup_output .= "CPU Quota:      $cpu_max\n";
                    }
                }
                if ($cgroup_output) {
                    print "\n┌─ CGROUP LIMITS " . "─"x62 . "\n";
                    print $cgroup_output;
                }
                # CPU & Scheduling
                print "\n┌─ CPU & SCHEDULING " . "─"x59 . "\n";
                my $sched = `grep -E 'se.sum_exec_runtime|nr_switches|nr_voluntary_switches|nr_involuntary_switches' /proc/$pid/sched 2>/dev/null | head -4`;
                if ($sched) {
                    print $sched;
                }
                my $cpuset = `cat /proc/$pid/cpuset 2>/dev/null`;
                chomp($cpuset);
                print "CPUset: $cpuset\n" if $cpuset;
                # Signal handlers
                print "\n┌─ SIGNAL HANDLERS " . "─"x60 . "\n";
                my $signals = `cat /proc/$pid/status 2>/dev/null | grep -E '^Sig(Cgt|Ign|Blk):'`;
                if ($signals) {
                    print $signals;
                    # Decode signal masks
                    my %signal_names = (
                        1 => 'SIGHUP',      2 => 'SIGINT',      3 => 'SIGQUIT',
                        4 => 'SIGILL',      5 => 'SIGTRAP',     6 => 'SIGABRT',
                        7 => 'SIGBUS',      8 => 'SIGFPE',      9 => 'SIGKILL',
                        10 => 'SIGUSR1',    11 => 'SIGSEGV',    12 => 'SIGUSR2',
                        13 => 'SIGPIPE',    14 => 'SIGALRM',    15 => 'SIGTERM',
                        16 => 'SIGSTKFLT',  17 => 'SIGCHLD',    18 => 'SIGCONT',
                        19 => 'SIGSTOP',    20 => 'SIGTSTP',    21 => 'SIGTTIN',
                        22 => 'SIGTTOU',    23 => 'SIGURG',     24 => 'SIGXCPU',
                        25 => 'SIGXFSZ',    26 => 'SIGVTALRM',  27 => 'SIGPROF',
                        28 => 'SIGWINCH',   29 => 'SIGIO',      30 => 'SIGPWR',
                        31 => 'SIGSYS'
                    );
                    my $decode_sigmask = sub {
                        my ($hex_mask, $names_ref) = @_;
                        return "none" if $hex_mask eq '0000000000000000';
                        # Convert hex to decimal
                        my $mask = hex($hex_mask);
                        my @signals;
                        # Check each bit
                        for (my $i = 1; $i <= 31; $i++) {
                            if ($mask & (1 << ($i - 1))) {
                                push @signals, "$names_ref->{$i}($i)";
                            }
                        }
                        return @signals ? join(", ", @signals) : "none";
                    };
                    print "\nDecoded:\n";
                    if ($signals =~ /SigBlk:\s*([0-9a-f]+)/i) {
                        print "  Blocked: " .
                            $decode_sigmask->($1, \%signal_names) . "\n";
                    }
                    if ($signals =~ /SigIgn:\s*([0-9a-f]+)/i) {
                        print "  Ignored: " .
                            $decode_sigmask->($1, \%signal_names) . "\n";
                    }
                    if ($signals =~ /SigCgt:\s*([0-9a-f]+)/i) {
                        print "  Caught:  " .
                            $decode_sigmask->($1, \%signal_names) . "\n";
                    }
                } else {
                    print "N/A\n";
                }
                # Memory maps sum
                print "\n┌─ MEMORY MAPS (top 20 by size) " . "─"x47 . "\n";
                my $maps = `awk '
                    /^[0-9a-f]+-[0-9a-f]+/ {hdr=\$0}
                    /^Size:/ {size=\$2}
                    /^Rss:/  {rss=\$2}
                    /^VmFlags:/ { if (rss>0) {print rss"\\t"size"\\t"hdr} rss=0; size=0 }
                ' /proc/$pid/smaps 2>/dev/null | sort -rn | head -20`;
                if ($maps) {
                    print "RSS(MB)\tSize(MB)\tMapping\n";
                    foreach my $map_line (split(/\n/, $maps)) {
                        if ($map_line =~ /^(\d+)\s+(\d+)\s+(.+)$/) {
                            my $rss_mb = sprintf("%.2f", $1 / 1024);
                            my $size_mb = sprintf("%.2f", $2 / 1024);
                            print "$rss_mb\t$size_mb\t\t$3\n";
                        }
                    }
                } else {
                    print "Unable to read memory maps\n";
                }
                # Recent logs
                print "\n┌─ RECENT LOGS (last 20 lines) " . "─"x48 . "\n";
                my $logs = `journalctl _PID=$pid -b -n 20 --no-pager -o short-precise 2>/dev/null`;
                if ($logs && $logs !~ /^-- No entries --/) {
                    print $logs;
                } else {
                    print "No recent logs found for this PID in current boot\n";
                }
                print "\n" . "─"x79 . "\n";
            }
        } else {
            print "Stats command is only available on systemd based systems.\n";
            $rs = 1;
        }
        exit $rs;
    }
    exit 0;
 }
--- a/bin/webmin
+++ b/bin/webmin
@@ -1,115 +1,123 @@
 #!/usr/bin/env perl
 # Webmin CLI - Allows performing a variety of common Webmin-related
 # functions on the command line.
 use strict;
 use warnings;
 BEGIN { $Pod::Usage::Formatter = 'Pod::Text::Color'; }
-use 5.010; # Version in CentOS 6
+use 5.010;
-use Getopt::Long qw(:config permute pass_through);
+use Getopt::Long qw(:config no_ignore_case permute pass_through);
 use Term::ANSIColor qw(:constants);
 use Pod::Usage;
 # Check if root
 if ($> != 0) {
 	die BRIGHT_RED,
 		"Error: ", RESET, BRIGHT_YELLOW,"webmin", RESET, 
 		" command must be run as root\n";
 	exit 1;
 	}
 my $a0 = $ARGV[0];
-sub main {
+sub main
-    my ( %opt, $subcmd );
+{
-    GetOptions(
+my ( %opt, $subcmd );
 GetOptions(
 	'help|h' => \$opt{'help'},
 	'config|c=s' => \$opt{'config'},
 	'list-commands|l' => \$opt{'list'},
 	'describe|d' => \$opt{'describe'},
 	'man|m' => \$opt{'man'},
 	'version|v' => \$opt{'version'},
-        'versions' => \$opt{'versions'},
+	'versions|V' => \$opt{'versions'},
 	'<>' => sub {
 		# Handle unrecognized options, inc. subcommands.
 		my($arg) = @_;
 		if ($arg =~ m{^-}) {
 			say "Usage error: Unknown option $arg.";
 			pod2usage(0);
-            } else {
+			}
 		else {
 			# It must be a subcommand.
 			$subcmd = $arg;
 			die "!FINISH";
 			}
 	}
-    );
+);
-    # Set defaults
+# Set defaults
-    $opt{'config'} ||= "/etc/webmin";
+$opt{'config'} ||= "/etc/webmin";
-    $opt{'commands'} = $a0;
+$opt{'commands'} = $a0;
-    # Load libs
+# Load libs
-    loadlibs(\%opt);
+loadlibs(\%opt);
-    my @remain = @ARGV;
+my @remain = @ARGV;
-    # List commands?
+# List commands?
-    if ($opt{'list'}) {
+if ($opt{'list'}) {
 	list_commands(\%opt);
 	exit 0;
-    } elsif ($opt{'version'} || $opt{'versions'}) {
+	}
 elsif ($opt{'version'} || $opt{'versions'}) {
 	# Load libs
        my $ver_checked = sub {
            my ($ver_remote, $ver_curr) = @_;
            if ($ver_remote && $ver_curr &&
                compare_version_numbers($ver_remote, $ver_curr) > 0 ) {
                return (BRIGHT_RED, $ver_curr, RESET, DARK, " (" . RESET, BRIGHT_GREEN, $ver_remote, RESET, DARK . " is available)", RESET);
            } else {
                return GREEN, $ver_curr, RESET;
            }
        };
 	my $print_mod_vers = sub {
-            my ($module_type, $modules_list, $prod_root, $prod_ver, $versions_remote_local) = @_;
+		my ($module_type, $modules_list, $prod_root, $prod_ver) = @_;
-            my @minfo;
+		return if (!ref($modules_list));
-            if (ref($modules_list)) {
+		# Gather module info
 		my @mods;
 		foreach my $mod (@{$modules_list}) {
 			my %mi;
 			read_file($mod, \%mi);
 			my $ver = $mi{'version'};
 			my ($dir) = $mod =~ m/$prod_root\/(.*?)\//;
 			next if (!$ver || !$mi{'desc'} || !$dir);
 			next if ($prod_ver =~ /^\Q$ver\E/);
 			push(@mods, { desc => $mi{'desc'}, ver => $ver,
 				      dir => $dir });
 			}
 		# Print sorted by description
 		my $head;
-                my @modules_list = sort(@{$modules_list});
+		foreach my $m (sort { $a->{'desc'} cmp $b->{'desc'} } @mods) {
-                foreach my $mod (@modules_list) {
+			my $mod_ver = $m->{'ver'};
-                    my %mod_info;
+			if (-r "$prod_root/$m->{'dir'}/module.info") {
-                    read_file($mod, \%mod_info);
+				eval { no warnings 'once';
-                    my $mod_ver = $mod_info{'version_actual'} || $mod_info{'version'};
+					local $main::error_must_die = 1;
-                    my $mod_desc = $mod_info{'desc'};
+					&foreign_require($m->{'dir'}) };
-                    if ($mod_ver && $prod_ver && $mod_desc && $prod_ver !~ /^$mod_ver/) {
+				# Get module edition if available
 				my $ed;
 				$ed = eval { &foreign_call(
 						$m->{'dir'},
 						"get_module_edition")
 				      } if (&foreign_defined($m->{'dir'},
 						"get_module_edition"));
 				$mod_ver .= " $ed" if ($ed);
 				}
 			say CYAN, "  $module_type: ", RESET if (!$head++);
-                        my ($mod_dir) = $mod =~ m/$prod_root\/(.*?)\//;
+			say "    $m->{'desc'}: ", GREEN, $mod_ver, RESET,
-                        push(@minfo, {'desc' => $mod_desc, 'ver' => $mod_ver, 'dir' => $mod_dir});
+						  DARK " [$m->{'dir'}]", RESET;
                    }
                }
                @minfo =  sort { $a->{'desc'} cmp $b->{'desc'} } @minfo;
                foreach my $mod (@minfo) {
                    say "    $mod->{'desc'}: " , &$ver_checked($versions_remote_local->{$mod->{'dir'}}, $mod->{'ver'}), DARK " [$mod->{'dir'}]", RESET;
                }
 		}
 	};
 	my $root = root($opt{'config'});
 	if ($root && -d $root) {
 		$ENV{'WEBMIN_CONFIG'} = $opt{'config'};
 		no warnings 'once';
 		@main::root_directories = ($root);
 		$main::root_directory = $root;
 		*unique = sub { my %seen; grep { !$seen{$_}++ } @_ }
 			if (!defined(&unique));
 		use warnings;
 		require("$root/web-lib-funcs.pl");
            # Try to get remote versions first
            my %versions_remote;
            if ($opt{'versions'}) {
                my ($latest_known_versions_remote, $latest_known_versions_remote_error);
                http_download("virtualmin.com", 443, '/software-latest',
                              \$latest_known_versions_remote, \$latest_known_versions_remote_error,
                              undef, 1, undef, undef, 5);
                if ($latest_known_versions_remote &&
                    !$latest_known_versions_remote_error) {
                        %versions_remote = map {
                            my ($k, $v) = split(/=/, $_, 2);
                            defined($v) ? ($k => $v) : ();
                        } split(/\n/, $latest_known_versions_remote);
                } elsif ($latest_known_versions_remote_error) {
                    say BRIGHT_YELLOW, "Warning: ", RESET, "Cannot fetch remote packages versions list - $latest_known_versions_remote_error";
                }
            }
 		# Get Webmin version installed
 		my $ver1 = "$root/version";
 		my $ver2 = "$opt{'config'}/version";
-            my $ver = read_file_contents($ver1) || read_file_contents($ver2);
+		my $ver = read_file_contents($ver1) ||
 				read_file_contents($ver2);
 		my $verrel_file = "$root/release";
-            my $verrel = -r $verrel_file ? read_file_contents($verrel_file) : "";
+		my $verrel = -r $verrel_file
 			? read_file_contents($verrel_file) : "";
 		if ($verrel) {
 			$verrel = ":@{[trim($verrel)]}";
 			}
@@ -118,11 +126,16 @@ sub main {
 			if ($opt{'version'}) {
 				say "$ver$verrel";
 				exit 0;
                } else {
                    say CYAN, "Webmin: ", RESET, &$ver_checked($versions_remote{'webmin'}, "$ver$verrel"), DARK " [$root]", RESET;
 				}
-            } else {
+			else {
-                say RED, "Error: ", RESET, "Cannot determine Webmin version";
+				say CYAN, "Webmin: ", RESET, GREEN,
 					"$ver$verrel", RESET,
 					DARK " [$root]", RESET;
 				}
 			}
 		else {
 			say RED, "Error: ", RESET,
 					"Cannot determine Webmin version";
 			exit 1;
 			}
@@ -130,18 +143,18 @@ sub main {
 		my ($dir, @themes, @mods);
 		if (opendir($dir, $root)) {
 			while (my $file = readdir($dir)) {
-                    my $theme_info_file = "$root/$file/theme.info";
+				my $theme_info_file =
 					"$root/$file/theme.info";
 				push(@themes, $theme_info_file)
 					if (-r $theme_info_file);
 				my $mod_info_file = "$root/$file/module.info";
 				push(@mods, $mod_info_file)
 					if (-r $mod_info_file);
 				}
 			}
 		closedir($dir);
-            &$print_mod_vers('Themes', \@themes, $root, $ver, \%versions_remote);
+		&$print_mod_vers('Themes', \@themes, $root, $ver);
-            &$print_mod_vers('Modules', \@mods, $root, $ver, \%versions_remote);
+		&$print_mod_vers('Modules', \@mods, $root, $ver);
 		# Check for Usermin
 		my $wmumconfig = "$opt{'config'}/usermin/config";
@@ -153,22 +166,23 @@ sub main {
 			$wmumconfig = $wmumconfig{'usermin_dir'};
 			if ($wmumconfig) {
 				my %uminiserv;
-                    read_file("$wmumconfig/miniserv.conf", \%uminiserv);
+				read_file("$wmumconfig/miniserv.conf",
 						\%uminiserv);
 				my $uroot = $uminiserv{'root'};
 				# Get Usermin version installed
 				if ($uroot && -d $uroot) {
 					my $uver1 = "$uroot/version";
 					my $uver2 = "$wmumconfig/version";
-                        my $uver = read_file_contents($uver1) || read_file_contents($uver2);
+					my $uver = read_file_contents($uver1) ||
 						read_file_contents($uver2);
 					my $uverrel_file = "$uroot/release";
-                        my $uverrel      = -r $uverrel_file ? read_file_contents($uverrel_file) : "";
+					my $uverrel      = -r $uverrel_file
-                        if ($uverrel) {
+						? read_file_contents($uverrel_file) : "";
-                            $uverrel = ":@{[trim($uverrel)]}";
+					$uverrel = ":@{[trim($uverrel)]}" if ($uverrel);
                        }
 					$uver = trim($uver) . $uverrel;
 					if ($uver) {
-                            say CYAN, "Usermin: ", RESET, &$ver_checked($versions_remote{'usermin'}, $uver), DARK " [$uroot]", RESET;
+						say CYAN, "Usermin: ", RESET, GREEN, $uver, RESET, DARK " [$uroot]", RESET;
 						my ($udir, @uthemes, @umods);
 						if (opendir($udir, "$uroot")) {
 							while (my $file = readdir($udir)) {
@@ -183,86 +197,90 @@ sub main {
 								}
 							}
 						closedir($udir);
-                            &$print_mod_vers('Themes', \@uthemes, $uroot, $uver, \%versions_remote);
+						&$print_mod_vers('Themes', \@uthemes, $uroot, $uver);
-                            &$print_mod_vers('Modules', \@umods, $uroot, $uver, \%versions_remote);
+						&$print_mod_vers('Modules', \@umods, $uroot, $uver);
 						}
 					}
 				}
 			}
 		}
 	exit 0;
-    } elsif ($opt{'man'} || $opt{'help'} || !defined($remain[0])) {
+	}
 elsif ($opt{'man'} || $opt{'help'} || !defined($remain[0])) {
 	# Show the full manual page
 	man_command(\%opt, $subcmd);
 	exit 0;
-    } elsif ($subcmd) {
+	}
 elsif ($subcmd) {
 	run_command( \%opt, $subcmd, \@remain );
 	}
-    exit 0;
+exit 0;
 }
 exit main( \@ARGV ) if !caller(0);
 # run_command - Run a subcommand 
 # $optref is a reference to an options object passed down from global options
 # like --help or a --config path.
-sub run_command {
+sub run_command
-    my ( $optref, $subcmd, $remainref ) = @_;
+{
 my ( $optref, $subcmd, $remainref ) = @_;
-    # Load libs
+# Load libs
-    loadlibs($optref);
+loadlibs($optref);
-    # Figure out the Webmin root directory
+# Figure out the Webmin root directory
-    my $root = root($optref->{'config'});
+my $root = root($optref->{'config'});
-    my (@commands) = list_commands($optref);
+my (@commands) = list_commands($optref);
-    if (! grep( /^$subcmd$/, @commands ) ) {
+if (! grep( /^$subcmd$/, @commands ) ) {
 	say RED, "Error: ", RESET, "Command \`$subcmd\` doesn't exist", RESET;
 	exit 1;
 	}
-    my $command_path = get_command_path($root, $subcmd, $optref);
+my $command_path = get_command_path($root, $subcmd, $optref);
-    # Merge the options
+# Merge the options
-    # Only handling config, right now...
+my @allopts = ("--config", "$optref->{'config'}", @$remainref);
-    # XXX Should we do this with libraries instead of commands?
+# Run 
-    # Maybe detect .pm for that possibility.
+system($command_path, @allopts);
-    my @allopts = ("--config", "$optref->{'config'}", @$remainref);
+# Try to exit with the passed through exit code (rarely used, but why not?)
-    # Run that binch 
+if ($? == -1) {
    system($command_path, @allopts);
    # Try to exit with the passed through exit code (rarely used, but 
    # why not?)
    if ($? == -1) {
 	say RED, "Error: ", RESET, "Failed to execute \`$command_path\`: $!";
 	exit 1;
-    } else {
+	}
 else {
 	exit $? >> 8;
 	}
 }
-sub get_command_path {
+sub get_command_path
-    my ($root, $subcmd, $optref) = @_;
+{
 my ($root, $subcmd, $optref) = @_;
-    # Load libs
+# Load libs
-    loadlibs($optref);
+loadlibs($optref);
-    # Check for a root-level command (in "$root/bin")
+# Check for a root-level command (in "$root/bin")
-    my $command_path;
+my $command_path;
-    if ($subcmd) {
+if ($subcmd) {
 	$command_path = File::Spec->catfile($root, 'bin', $subcmd);
-    } else {
+	}
 else {
 	$command_path = File::Spec->catfile($root, 'bin', 'webmin');
 	}
-    my $module_name;
+
-    my $command;
+my $module_name;
-    if ( -x $command_path) {
+my $command;
 if ( -x $command_path) {
 	$command = $command_path;
-    } else {
+	}
 else {
 	# Try to extract a module name from the command
 	# Get list of directories
 	opendir (my $DIR, $root);
 	my @module_dirs = grep { -d "$root/$_" } readdir($DIR);
 	closedir($DIR);
 	# See if any of them are a substring of $subcmd
 	for my $dir (@module_dirs) {
 		if (index($subcmd, $dir) == 0) {
@@ -272,31 +290,35 @@ sub get_command_path {
 			# Could be .pl or no extension
 			if ( -x $command ) {
 				last;
-                } elsif ( -x $command . ".pl" ) {
+				}
 			elsif ( -x $command . ".pl" ) {
 				$command = $command . ".pl";
 				last;
 				}
 			}
 		}
 	}
-    if ($optref->{'commands'} && 
+if ($optref->{'commands'} && 
-        $optref->{'commands'} =~ /^(status|start|stop|restart|reload|force-restart|force-reload|kill)$/) {
+    $optref->{'commands'} =~ /^(stats|status|start|stop|restart|reload|force-restart|force-reload|kill)$/) {
 	exit system("$0 server $optref->{'commands'}");
-    } elsif ($command) {
+	}
 elsif ($command) {
 	return $command;
-    } else {
+	}
 else {
 	die RED, "Unrecognized subcommand: $subcmd", RESET , "\n";
 	}
 }
-sub list_commands {
+sub list_commands
-    my ($optref) = @_;
+{
 my ($optref) = @_;
-    my $root = root($optref->{'config'});
+my $root = root($optref->{'config'});
-    my @commands;
+my @commands;
-    # Find and list global commands
+# Find and list global commands
-    for my $command (glob ("$root/bin/*")) {
+for my $command (glob ("$root/bin/*")) {
 	my ($bin, $path) = fileparse($command);
 	if ($bin =~ "webmin") {
 		next;
@@ -308,19 +330,21 @@ sub list_commands {
 				-sections => [ qw(DESCRIPTION) ],
 				-input => $command,
 				-exitval => "NOEXIT");
-        } else {
+		}
 	else {
 		if (wantarray) {
 			push(@commands, $bin);
-            } else {
+			}
 		else {
 			# Just list the names
 			say "$bin";
 			}
 		}
 	}
-    my @modules;
+my @modules;
-    # Find all module directories with something in bin
+# Find all module directories with something in bin
-    for my $command (glob ("$root/*/bin/*")) {
+for my $command (glob ("$root/*/bin/*")) {
 	my ($bin, $path) = fileparse($command);
 	my $module = (split /\//, $path)[-2];
 	if ($optref->{'describe'}) {
@@ -330,72 +354,82 @@ sub list_commands {
 					-sections => [ qw(DESCRIPTION) ],
 					-input => $command,
 					-exitval => "NOEXIT");
-        } else {
+		}
 	else {
 		if (wantarray) {
 			push(@modules, "$module-$bin");
-            } else {
+			}
 		else {
 			# Just list the names
 			say "$module-$bin";
 			}
 		}
 	}
-    if (wantarray) {
+if (wantarray) {
 	return (@commands, @modules);
 	}
 }
 # Display either a short usage message (--help) or a full manual (--man)
-sub man_command {
+sub man_command
-    my ($optref, $subcmd) = @_;
+{
 my ($optref, $subcmd) = @_;
-    my $root = root($optref->{'config'});
+my $root = root($optref->{'config'});
-    my $command_path = get_command_path($root, $subcmd, $optref);
+my $command_path = get_command_path($root, $subcmd, $optref);
-    $ENV{'PAGER'} ||= "more";
+$ENV{'PAGER'} ||= "more";
-    open(my $PAGER, "|-", "$ENV{'PAGER'}");
+open(my $PAGER, "|-", "$ENV{'PAGER'}");
-    if ($optref->{'help'}) {
+if ($optref->{'help'}) {
 	pod2usage( -input => $command_path );
-    } else {
+	}
 else {
 	pod2usage( -verbose => 99,
 		   -input => $command_path,
 		   -output => $PAGER);
 	}
 close($PAGER);
 }
-sub root {
+sub root
-    my ($config) = @_;
+{
-    open(my $CONF, "<", "$config/miniserv.conf") || die RED,
+my ($config) = @_;
-        "Failed to open $config/miniserv.conf", RESET , "\n";
+open(my $CONF, "<", "$config/miniserv.conf") ||
-    my $root;
+	die RED, "Failed to open $config/miniserv.conf", RESET , "\n";
-    while (<$CONF>) {
+my $root;
 while (<$CONF>) {
 	if (/^root=(.*)/) {
 		$root = $1;
 		}
 	}
-    close($CONF);
+close($CONF);
-    # Does the Webmin root exist?
+
-    if ( $root ) {
+# Does the Webmin root exist?
 if ( $root ) {
 	die "$root is not a directory. Is --config correct?\n" unless (-d $root);
-    } else {
+	}
-        die "Unable to determine Webmin installation directory from $ENV{'WEBMIN_CONFIG'}\n";
+else {
 	die "Unable to determine Webmin installation directory ".
 	    "from $ENV{'WEBMIN_CONFIG'}\n";
 	}
-    return $root;
+return $root;
 }
 # loadlibs - Load libraries from the Webmin vendor dir
 # as those may not be installed as dependency, because
 # Webmin already provides them from package manager
 # perspective.
-sub loadlibs {
+sub loadlibs
-    my ($optref) = @_;
+{
-    $optref->{'config'} ||= "/etc/webmin";
+my ($optref) = @_;
-    my $root = root($optref->{'config'});
+$optref->{'config'} ||= "/etc/webmin";
-    my $libroot = "$root/vendor_perl";
+my $root = root($optref->{'config'});
-    eval "use lib '$libroot'";
+my $libroot = "$root/vendor_perl";
-    eval "use File::Basename";
+eval "use lib '$libroot'";
-    eval "use File::Spec";
+eval "use File::Basename";
 eval "use File::Spec";
 }
 1;
@@ -455,7 +489,7 @@ Returns Webmin and other modules and themes versions installed (only those for w
 =head1 LICENSE AND COPYRIGHT
- Copyright 2018 Jamie Cameron <jcameron@webmin.com>
+ Copyright 2018 Jamie Cameron <jamie@webmin.com>
 		Joe Cooper <joe@virtualmin.com>
 		Ilia Ross <ilia@virtualmin.com>
--- a/bind8/bind8-lib.pl
+++ b/bind8/bind8-lib.pl
@@ -70,12 +70,18 @@ sub get_rand_flag
 if ($gconfig{'os_type'} =~ /-linux$/ &&
    $config{'force_random'} eq '0' &&
    -r "/dev/urandom" &&
-    &compare_version_numbers($bind_version, 9) >= 0 &&
+    &compare_version_numbers($bind_version, 9) >= 0) {
-    &compare_version_numbers($bind_version, '9.14.2') < 0) {
+	if (&compare_version_numbers($bind_version, '9.14.2') < 0) {
 	# Version: 9.14.2 deprecated the use of -r option
 	# in favor of using /dev/random [bugs:#5370]
 		return "-r /dev/urandom";
 		}
 	else {
 		# Version: 9.14.2 deprecated the use of -r option
 		# in favor of using /dev/random [bugs:#5370]. So no
 		# entropy generation is needed.
 		return undef;
 		}
 	}
 # No random flag, and entropy is needed
 return "";
 }
@@ -1118,7 +1124,7 @@ else {
 	@v = ( );
 	}
 if ($type eq "A" || $type eq "AAAA") {
-	print &ui_table_row($text{'value_A1'},
+	print &ui_table_row($text{"value_${type}1"},
 	    &ui_textbox("value0", $v[0], 20)." ".
 	    (!defined($_[5]) && $type eq "A" ?
 	     &free_address_button("value0") : ""), 3);
@@ -3121,11 +3127,11 @@ $slave_error = $_[0];
 sub get_forward_record_types
 {
-return ("A", "NS", "CNAME",
+return ("A", $config{'support_aaaa'} ? ( "AAAA" ) : ( ), "NS", "CNAME",
 	$config{'allow_alias'} ? ( "ALIAS" ) : ( ),
 	"MX", "HINFO", "TXT", "SPF", "DMARC", "WKS", "RP", "PTR", "LOC",
 	"SRV", "KEY", "TLSA", "SSHFP", "CAA", "NAPTR", "NSEC3PARAM",
-	$config{'support_aaaa'} ? ( "AAAA" ) : ( ), @extra_forward);
+	 @extra_forward);
 }
 sub get_reverse_record_types
@@ -3458,7 +3464,8 @@ closedir(ZONEDIR);
 # Fork a background job to do lots of IO, to generate entropy
 my $pid;
-if (!&get_rand_flag()) {
+my $flag = &get_rand_flag();
 if (defined($flag) && !$flag) {
 	$pid = fork();
 	if (!$pid) {
 		exec("find / -type f >/dev/null 2>&1");
@@ -3507,7 +3514,7 @@ else {
 		"cd ".quotemeta($fn)." && ".
 		"$config{'keygen'} -a ".quotemeta($alg).
 		" -b ".quotemeta($zonesize).
-		" -n ZONE ".&get_rand_flag()." $dom 2>&1");
+		" -n ZONE ".($flag || "")." ".quotemeta($dom)." 2>&1");
 	if ($?) {
 		kill('KILL', $pid) if ($pid);
 		return $out;
@@ -3519,7 +3526,8 @@ else {
 			"cd ".quotemeta($fn)." && ".
 			"$config{'keygen'} -a ".quotemeta($alg).
 			" -b ".quotemeta($size).
-			" -n ZONE -f KSK ".&get_rand_flag()." $dom 2>&1");
+			" -n ZONE -f KSK ".($flag || "")." ".
 				quotemeta($dom)." 2>&1");
 		kill('KILL', $pid) if ($pid);
 		if ($?) {
 			return $out;
@@ -3589,7 +3597,8 @@ $zonekey || return "Could not find DNSSEC zone key";
 # Fork a background job to do lots of IO, to generate entropy
 my $pid;
-if (!&get_rand_flag()) {
+my $flag = &get_rand_flag();
 if (defined($flag) && !$flag) {
 	$pid = fork();
 	if (!$pid) {
 		exec("find / -type f >/dev/null 2>&1");
@@ -3606,7 +3615,7 @@ my $alg = $zonekey->{'algorithm'};
 my $out = &backquote_logged(
 	"cd ".quotemeta($dir)." && ".
 	"$config{'keygen'} -a ".quotemeta($alg)." -b ".quotemeta($zonesize).
-	" -n ZONE ".&get_rand_flag()." $dom 2>&1");
+	" -n ZONE ".($flag || "")." ".quotemeta($dom)." 2>&1");
 kill('KILL', $pid) if ($pid);
 if ($?) {
 	return "Failed to generate new zone key : $out";
--- a/bind8/convert_slave.cgi
+++ b/bind8/convert_slave.cgi
@@ -44,7 +44,9 @@ if (&is_raw_format_records($file)) {
 	my $temp = &transname();
 	&copy_source_dest($file, $temp);
 	my $out = &backquote_logged("named-compilezone -f raw -F text ".
-				 "-o $file $zone->{'name'} $temp 2>&1");
+				 "-o ".quotemeta($file)." ".
 				 quotemeta($zone->{'name'})." ".
 				 quotemeta($temp)." 2>&1");
 	&error(&text('convert_ecompile', "<tt>".&html_escape($out)."</tt>"))
 		if ($?);
 	&unlink_file($temp);
--- a/bind8/edit_zonedt.cgi
+++ b/bind8/edit_zonedt.cgi
@@ -127,7 +127,7 @@ if (&have_dnssec_tools_support()) {
 				print "<br>\n<br>\n";
 				if ((($lsdnssec=dt_cmdpath('lsdnssec')) ne '')) {
-					my $cmd = "$lsdnssec -z $dom $rrfile";
+					my $cmd = "$lsdnssec -z ".quotemeta($dom)." $rrfile";
 					my $out = &backquote_command("$cmd");
 					print &ui_textarea("lsdnssec", $out, 12, 80, "soft", 0,
 								   "readonly style='width:90%'");
--- a/bind8/images/A.gif
+++ b/bind8/images/A.gif
--- a/bind8/images/AAAA.gif
+++ b/bind8/images/AAAA.gif
--- a/bind8/images/CAA.gif
+++ b/bind8/images/CAA.gif
--- a/bind8/images/NAPTR.gif
+++ b/bind8/images/NAPTR.gif
--- a/bind8/images/NSEC3PARAM.gif
+++ b/bind8/images/NSEC3PARAM.gif
--- a/bind8/images/SSHFP.gif
+++ b/bind8/images/SSHFP.gif
--- a/bind8/images/TLSA.gif
+++ b/bind8/images/TLSA.gif
--- a/bind8/lang/en
+++ b/bind8/lang/en
@@ -262,7 +262,7 @@ edit_upfwd=Update forward?
 edit_err=Failed to save record
 edit_egone=Selected record no longer exists!
 edit_ettl='$1' is not a valid time-to-live
-edit_eip='$1' is not a valid IP address
+edit_eip='$1' is not a valid IP4 address
 edit_eip6='$1' is not a valid IPv6 address
 edit_ehost='$1' is not a valid hostname
 edit_eserv2='$1' is not a valid service name
@@ -309,8 +309,8 @@ edit_espfa='$1' is not a valid host to allow sending from
 edit_espfa2='$1' must be a hostname, not an IP address
 edit_espfmx='$1' is not a valid domain name to allow MX sending from
 edit_espfmxmax=You are not allowed to have more than 10 domains to allow MX sending from
-edit_espfip='$1' is not a valid IP address or IP/prefix to allow sending from
+edit_espfip='$1' is not a valid IPv4 address or IPv4 prefix to allow sending from
-edit_espfip6='$1' is not a valid IPv6 address or IPv6/prefix to allow sending from
+edit_espfip6='$1' is not a valid IPv6 address or IPv6 prefix to allow sending from
 edit_espfinclude='$1' is not a valid additional domain from which mail is sent
 edit_espfredirect='$1' is not a valid alternate domain name
 edit_espfexp='$1' is a valid record name for a rejection message
@@ -394,7 +394,7 @@ boot_err=Download failed
 boot_egzip=The root zone file is compressed, but the <tt>gzip</tt> command is not installed on your system!
 boot_egzip2=Uncompression of root zone file failed : $1
-type_A=Address
+type_A=IPv4 Address
 type_AAAA=IPv6 Address
 type_NS=Name Server
 type_CNAME=Name Alias
@@ -417,7 +417,7 @@ type_KEY=Public Key
 type_CAA=Certificate Authority
 type_NAPTR=Name Authority Pointer
-edit_A=Address
+edit_A=IPv4 Address
 edit_AAAA=IPv6 Address
 edit_NS=Name Server
 edit_CNAME=Name Alias
@@ -440,7 +440,7 @@ edit_CAA=Certificate Authority
 edit_NAPTR=Name Authority Pointer
 recs_defttl=Default TTL
-recs_A=Address
+recs_A=IPv4 Address
 recs_AAAA=IPv6 Address
 recs_NS=Name Server
 recs_CNAME=Name Alias
@@ -464,7 +464,7 @@ recs_CAA=Certificate Authority
 recs_NAPTR=Name Authority
 recs_delete=Delete Selected
-value_A1=Address
+value_A1=IPv4 Address
 value_AAAA1=IPv6 Address
 value_NS1=Name Server
 value_CNAME1=Real Name
@@ -511,7 +511,7 @@ value_spfmx=Allow sending from domain's MX hosts?
 value_spfptr=Allow sending from any host in domain?
 value_spfas=Additional allowed sender hosts
 value_spfmxs=Additional allowed sender MX domains
-value_spfip4s=Additional allowed sender IP addresses/networks
+value_spfip4s=Additional allowed sender IPv4 addresses/networks
 value_spfip6s=Additional allowed sender IPv6 addresses/networks
 value_spfincludes=Other domains from which mail is sent
 value_spfall=Action for other senders
@@ -1207,6 +1207,7 @@ dnssec_secs=seconds
 dnssec_desc=Zones signed with DNSSEC typically have two keys - a zone key which must be re-generated and signed regularly, and a key signing key which remains constant. This page allows you to configure Webmin to perform this re-signing automatically.
 dnssec_err=Failed to save DNSSEC key re-signing
 dnssec_eperiod=Missing or invalid number of days between re-signs
 dnssec_eperiod30=Number of days between re-signs must be less than 30
 dnssectools_title=DNSSEC-Tools Automation
 dt_conf_title=DNSSEC-Tools Automation
--- a/bind8/list_tls.cgi
+++ b/bind8/list_tls.cgi
@@ -37,7 +37,7 @@ if (@tls) {
 	print &ui_columns_end();
 	}
 else {
-	print "<b>$text{'tls_none'}</b> <p>\n";
+	print &ui_alert_box($text{'tls_none'}, 'info', undef, undef, "");
 	}
 print &ui_links_row(\@links);
--- a/bind8/records-lib.pl
+++ b/bind8/records-lib.pl
@@ -35,10 +35,13 @@ my $rootfile = $_[4] ? $file : &make_chroot($file);
 my $FILE;
 if (&is_raw_format_records($rootfile)) {
 	# Convert from raw format first
-	&has_command("named-compilezone") ||
+	my $compilezone = &has_command("named-compilezone");
 	$compilezone ||
 		&error("Zone file $rootfile is in raw format, but the ".
 		       "named-compilezone command is not installed");
-	open($FILE, "named-compilezone -f raw -F text -o - $origin $rootfile |");
+	open($FILE, "-|", $compilezone,
 	     "-f", "raw", "-F", "text", "-o", "-",
 	     $origin, $rootfile);
 	}
 else {
 	# Can read text format records directly
--- a/bind8/save_dnssec.cgi
+++ b/bind8/save_dnssec.cgi
@@ -16,6 +16,7 @@ require './bind8-lib.pl';
 $access{'defaults'} || &error($text{'dnssec_ecannot'});
 $in{'period'} =~ /^[1-9]\d*$/ || &error($text{'dnssec_eperiod'});
 $in{'period'} < 30 || &error($text{'dnssec_eperiod30'});
 # Create or delete the cron job
 my $job = &get_dnssec_cron_job();
--- a/bind8/save_dnssectools.cgi
+++ b/bind8/save_dnssectools.cgi
@@ -48,8 +48,10 @@ $in{'dt_zsklife'} =~ /(\b[0-9]+\b)/  ||
 	&error($text{'dt_conf_ezsklife'});
 $nv{'zsklife'} = $1;
-&save_dnssectools_directive($conf, \%nv);
+$in{'period'} =~ /^[1-9]\d*$/ || &error($text{'dnssec_eperiod'});
 $in{'period'} < 30 || &error($text{'dnssec_eperiod30'});
 &save_dnssectools_directive($conf, \%nv);
 &lock_file($module_config_file);
 $config{'dnssec_period'} = $in{'period'};
--- a/bind8/slave_add.cgi
+++ b/bind8/slave_add.cgi
@@ -1,5 +1,6 @@
 #!/usr/local/bin/perl
 # Add or update a server or group from the webmin servers module
 use strict;
 use warnings;
 no warnings 'redefine';
@@ -98,8 +99,13 @@ foreach my $s (@add) {
 		next;
 		}
-	my @rzones = grep { $_->{'type'} ne 'view' }
+	my @zn = &remote_foreign_call($s, "bind8", "list_zone_names");
-		       &remote_foreign_call($s, "bind8", "list_zone_names");
+	if ($add_error_msg) {
 		print "$add_error_msg<p>\n";
                next;
 		}
 	my @rzones = grep { $_->{'type'} ne 'view' } @zn;
 	print &text('add_ok', $s->{'host'}, scalar(@rzones)),"<p>\n";
 	$s->{'sec'} = $in{'sec'};
 	$s->{'nsname'} = $in{'name_def'} ? undef : $in{'name'};
--- a/bsdfdisk/bsdfdisk-lib.pl
+++ b/bsdfdisk/bsdfdisk-lib.pl
--- a/bsdfdisk/change_slice_label.cgi
+++ b/bsdfdisk/change_slice_label.cgi
@@ -0,0 +1,53 @@
 #!/usr/local/bin/perl
 # Change the label of a slice (GPT label or glabel)
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
 our ( %in, %text, $module_name );
 &ReadParse();
 # Validate input parameters to prevent command injection
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/ or &error("Invalid device name");
 $in{'device'} !~ /\.\./                or &error("Invalid device name");
 $in{'slice'}  =~ /^\d+$/               or &error("Invalid slice number");
 # Get the disk and slice
 my @disks = &list_disks_partitions();
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
 $disk || &error( $text{'disk_egone'} );
 my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
 $slice || &error( $text{'slice_egone'} );
 my $base_device = $disk->{'device'};
 $base_device =~ s{^/dev/}{};
 my $disk_structure = get_disk_structure($base_device);
 my $current_label  = get_device_label_name(
    disk           => $disk,
    slice          => $slice,
    disk_structure => $disk_structure
 );
 my $suggested_label = $slice->{'device'};
 $suggested_label =~ s{^/dev/}{};
 &ui_print_header( $slice->{'desc'}, $text{'slice_label_title'}, "" );
 print &ui_form_start( "save_slice_label.cgi", "post" );
 print &ui_hidden( "device", $in{'device'} );
 print &ui_hidden( "slice",  $in{'slice'} );
 print &ui_table_start( $text{'slice_label_header'}, undef, 2 );
 print &ui_table_row( $text{'part_device'},
    "<tt>" . html_escape( $slice->{'device'} ) . "</tt>" );
 print &ui_table_row( $text{'slice_label_current'},
    $current_label ? "<tt>" . html_escape($current_label) . "</tt>" : "-" );
 print &ui_table_row( $text{'slice_label_new'},
    &ui_textbox( "label", $suggested_label, 20 ) );
 print &ui_table_end();
 print &ui_form_end( [ [ undef, $text{'save'} ] ] );
 my $url_device = &urlize( $in{'device'} );
 my $url_slice  = &urlize( $in{'slice'} );
 &ui_print_footer( "edit_slice.cgi?device=$url_device&slice=$url_slice",
    $text{'slice_return'} );
--- a/bsdfdisk/create_part.cgi
+++ b/bsdfdisk/create_part.cgi
@@ -6,47 +6,63 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
-&error_setup($text{'npart_err'});
+&error_setup( $text{'npart_err'} );
 # Get the disk
 my @disks = &list_disks_partitions();
 # Validate input parameters
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'device'} !~ /\.\./  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'slice'}  =~ /^\d+$/ or &error( $text{'slice_egone'} );
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
+my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
-$slice || &error($text{'slice_egone'});
+$slice || &error( $text{'slice_egone'} );
 # Validate inputs, starting with slice number
-my $part = { };
+my $part = {};
-$in{'letter'} =~ /^[a-d]$/i || &error($text{'npart_eletter'});
+$in{'letter'} =~ /^[a-h]$/i || &error( $text{'npart_eletter'} );
-$in{'letter'} = lc($in{'letter'});
+$in{'letter'} = lc( $in{'letter'} );
-my ($clash) = grep { $_->{'letter'} eq $in{'letter'} } @{$slice->{'parts'}};
+
-$clash && &error(&text('npart_eclash', $in{'letter'}));
+# Partition 'c' is reserved in BSD disklabels (represents the whole slice)
 $in{'letter'} ne 'c' || &error( $text{'npart_ereserved'} );
 my ($clash) = grep { $_->{'letter'} eq $in{'letter'} } @{ $slice->{'parts'} };
 $clash && &error( &text( 'npart_eclash', $in{'letter'} ) );
 $part->{'letter'} = $in{'letter'};
 # Start and end blocks
-$in{'start'} =~ /^\d+$/ || &error($text{'nslice_estart'});
+$in{'start'} =~ /^\d+$/ || &error( $text{'nslice_estart'} );
-$in{'end'} =~ /^\d+$/ || &error($text{'nslice_eend'});
+$in{'end'}   =~ /^\d+$/ || &error( $text{'nslice_eend'} );
-$in{'start'} < $in{'end'} || &error($text{'npart_erange'});
+$in{'start'} < $in{'end'} || &error( $text{'npart_erange'} );
 $part->{'startblock'} = $in{'start'};
-$part->{'blocks'} = $in{'end'} - $in{'start'};
+$part->{'blocks'}     = $in{'end'} - $in{'start'} + 1;
 # Slice type
 $in{'type'} =~ /^[a-zA-Z0-9._-]+$/
  or &error( $text{'npart_etype'} || 'Invalid partition type' );
 $part->{'type'} = $in{'type'};
 # Do the creation
-&ui_print_header($slice->{'desc'}, $text{'npart_title'}, "");
+&ui_print_header( $slice->{'desc'}, $text{'npart_title'}, "" );
-print &text('npart_creating', $in{'letter'}, $slice->{'desc'}),"<p>\n";
+print &text( 'npart_creating', $in{'letter'},
-my $err = &save_partition($disk, $slice, $part);
+    &html_escape( $slice->{'desc'} ) ), "<p>\n";
 # Actually create the partition inside the slice (initialize BSD label if needed)
 my $err = &create_partition( $disk, $slice, $part );
 if ($err) {
-	print &text('npart_failed', $err),"<p>\n";
+    print &text( 'npart_failed', &html_escape($err) ), "<p>\n";
-	}
+}
 else {
-	print &text('npart_done'),"<p>\n";
+    print &text('npart_done'), "<p>\n";
-	&webmin_log("create", "part", $part->{'device'}, $part);
+    &webmin_log( "create", "part", $part->{'device'}, $part );
-	}
+}
-&ui_print_footer("edit_slice.cgi?device=$in{'device'}&slice=$in{'slice'}",
+my $url_device = &urlize( $in{'device'} );
-		 $text{'slice_return'});
+my $url_slice  = &urlize( $in{'slice'} );
 &ui_print_footer( "edit_slice.cgi?device=$url_device&slice=$url_slice",
    $text{'slice_return'} );
--- a/bsdfdisk/create_slice.cgi
+++ b/bsdfdisk/create_slice.cgi
@@ -1,65 +1,147 @@
 #!/usr/local/bin/perl
 # Actually create a new slice
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
-&ReadParse();
+ReadParse();
-&error_setup($text{'nslice_err'});
+error_setup( $text{'nslice_err'} );
-# Get the disk
+# Get the disk using first() for an early exit on match
-my @disks = &list_disks_partitions();
+my @disks = list_disks_partitions();
-my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
+
-$disk || &error($text{'disk_egone'});
+# Validate input parameters
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
  or error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'device'} !~ /\.\./ or error( $text{'disk_edevice'} || 'Invalid device' );
 my $disk;
 foreach my $d (@disks) {
    if ( $d->{'device'} eq $in{'device'} ) {
        $disk = $d;
        last;
    }
 }
 # Validate device parameter to prevent path traversal and command injection
 $disk or error( $text{'disk_egone'} );
 # Prefer GPART total blocks for bounds
 ( my $base_dev = $in{'device'} ) =~ s{^/dev/}{};
 my $ds = get_disk_structure($base_dev);
 my $disk_blocks =
  ( $ds && $ds->{'total_blocks'} )
  ? $ds->{'total_blocks'}
  : ( $disk->{'blocks'} || 0 );
 # Validate inputs, starting with slice number
-my $slice = { };
+my $slice = {};
-$in{'number'} =~ /^\d+$/ || &error($text{'nslice_enumber'});
+$in{'number'} =~ /^\d+$/ or error( $text{'nslice_enumber'} );
-my ($clash) = grep { $_->{'number'} == $in{'number'} } @{$disk->{'slices'}};
+
-$clash && &error(&text('nslice_eclash', $in{'number'}));
+# Check for clash using first() with a loop exiting on first match
 my $clash;
 foreach my $s ( @{ $disk->{'slices'} } ) {
    if ( $s->{'number'} == $in{'number'} ) {
        $clash = $s;
        last;
    }
 }
 $slice->{'number'} = $in{'number'};
 # Start and end blocks
-$in{'start'} =~ /^\d+$/ || &error($text{'nslice_estart'});
+$in{'start'} =~ /^\d+$/ or error( $text{'nslice_estart'} );
-$in{'end'} =~ /^\d+$/ || &error($text{'nslice_eend'});
+$in{'end'}   =~ /^\d+$/ or error( $text{'nslice_eend'} );
-$in{'start'} < $in{'end'} || &error($text{'nslice_erange'});
+( $in{'start'} < $in{'end'} ) or error( $text{'nslice_erange'} );
 # total_blocks is the block *after* the last valid block, so end must be < total_blocks
 ( $in{'end'} < $disk_blocks )
  or error( text( 'nslice_emax', $disk_blocks - 1 ) );
 # Ensure the new slice does not overlap existing slices
 foreach my $s ( @{ $disk->{'slices'} } ) {
    my $s_start = $s->{'startblock'};
    my $s_end   = $s->{'startblock'} + $s->{'blocks'} - 1;
    if ( !( $in{'end'} < $s_start || $in{'start'} > $s_end ) ) {
        error( "Requested slice range overlaps with existing slice #"
              . $s->{'number'} );
    }
 }
 $slice->{'startblock'} = $in{'start'};
-$slice->{'blocks'} = $in{'end'} - $in{'start'};
+$slice->{'blocks'}     = $in{'end'} - $in{'start'} + 1;
 # Slice type
 $in{'type'} =~ /^[a-zA-Z0-9_-]+$/ or error( $text{'nslice_etype'} );
 length( $in{'type'} ) <= 20       or error( $text{'nslice_etype'} );
 $slice->{'type'} = $in{'type'};
 # Do the creation
-&ui_print_header($disk->{'desc'}, $text{'nslice_title'}, "");
+ui_print_header( $disk->{'desc'}, $text{'nslice_title'}, "" );
-
+print text( 'nslice_creating', $in{'number'}, &html_escape( $disk->{'desc'} ) ),
-print &text('nslice_creating', $in{'number'}, $disk->{'desc'}),"<p>\n";
+  "<p>\n";
-my $err = &create_slice($disk, $slice);
+my $err = create_slice( $disk, $slice );
 if ($err) {
-	print &text('nslice_failed', $err),"<p>\n";
+    print text( 'nslice_failed', &html_escape($err) ), "<p>\n";
-	}
+}
 else {
-	print &text('nslice_done'),"<p>\n";
+    print text('nslice_done'), "<p>\n";
 	}
-if (!$err && $in{'makepart'}) {
+   # Auto-label the new partition provider with its name if scheme is GPT or BSD
-	# Also create a partition
+    my $base = $disk->{'device'};
-	print &text('nslice_parting', $in{'number'}, $disk->{'desc'}),"<p>\n";
+    $base =~ s{^/dev/}{};
-	my $err = &initialize_slice($disk, $slice);
+    my $ds = get_disk_structure($base);
-	if ($err) {
+    if ( $ds && $ds->{'scheme'} ) {
-		print &text('nslice_pfailed', $err),"<p>\n";
+
        # Determine provider and label text
        my $label_text = slice_name($slice);    # e.g., da8s2 or da0p2
        if ( $ds->{'scheme'} =~ /GPT/i ) {
            my $idx = $slice->{'number'};
            if ($idx) {
                my $cmd2 =
                    "gpart modify -i $idx -l "
                  . quote_path($label_text) . " "
                  . quote_path($base);
                my $out2 = backquote_command("$cmd2 2>&1");
                # If it fails, ignore silently
            }
        }
        else {
-		print &text('nslice_pdone'),"<p>\n";
+     # On MBR, if BSD label exists we can set label once created; ignore for now
        }
    }
 }
 if ( !$err && $in{'makepart'} ) {
-if (!$err) {
+    # Also create a partition (initialize slice label)
-	&webmin_log("create", "slice", $slice->{'device'}, $slice);
+    my $part_err = initialize_slice( $disk, $slice );
    if ($part_err) {
        print text( 'nslice_pfailed', &html_escape($part_err) ), "<p>\n";
    }
    else {
        print text('nslice_pdone'), "<p>\n";
    }
 }
 if ( !$err ) {
-&ui_print_footer("edit_disk.cgi?device=$in{'device'}",
+    # Auto-label GPT partitions with their device name (e.g., da8p2)
-		 $text{'disk_return'});
+    my $base = $disk->{'device'};
    $base =~ s{^/dev/}{};
    my $ds = get_disk_structure($base);
    if ( $ds && $ds->{'scheme'} && $ds->{'scheme'} =~ /GPT/i ) {
        my $slice_devname = $slice->{'device'};
        $slice_devname =~ s{^/dev/}{};    # e.g., da8p2
        my $idx = $slice->{'number'};
        if ( $idx && $slice_devname ) {
            my $label_cmd =
                "gpart modify -i $idx -l "
              . quote_path($slice_devname) . " "
              . quote_path($base) . " 2>&1";
            my $label_out = backquote_command($label_cmd);
            # Ignore errors - labeling is optional
        }
    }
    webmin_log( "create", "slice", $slice->{'device'}, $slice );
 }
 my $url_device = &urlize( $in{'device'} );
 ui_print_footer( "edit_disk.cgi?device=$url_device", $text{'disk_return'} );
--- a/bsdfdisk/delete_part.cgi
+++ b/bsdfdisk/delete_part.cgi
@@ -6,47 +6,62 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
 # Get the disk and slice
 my @disks = &list_disks_partitions();
 # Validate inputs
 ($in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/ && $in{'device'} !~ /\.\./)
  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'slice'}  =~ /^\d+$/ or &error( $text{'slice_egone'} );
 $in{'part'}   =~ /^[a-z]$/ or &error( $text{'part_egone'} );
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
+my $in_slice_num = int($in{'slice'});
-$slice || &error($text{'slice_egone'});
+my ($slice) = grep { int($_->{'number'}) == $in_slice_num } @{ $disk->{'slices'} };
-my ($part) = grep { $_->{'letter'} eq $in{'part'} } @{$slice->{'parts'}};
+$slice || &error( $text{'slice_egone'} );
-$part || &error($text{'part_egone'});
+my ($part) = grep { $_->{'letter'} eq $in{'part'} } @{ $slice->{'parts'} };
 $part || &error( $text{'part_egone'} );
-&ui_print_header($part->{'desc'}, $text{'dpart_title'}, "");
+&ui_print_header( $part->{'desc'}, $text{'dpart_title'}, "" );
 if ( $in{'confirm'} ) {
 if ($in{'confirm'}) {
    # Delete it
-	print &text('dpart_deleting', $part->{'desc'}),"<p>\n";
+    print &text( 'dpart_deleting', &html_escape( $part->{'desc'} ) ), "<p>\n";
-	my $err = &delete_partition($disk, $slice, $part);
+    my $err = &delete_partition( $disk, $slice, $part );
    if ($err) {
-		print &text('dpart_failed', $err),"<p>\n";
+        print &text( 'dpart_failed', &html_escape($err) ), "<p>\n";
    }
    else {
-		print $text{'dpart_done'},"<p>\n";
+        print $text{'dpart_done'}, "<p>\n";
-		&webmin_log("delete", "part", $part->{'device'}, $part);
+        &webmin_log( "delete", "part", $part->{'device'}, $part );
 		}
    }
 }
 else {
    # Ask first
-	my @st = &fdisk::device_status($part->{'device'});
+    my @st  = &fdisk::device_status( $part->{'device'} );
-	my $use = &fdisk::device_status_link(@st);
+    my $use = &fdisk::device_status_link(@st); # returns safe HTML link(s); ensure upstream sanitization
    print &ui_confirmation_form(
        "delete_part.cgi",
-		&text('dpart_rusure', "<tt>$part->{'device'}</tt>"),
+        &text(
-		[ [ "device", $in{'device'} ],
+            'dpart_rusure',
            "<tt>" . &html_escape( $part->{'device'} ) . "</tt>"
        ),
        [
            [ "device", $in{'device'} ],
            [ "slice",  $in{'slice'} ],
-		  [ "part", $in{'part'} ] ],
+            [ "part",   $in{'part'} ]
-		[ [ "confirm", $text{'dslice_confirm'} ] ],
+        ],
        # Use partition-specific confirmation text key if available
        [ [ "confirm", $text{'dpart_confirm'} || $text{'dslice_confirm'} ] ],
        undef,
-		$use ? &text('dpart_warn', $use) : undef);
+        $use ? &text( 'dpart_warn', $use ) : undef
-	}
+    );
-
+}
 &ui_print_footer("edit_slice.cgi?device=$in{'device'}&slice=$in{'slice'}",
 		 $text{'slice_return'});
 my $url_device = &urlize( $in{'device'} );
 my $url_slice  = &urlize( $in{'slice'} );
 &ui_print_footer( "edit_slice.cgi?device=$url_device&slice=$url_slice",
    $text{'slice_return'} );
--- a/bsdfdisk/delete_slice.cgi
+++ b/bsdfdisk/delete_slice.cgi
@@ -6,53 +6,62 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
 # Get the disk and slice
 my @disks = &list_disks_partitions();
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'device'} !~ /\.\./  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'slice'}  =~ /^\d+$/ or &error( $text{'slice_egone'} );
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
+my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
-$slice || &error($text{'slice_egone'});
+$slice || &error( $text{'slice_egone'} );
-&ui_print_header($slice->{'desc'}, $text{'dslice_title'}, "");
+&ui_print_header( $slice->{'desc'}, $text{'dslice_title'}, "" );
 if ( $in{'confirm'} ) {
 if ($in{'confirm'}) {
    # Delete it
-	print &text('dslice_deleting', $slice->{'desc'}),"<p>\n";
+    print &text( 'dslice_deleting', &html_escape( $slice->{'desc'} ) ), "<p>\n";
-	my $err = &delete_slice($disk, $slice);
+    my $err = &delete_slice( $disk, $slice );
    if ($err) {
-		print &text('dslice_failed', $err),"<p>\n";
+        print &text( 'dslice_failed', &html_escape($err) ), "<p>\n";
    }
    else {
-		print $text{'dslice_done'},"<p>\n";
+        print $text{'dslice_done'}, "<p>\n";
-		&webmin_log("delete", "slice", $slice->{'device'}, $slice);
+        &webmin_log( "delete", "slice", $slice->{'device'}, $slice );
 		}
    }
 }
 else {
    # Ask first
    my @warn;
-	my @st = &fdisk::device_status($slice->{'device'});
+    my @st = &fdisk::device_status( $slice->{'device'} );
    if (@st) {
-		push(@warn, &fdisk::device_status_link(@st));
+        push( @warn, &fdisk::device_status_link(@st) );
    }
-	foreach my $p (@{$slice->{'parts'}}) {
+    foreach my $p ( @{ $slice->{'parts'} } ) {
-		my @st = &fdisk::device_status($p->{'device'});
+        my @st = &fdisk::device_status( $p->{'device'} );
        if (@st) {
-			push(@warn, &fdisk::device_status_link(@st));
+            push( @warn, &fdisk::device_status_link(@st) );
        }
    }
    print &ui_confirmation_form(
        "delete_slice.cgi",
-		&text('dslice_rusure', "<tt>$slice->{'device'}</tt>"),
+        &text(
-		[ [ "device", $in{'device'} ],
+            'dslice_rusure',
-		  [ "slice", $in{'slice'} ] ],
+            "<tt>" . &html_escape( $slice->{'device'} ) . "</tt>"
        ),
        [ [ "device",  $in{'device'} ], [ "slice", $in{'slice'} ] ],
        [ [ "confirm", $text{'dslice_confirm'} ] ],
        undef,
-		@warn ? &text('dslice_warn', join(" ", @warn)) : undef);
+        @warn
-	}
+        ? &text( 'dslice_warn', join( " ", @warn ) )
-
+        : undef
-&ui_print_footer("edit_disk.cgi?device=$in{'device'}",
+    );
-		 $text{'disk_return'});
+}
 my $url_device = &urlize( $in{'device'} );
 &ui_print_footer( "edit_disk.cgi?device=$url_device", $text{'disk_return'} );
--- a/bsdfdisk/edit_disk.cgi
+++ b/bsdfdisk/edit_disk.cgi
@@ -1,100 +1,462 @@
 #!/usr/local/bin/perl
 # Show details of a disk, and slices on it
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
-my $extwidth = 300;
+my $extwidth = 100;
 # Get the disk
 my @disks = &list_disks_partitions();
 # Validate input parameters
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/ or &error( $text{'disk_edevice'} );
 $in{'device'} !~ /\.\./                or &error( $text{'disk_edevice'} );
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-&ui_print_header($disk->{'desc'}, $text{'disk_title'}, "");
+# Cache commonly used values
 my $device     = $disk->{'device'};
 my $device_url = &urlize($device);
 my $desc       = $disk->{'desc'};
-# Show disk details
+# Prefer total blocks from gpart header when available
-my @info = ( );
+my $base_device = $disk->{'device'};
-push(@info, &text('disk_dsize', &nice_size($disk->{'size'})));
+$base_device =~ s{^/dev/}{};
-if ($disk->{'model'}) {
+my $disk_structure = &get_disk_structure($base_device);
-        push(@info, &text('disk_model', $disk->{'model'}));
+my $disk_blocks =
  ( $disk_structure && $disk_structure->{'total_blocks'} )
  ? $disk_structure->{'total_blocks'}
  : ( $disk->{'blocks'} || 1000000 );
 # Precompute a scale factor for extent image widths
 my $scale = $extwidth / ( $disk_blocks || 1 );
 &ui_print_header( $disk->{'desc'}, $text{'disk_title'}, "" );
 # Debug toggle bar
 print
  "<div class='debug-toggle' style='margin-bottom: 15px; text-align: right;'>";
 if ( $in{'debug'} ) {
    print
 "<a href='edit_disk.cgi?device=$device_url' class='btn btn-default'><i class='fa fa-bug'></i> $text{'disk_hide_debug'}</a>";
 }
 else {
    print
 "<a href='edit_disk.cgi?device=$device_url&debug=1' class='btn btn-default'><i class='fa fa-bug'></i> $text{'disk_show_debug'}</a>";
 }
 print "</div>";
 # Get detailed disk information from geom and disk structure from gpart show (cache disk_structure entries)
 my $geom_info = &get_detailed_disk_info($device);
 my $entries   = $disk_structure
  && $disk_structure->{'entries'} ? $disk_structure->{'entries'} : [];
 print &ui_table_start( $text{'disk_details'}, "width=100%", 2 );
 # Prefer mediasize (bytes) for accurate size; fallback to stat-based size
 my $disk_bytes =
  ( $disk_structure && $disk_structure->{'mediasize'} )
  ? $disk_structure->{'mediasize'}
  : $disk->{'size'};
 print &ui_table_row( $text{'disk_dsize'}, &safe_nice_size($disk_bytes) );
 if ( $disk->{'model'} ) {
    print &ui_table_row( $text{'disk_model'},
        &html_escape( $disk->{'model'} ) );
 }
 print &ui_table_row( $text{'disk_device'},
    "<tt>" . &html_escape( $disk->{'device'} ) . "</tt>" );
 # Get disk scheme
 print &ui_table_row( $text{'disk_scheme'},
      $disk_structure
    ? &html_escape( $disk_structure->{'scheme'} )
    : $text{'disk_unknown'} );
 # GEOM details
 if ($geom_info) {
    print &ui_table_hr();
    print &ui_table_row( $text{'disk_geom_header'},
        "<b>$text{'disk_geom_details'}</b>", 2 );
    if ( $geom_info->{'mediasize'} ) {
        print &ui_table_row( $text{'disk_mediasize'},
            $geom_info->{'mediasize'} );
    }
-push(@info, &text('disk_cylinders', $disk->{'cylinders'}));
+    if ( $geom_info->{'sectorsize'} ) {
-push(@info, &text('disk_blocks', $disk->{'blocks'}));
+        print &ui_table_row( $text{'disk_sectorsize'},
-push(@info, &text('disk_device', "<tt>$disk->{'device'}</tt>"));
+            $geom_info->{'sectorsize'} . " " . $text{'disk_bytes'} );
-print &ui_links_row(\@info),"<p>\n";
+    }
    if ( $geom_info->{'stripesize'} ) {
        print &ui_table_row( $text{'disk_stripesize'},
            $geom_info->{'stripesize'} . " " . $text{'disk_bytes'} );
    }
    if ( $geom_info->{'stripeoffset'} ) {
        print &ui_table_row( $text{'disk_stripeoffset'},
            $geom_info->{'stripeoffset'} . " " . $text{'disk_bytes'} );
    }
    if ( $geom_info->{'mode'} ) {
        print &ui_table_row( $text{'disk_mode'},
            &html_escape( $geom_info->{'mode'} ) );
    }
    if ( $geom_info->{'rotationrate'} ) {
        if ( $geom_info->{'rotationrate'} eq "0" ) {
            print &ui_table_row( $text{'disk_rotationrate'},
                $text{'disk_ssd'} );
        }
        else {
            print &ui_table_row( $text{'disk_rotationrate'},
                $geom_info->{'rotationrate'} . " " . $text{'disk_rpm'} );
        }
    }
    if ( $geom_info->{'ident'} ) {
        print &ui_table_row( $text{'disk_ident'},
            &html_escape( $geom_info->{'ident'} ) );
    }
    if ( $geom_info->{'lunid'} ) {
        print &ui_table_row( $text{'disk_lunid'},
            &html_escape( $geom_info->{'lunid'} ) );
    }
    if ( $geom_info->{'descr'} ) {
        print &ui_table_row( $text{'disk_descr'},
            &html_escape( $geom_info->{'descr'} ) );
    }
 }
 # Advanced information (cylinders, blocks)
 print &ui_table_hr();
 print &ui_table_row( $text{'disk_advanced_header'},
    "<b>$text{'disk_advanced_details'}</b>", 2 );
 if ( $disk->{'cylinders'} ) {
    print &ui_table_row( $text{'disk_cylinders'}, $disk->{'cylinders'} );
 }
 print &ui_table_row( $text{'disk_blocks'}, $disk->{'blocks'} );
 print &ui_table_end();
 # Debug: print raw outputs if debug mode is enabled
 if ( $in{'debug'} ) {
    print "<div class='debug-section'>";
    # Debug: gpart show output
    my $cmd = "gpart show -l " . &quote_path($base_device) . " 2>&1";
    my $out = &backquote_command($cmd);
    print "<div class='panel panel-default'>";
    print
 "<div class='panel-heading'><h3 class='panel-title'>$text{'disk_debug_gpart'}</h3></div>";
    print "<div class='panel-body'>";
    print "<pre>Command: "
      . &html_escape($cmd)
      . "\nOutput:\n"
      . &html_escape($out)
      . "\n</pre>";
    print "</div></div>";
    # Debug: disk structure
    print "<div class='panel panel-default'>";
    print
 "<div class='panel-heading'><h3 class='panel-title'>$text{'disk_debug_structure'}</h3></div>";
    print "<div class='panel-body'>";
    print "<pre>Disk Structure:\n";
    foreach my $key ( sort keys %$disk_structure ) {
        if ( $key eq 'entries' ) {
            print "entries: [\n";
            foreach my $entry ( @{ $disk_structure->{'entries'} } ) {
                print "  {\n";
                foreach my $k ( sort keys %$entry ) {
                    print "    $k: " . &html_escape( $entry->{$k} ) . "\n";
                }
                print "  },\n";
            }
            print "]\n";
        }
        else {
            print "$key: " . &html_escape( $disk_structure->{$key} ) . "\n";
        }
    }
    print "</pre>";
    print "</div></div>";
    # Debug: Raw GEOM output
    print "<div class='panel panel-default'>";
    print
 "<div class='panel-heading'><h3 class='panel-title'>$text{'disk_debug_geom'}</h3></div>";
    print "<div class='panel-body'>";
    print "<pre>Raw GEOM output:\n";
    print &html_escape(
        &backquote_command(
            "geom disk list " . &quote_path($device) . " 2>/dev/null"
        )
    );
    print "</pre>";
    print "</div></div>";
    print "</div>";
 }
 # Build partition details from disk_structure (no separate gpart list call)
 my %part_details = ();
 if ( $disk_structure && $disk_structure->{'partitions'} ) {
    %part_details = %{ $disk_structure->{'partitions'} };
 }
 # Ensure we have names/labels for any entries missing from partitions map
 if ( $disk_structure && $disk_structure->{'entries'} ) {
    foreach my $entry ( @{ $disk_structure->{'entries'} } ) {
        next unless ( $entry->{'type'} eq 'partition' && $entry->{'index'} );
        my $part_num = $entry->{'index'};
        $part_details{$part_num} ||= {};
        $part_details{$part_num}->{'name'} ||=
          $base_device
          . ( ( $disk_structure->{'scheme'} eq 'GPT' )
            ? "p$part_num"
            : "s$part_num" );
        if ( $entry->{'label'} && $entry->{'label'} ne '(null)' ) {
            $part_details{$part_num}->{'label'} ||= $entry->{'label'};
        }
        $part_details{$part_num}->{'type'} ||=
          $entry->{'part_type'} || 'unknown';
    }
 }
 # Build ZFS devices cache
 my ( $zfs_pools, $zfs_devices ) = &build_zfs_devices_cache();
 # Debug ZFS pools if debug mode is enabled
 if ( $in{'debug'} ) {
    print "<div class='debug-section'>";
    print "<div class='panel panel-default'>";
    print
 "<div class='panel-heading'><h3 class='panel-title'>$text{'disk_debug_zfs'}</h3></div>";
    print "<div class='panel-body'>";
    print "<pre>";
    my $cmd = "zpool status 2>&1";
    my $out = &backquote_command($cmd);
    print "Command: "
      . &html_escape($cmd)
      . "\nOutput:\n"
      . &html_escape($out) . "\n";
    print "</pre>";
    print "</div></div>";
    print "</div>";
 }
 # Debug: Print partition details mapping if debug enabled
 if ( $in{'debug'} ) {
    print "<div class='debug-section'>";
    print "<div class='panel panel-default'>";
    print
 "<div class='panel-heading'><h3 class='panel-title'>$text{'disk_debug_part_details'}</h3></div>";
    print "<div class='panel-body'>";
    print "<pre>Partition Details Mapping:\n";
    foreach my $pnum ( sort { $a <=> $b } keys %part_details ) {
        print "  $pnum: {\n";
        foreach my $k ( sort keys %{ $part_details{$pnum} } ) {
            print "    $k: "
              . &html_escape( $part_details{$pnum}->{$k} ) . "\n";
        }
        print "  },\n";
    }
    print "</pre>";
    print "</div></div>";
    print "</div>";
 }
 # Get sector size
 my $sectorsize =
  $disk_structure->{'sectorsize'} || &get_disk_sectorsize($device) || 512;
 my $sectorsize_text = $sectorsize ? "$sectorsize" : "512";
 # Show partitions table
-my @links = ( "<a href='slice_form.cgi?device=".&urlize($disk->{'device'}).
+my @links =
-	      "&new=1'>".$text{'disk_add'}."</a>" );
+  (     "<a href='slice_form.cgi?device=$device_url&amp;new=1'>"
-if (@{$disk->{'slices'}}) {
+      . $text{'disk_add'}
-	print &ui_links_row(\@links);
+      . "</a>" );
-	print &ui_columns_start([
+if (@$entries) {
-		$text{'disk_no'},
+    print &ui_links_row( \@links );
-		$text{'disk_type'},
+    print &ui_columns_start(
-		$text{'disk_extent'},
+        [
-		$text{'disk_size'},
+            $text{'disk_no'},           # Row number
-		$text{'disk_start'},
+            $text{'disk_partno'},       # Part. No.
-		$text{'disk_end'},
+            $text{'disk_partname'},     # Part. Name
-		$text{'disk_use'},
+            $text{'disk_partlabel'},    # Part. Label
-		]);
+            $text{'disk_subpart'},      # Sub-part.
-	foreach my $p (@{$disk->{'slices'}}) {
+            $text{'disk_extent'},       # Extent
-		# Create images for the extent
+            $text{'disk_start'},        # Startblock
            $text{'disk_end'},          # Endblock
            $text{'disk_size'},         # Size
            $text{'disk_format'},       # Format type
            $text{'disk_use'},          # Used by
            $text{'disk_role'},         # Role Type
        ]
    );
    my $row_number = 1;
    foreach my $entry (@$entries) {
        my @cols = ();
        push( @cols, $row_number++ );
        if ( $entry->{'type'} eq 'free' ) {
            my $start = $entry->{'start'};
            my $end   = $entry->{'start'} + $entry->{'size'} - 1;
            my $create_url =
              "slice_form.cgi?device=$device_url&new=1&start=$start&end=$end";
            push( @cols,
                    "<a href='$create_url' style='color: green;'>"
                  . $text{'disk_free'}
                  . "</a>" );
            push( @cols, "-" );
            push( @cols, "-" );
            push( @cols, "-" );
            my $ext = "";
-                $ext .= sprintf "<img src=images/gap.gif height=10 width=%d>",
+            $ext .= sprintf "<img src='images/gap.gif' height='10' width='%d'>",
-                        $extwidth*($p->{'startblock'} - 1) /
+              $scale * ( $entry->{'start'} - 1 );
-                        $disk->{'blocks'};
+            $ext .=
-                $ext .= sprintf "<img src=images/%s.gif height=10 width=%d>",
+              sprintf
-                        $p->{'extended'} ? "ext" : "use",
+"<img src='images/gap.gif' height='10' width='%d' style='background-color: #8f8;'>",
-                        $extwidth*($p->{'blocks'}) /
+              $scale * ( $entry->{'size'} );
-                        $disk->{'blocks'};
+            $ext .= sprintf "<img src='images/gap.gif' height='10' width='%d'>",
-                $ext .= sprintf "<img src=images/gap.gif height=10 width=%d>",
+              $scale * ( $disk_blocks - $entry->{'start'} - $entry->{'size'} );
-                  $extwidth*($disk->{'blocks'} - $p->{'startblock'} -
+            push( @cols, $ext );
-			     $p->{'blocks'}) / $disk->{'blocks'};
+            push( @cols, $start );
            push( @cols, $end );
            push( @cols, $entry->{'size_human'} );
            push( @cols, $text{'disk_free_space'} );
            push( @cols, $text{'disk_available'} );
            push( @cols, "-" );
        }
        else {
            my $part_num = $entry->{'index'};
            my $ext      = "";
            $ext .= sprintf "<img src='images/gap.gif' height='10' width='%d'>",
              $scale * ( $entry->{'start'} - 1 );
            $ext .= sprintf "<img src='images/use.gif' height='10' width='%d'>",
              $scale * ( $entry->{'size'} );
            $ext .= sprintf "<img src='images/gap.gif' height='10' width='%d'>",
              $scale * ( $disk_blocks - $entry->{'start'} - $entry->{'size'} );
            my $url = "edit_slice.cgi?device=$device_url&amp;slice="
              . &urlize($part_num);
            push( @cols, "<a href='$url'>" . &html_escape($part_num) . "</a>" );
-		# Work out use
+            my $part_info = $part_details{$part_num};
-		my @st = &fdisk::device_status($p->{'device'});
+            my $part_name = $part_info ? $part_info->{'name'} : "-";
            push( @cols, &html_escape($part_name) );
            my $part_label =
                $part_info
              ? $part_info->{'label'}
              : ( $entry->{'label'} eq "(null)" ? "-" : $entry->{'label'} );
            push( @cols, &html_escape($part_label) );
            # Find sub-partitions if available
            my ($slice) =
              grep { $_->{'number'} eq $part_num } @{ $disk->{'slices'} || [] };
            my $sub_part_info =
              ( $slice && scalar( @{ $slice->{'parts'} || [] } ) > 0 )
              ? join( ", ", map { $_->{'letter'} } @{ $slice->{'parts'} } )
              : "-";
            push( @cols, &html_escape($sub_part_info) );
            push( @cols, $ext );
            push( @cols, $entry->{'start'} );
            push( @cols, $entry->{'start'} + $entry->{'size'} - 1 );
            push( @cols, $entry->{'size_human'} );
            # Classify format/use/role via library helper
            my ( $format_type, $usage, $role ) = classify_partition_row(
                base_device     => $base_device,
                scheme          => ( $disk_structure->{'scheme'} || '' ),
                part_num        => $part_num,
                part_name       => $part_name,
                part_label      => $part_label,
                entry_part_type => (
                    $part_info ? $part_info->{'type'} : $entry->{'part_type'}
                ),
                entry_rawtype =>
                  ( $part_info ? $part_info->{'rawtype'} : undef ),
                size_human  => $entry->{'size_human'},
                size_blocks => $entry->{'size'},
                zfs_devices => $zfs_devices,
            );
            push( @cols, &html_escape( $format_type || '-' ) );
            push( @cols, &html_escape( $usage       || $text{'part_nouse'} ) );
            push( @cols, &html_escape( $role        || '-' ) );
        }
        print &ui_columns_row( \@cols );
    }
    print &ui_columns_end();
 }
 else {
    if ( @{ $disk->{'slices'} || [] } ) {
        print &ui_links_row( \@links );
        print &ui_columns_start(
            [
                $text{'disk_no'},     $text{'disk_type'},
                $text{'disk_extent'}, $text{'disk_start'},
                $text{'disk_end'},    $text{'disk_use'},
            ]
        );
        foreach my $s ( @{ $disk->{'slices'} } ) {
            my @cols = ();
            my $ext  = "";
            $ext .= sprintf "<img src='images/gap.gif' height='10' width='%d'>",
              $scale * ( $s->{'startblock'} - 1 );
            $ext .= sprintf "<img src='images/%s.gif' height='10' width='%d'>",
              ( $s->{'extended'} ? "ext" : "use" ),
              $scale * ( $s->{'blocks'} );
            $ext .= sprintf "<img src='images/gap.gif' height='10' width='%d'>",
              $scale * ( $disk_blocks - $s->{'startblock'} - $s->{'blocks'} );
            my $url = "edit_slice.cgi?device=$device_url&amp;slice="
              . &urlize( $s->{'number'} );
            push( @cols,
                "<a href='$url'>" . &html_escape( $s->{'number'} ) . "</a>" );
            push( @cols,
                &get_type_description( $s->{'type'} ) || $s->{'type'} );
            push( @cols, $ext );
            push( @cols, $s->{'startblock'} );
            push( @cols, $s->{'startblock'} + $s->{'blocks'} - 1 );
            my @st  = &fdisk::device_status( $s->{'device'} );
            my $use = &fdisk::device_status_link(@st);
-		my $n = scalar(@{$p->{'parts'}});
+            push( @cols, &html_escape( $use || $text{'part_nouse'} ) );
-
+            print &ui_columns_row( \@cols );
 		# Add row for the slice
 		my $url = "edit_slice.cgi?device=".&urlize($disk->{'device'}).
 			  "&slice=".$p->{'number'};
 		my $nlink = "<a href='$url'>$p->{'number'}</a>";
 		$nlink = "<b>$nlink</b>" if ($p->{'active'});
 		print &ui_columns_row([
 			$nlink,
 			"<a href='$url'>".&fdisk::tag_name($p->{'type'})."</a>",
 			$ext,
 			&nice_size($p->{'size'}),
 			$p->{'startblock'},
 			$p->{'startblock'} + $p->{'blocks'} - 1,
 			$use ? $use :
 			  $n ? &text('disk_scount', $n) : "",
 			]);
        }
        print &ui_columns_end();
    }
-else {
+    else {
-	print "<b>$text{'disk_none'}</b><p>\n";
+        print "<p>$text{'disk_none'}</p>\n";
    }
-print &ui_links_row(\@links);
+}
 print &ui_links_row( \@links );
-print &ui_hr();
+# Show SMART status link if available
-print &ui_buttons_start();
+if ( &has_command("smartctl") ) {
    print &ui_hr();
    print &ui_buttons_start();
    print &ui_buttons_row( "smart.cgi", $text{'disk_smart'},
        $text{'disk_smartdesc'}, &ui_hidden( "device", $device ) );
    print &ui_buttons_end();
 }
-if (&foreign_installed("smart-status")) {
+# Debug: ZFS cache detail
-	print &ui_buttons_row(
+if ( $in{'debug'} ) {
-		"../smart-status/index.cgi",
+    print "<div class='debug-section'>";
-		$text{'disk_smart'},
+    print "<div class='panel panel-default'>";
-		$text{'disk_smartdesc'},
+    print
-		&ui_hidden("drive", $disk->{'device'}.":"));
+"<div class='panel-heading'><h3 class='panel-title'>$text{'disk_debug_zfs_cache'}</h3></div>";
    print "<div class='panel-body'>";
    print "<pre>Pools: " . join( ", ", keys %$zfs_pools ) . "\n\nDevices:\n";
    foreach my $device_id ( sort keys %$zfs_devices ) {
        next if $device_id =~ /^_debug_/;
        my $device_info = $zfs_devices->{$device_id};
        print
 "$device_id => Pool: $device_info->{'pool'}, Type: $device_info->{'vdev_type'}, Mirrored: "
          . ( $device_info->{'is_mirrored'} ? "Yes" : "No" )
          . ", RAIDZ: "
          . ( $device_info->{'is_raidz'}
            ? "Yes (Level: $device_info->{'raidz_level'})"
            : "No" )
          . ", Single: "
          . ( $device_info->{'is_single'} ? "Yes" : "No" )
          . ", Striped: "
          . ( $device_info->{'is_striped'} ? "Yes" : "No" ) . "\n";
    }
-
+    print "</pre>";
-print &ui_buttons_end();
+    print "</div></div>";
-
+    print "</div>";
-&ui_print_footer("", $text{'index_return'});
+}
 &ui_print_footer( "", $text{'disk_return'} );
--- a/bsdfdisk/edit_part.cgi
+++ b/bsdfdisk/edit_part.cgi
@@ -1,87 +1,181 @@
 #!/usr/local/bin/perl
 # Show details of a partition, with buttons to create a filesystem
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
 our (%in, %text, $module_name);
 &ReadParse();
-# Get the disk and slice
+# Load required libraries
-my @disks = &list_disks_partitions();
+require "./bsdfdisk-lib.pl";
-my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
+our ( %in, %text, $module_name );
-$disk || &error($text{'disk_egone'});
+ReadParse();
 my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
 $slice || &error($text{'slice_egone'});
 my ($part) = grep { $_->{'letter'} eq $in{'part'} } @{$slice->{'parts'}};
 $part || &error($text{'part_egone'});
-&ui_print_header($part->{'desc'}, $text{'part_title'}, "");
+# Cache input parameters to avoid repeated hash lookups
 my $device      = $in{'device'};
 my $slice_num   = $in{'slice'};
 my $part_letter = $in{'part'};
 my $url_device  = &urlize($device);
 my $url_slice   = &urlize($slice_num);
 my $url_part    = &urlize($part_letter);
 # Get the disk and slice using first() to stop at the first matching element
 my @disks = list_disks_partitions();
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/ or error( $text{'disk_edevice'} );
 $in{'device'} !~ /\.\./                or error( $text{'disk_edevice'} );
 $in{'slice'}  =~ /^\d+$/               or error( $text{'slice_egone'} );
 $in{'part'}   =~ /^[a-z]$/             or error( $text{'part_egone'} );
 my $disk;
 foreach my $d (@disks) {
    if ( $d->{'device'} eq $device ) {
        $disk = $d;
        last;
    }
 }
 $disk or error( $text{'disk_egone'} );
 my $slice;
 foreach my $s ( @{ $disk->{'slices'} } ) {
    if ( $s->{'number'} eq $slice_num ) {
        $slice = $s;
        last;
    }
 }
 $slice or error( $text{'slice_egone'} );
 my $part;
 foreach my $p ( @{ $slice->{'parts'} } ) {
    if ( $p->{'letter'} eq $part_letter ) { $part = $p; last; }
 }
 $part or error( $text{'part_egone'} );
 ui_print_header( $part->{'desc'}, $text{'part_title'}, "" );
 # Check if this is a boot partition
 my $is_boot = is_boot_partition($part);
 if ($is_boot) {
    print ui_alert_box( $text{'part_bootdesc'}, 'info' );
 }
 # Show current details
-my @st = &fdisk::device_status($part->{'device'});
+my $zfs_info = get_all_zfs_info();
-my $use = &fdisk::device_status_link(@st);
+my @st       = fdisk::device_status( $part->{'device'} );
-my $canedit = !@st || !$st[2];
+
-my $hiddens = &ui_hidden("device", $in{'device'})."\n".
+# calculate $use from either ZFS info or from a status link
-	      &ui_hidden("slice", $in{'slice'})."\n".
+my $device_path = $part->{'device'};
-	      &ui_hidden("part", $in{'part'})."\n";
+my $use         = $zfs_info->{$device_path} || fdisk::device_status_link(@st);
 my $canedit     = ( !@st && !$zfs_info->{$device_path} && !$is_boot );
 # Prepare hidden fields once
 my $hiddens =
    ui_hidden( "device", $device ) . "\n"
  . ui_hidden( "slice", $slice_num ) . "\n"
  . ui_hidden( "part",  $part_letter ) . "\n";
 if ($canedit) {
-	print &ui_form_start("save_part.cgi", "post");
+    print ui_form_start( "save_part.cgi", "post" ), $hiddens;
-	print $hiddens;
+}
-	}
+print ui_table_start( $text{'part_header'}, undef, 2 );
-print &ui_table_start($text{'part_header'}, undef, 2);
+print ui_table_row( $text{'part_device'},
-
+    "<tt>" . html_escape( $part->{'device'} ) . "</tt>" );
-print &ui_table_row($text{'part_device'},
+my $part_bytes = bytes_from_blocks( $part->{'device'}, $part->{'blocks'} );
-	"<tt>$part->{'device'}</tt>");
+print ui_table_row( $text{'part_size'},
-
+    $part_bytes ? safe_nice_size($part_bytes) : '-' );
-print &ui_table_row($text{'part_size'},
+print ui_table_row( $text{'part_start'}, $part->{'startblock'} );
-	&nice_size($part->{'size'}));
+print ui_table_row( $text{'part_end'},
-
+    $part->{'startblock'} + $part->{'blocks'} - 1 );
-print &ui_table_row($text{'part_start'},
+my $disk_geom = get_detailed_disk_info( $disk->{'device'} );
-	$part->{'startblock'});
+my $stripesize =
-
+  ( $disk_geom && $disk_geom->{'stripesize'} )
-print &ui_table_row($text{'part_end'},
+  ? $disk_geom->{'stripesize'}
-	$part->{'startblock'} + $part->{'blocks'} - 1);
+  : '-';
 print ui_table_row( $text{'disk_stripesize'}, $stripesize );
 if ($canedit) {
-	print &ui_table_row($text{'part_type'},
+
-		&ui_select("type", $part->{'type'},
+    # BSD disklabel partitions only support FreeBSD types
-			   [ &list_partition_types() ], 1, 0, 1));
+    print ui_table_row(
-	}
+        $text{'part_type'},
        ui_select(
            "type", $part->{'type'}, [ list_partition_types('BSD') ],
            1,      0,               1
        )
    );
 }
 else {
-	print &ui_table_row($text{'part_type'},
+    print ui_table_row( $text{'part_type'}, get_format_type($part) );
-		$part->{'type'});
+}
-	}
+my $use_text = (
    ( !@st && !$zfs_info->{ $part->{'device'} } ) ? $text{'part_nouse'}
    : (
        ( $st[2] || $zfs_info->{ $part->{'device'} } )
        ? text( 'part_inuse',  $use )
        : text( 'part_foruse', $use )
    )
 );
 print ui_table_row( $text{'part_use'}, $use_text );
-print &ui_table_row($text{'part_use'},
+# Add a row for the partition role
-	!@st ? $text{'part_nouse'} :
+print ui_table_row( $text{'part_role'}, get_partition_role($part) );
-	$st[2] ? &text('part_inuse', $use) :
+print ui_table_end();
 		 &text('part_foruse', $use));
 print &ui_table_end();
 if ($canedit) {
-	print &ui_form_end([ [ undef, $text{'save'} ] ]);
+    print ui_form_end( [ [ undef, $text{'save'} ] ] );
-	}
+}
-# Show newfs and mount buttons
+# Existing partitions on this slice
 if ( @{ $slice->{'parts'} || [] } ) {
    my $zfs = get_all_zfs_info();
    print ui_hr();
    print ui_columns_start(
        [
            $text{'slice_letter'}, $text{'slice_type'}, $text{'slice_start'},
            $text{'slice_end'},    $text{'slice_size'}, $text{'slice_use'},
            $text{'slice_role'}
        ],
        $text{'epart_existing'}
    );
    foreach my $p ( sort { $a->{'startblock'} <=> $b->{'startblock'} }
        @{ $slice->{'parts'} } )
    {
        my $ptype = get_type_description( $p->{'type'} ) || $p->{'type'};
        my @stp   = fdisk::device_status( $p->{'device'} );
        my $usep =
             $zfs->{ $p->{'device'} }
          || fdisk::device_status_link(@stp)
          || $text{'part_nouse'};
        my $rolep = get_partition_role($p);
        my $pb2   = bytes_from_blocks( $p->{'device'}, $p->{'blocks'} );
        print ui_columns_row(
            [
                uc( $p->{'letter'} ),
                &html_escape($ptype),
                $p->{'startblock'},
                $p->{'startblock'} + $p->{'blocks'} - 1,
                ( $pb2 ? safe_nice_size($pb2) : '-' ),
                $usep,
                &html_escape($rolep)
            ]
        );
    }
    print ui_columns_end();
 }
 # Show newfs and mount buttons if editing is allowed
 if ($canedit) {
-	print &ui_hr();
+    print ui_hr();
-
+    print ui_buttons_start();
-	print &ui_buttons_start();
+    my $mount_return =
-
+      "edit_part.cgi?device=$url_device&slice=$url_slice&part=$url_part";
-	&show_filesystem_buttons($hiddens, \@st, $part);
+    show_filesystem_buttons( $hiddens, \@st, $part, $mount_return );
-
+    print ui_buttons_row( "delete_part.cgi", $text{'part_delete'},
-	print &ui_buttons_row(
+        $text{'part_deletedesc'}, $hiddens );
-		"delete_part.cgi", $text{'part_delete'},
+    print ui_buttons_end();
-		$text{'part_deletedesc'}, $hiddens);
+}
 	print &ui_buttons_end();
 	}
 else {
-	print "<b>$text{'part_cannotedit'}</b><p>\n";
+    print $is_boot
-	}
+      ? "<b>$text{'part_bootcannotedit'}</b><p>\n"
      : "<b>$text{'part_cannotedit'}</b><p>\n";
 }
-&ui_print_footer("edit_slice.cgi?device=$in{'device'}&slice=$in{'slice'}",
+# SMART button (physical device)
-		 $text{'slice_return'});
+if ( &has_command("smartctl") ) {
    print ui_hr();
    print ui_buttons_start();
    print ui_buttons_row( "smart.cgi", $text{'disk_smart'},
        $text{'disk_smartdesc'}, ui_hidden( "device", $disk->{'device'} ) );
    print ui_buttons_end();
 }
 ui_print_footer( "edit_slice.cgi?device=$url_device&slice=$url_slice",
    $text{'slice_return'} );
--- a/bsdfdisk/edit_slice.cgi
+++ b/bsdfdisk/edit_slice.cgi
@@ -1,146 +1,285 @@
 #!/usr/local/bin/perl
 # Show details of a slice, and partitions on it
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
-&ReadParse();
+ReadParse();
 my $extwidth = 300;
 # Get the disk and slice
-my @disks = &list_disks_partitions();
+my @disks = list_disks_partitions();
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
 $disk || &error($text{'disk_egone'});
 my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
 $slice || &error($text{'slice_egone'});
-&ui_print_header($slice->{'desc'}, $text{'slice_title'}, "");
+# Validate input parameters to prevent command injection
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/ or error( $text{'disk_edevice'} );
 $in{'device'} !~ /\.\./                or error( $text{'disk_edevice'} );
 $in{'slice'}  =~ /^\d+$/               or error( $text{'slice_egone'} );
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks
  or error( $text{'disk_egone'} );
 my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} }
  or error( $text{'slice_egone'} );
 my $url_device = &urlize( $in{'device'} );
 my $url_slice  = &urlize( $in{'slice'} );
 ui_print_header( $slice->{'desc'}, $text{'slice_title'}, "" );
 # Show slice details
-my @st = &fdisk::device_status($slice->{'device'});
+my $zfs_info = get_all_zfs_info();
-my $use = &fdisk::device_status_link(@st);
+my ( $zfs_pools, $zfs_devices ) = build_zfs_devices_cache();
-my $canedit = !@st || !$st[2];
+
-my $hiddens = &ui_hidden("device", $in{'device'})."\n".
+# Cache slice device status
-	      &ui_hidden("slice", $in{'slice'})."\n";
+my @slice_status = fdisk::device_status( $slice->{'device'} );
-print &ui_form_start("save_slice.cgi");
+my $slice_use =
    $zfs_info->{ $slice->{'device'} }
  ? $zfs_info->{ $slice->{'device'} }
  : fdisk::device_status_link(@slice_status);
 my $canedit = ( !@slice_status || !$slice_status[2] );
 # Prepare hidden fields
 my $hiddens = ui_hidden( "device", $in{'device'} ) . "\n"
  . ui_hidden( "slice", $in{'slice'} ) . "\n";
 # Derive disk scheme for classifier
 my $base_device = $disk->{'device'};
 $base_device =~ s{^/dev/}{};
 my $disk_structure = get_disk_structure($base_device);
 # Device label (GPT label or glabel)
 my $slice_label = get_device_label_name(
    disk           => $disk,
    slice          => $slice,
    disk_structure => $disk_structure
 );
 # Check if this is a boot slice
 my $is_boot = is_boot_partition($slice);
 print ui_alert_box( $text{'slice_bootdesc'}, 'info' ) if $is_boot;
 my $confirm_msg = $text{'confirm_overwrite'}
  || 'You will destroy/overwrite existing data structures. Continue?';
 my $confirm_js = $confirm_msg;
 $confirm_js =~ s/\\/\\\\/g;
 $confirm_js =~ s/'/\\'/g;
 $confirm_js =~ s/\r?\n/\\n/g;
 print ui_form_start( "save_slice.cgi", "post", undef,
    "onsubmit=\"return confirm('$confirm_js')\"" );
 print $hiddens;
-print &ui_table_start($text{'slice_header'}, undef, 2);
+print ui_table_start( $text{'slice_header'}, undef, 2 );
 print ui_table_row( $text{'part_device'},
    "<tt>" . html_escape( $slice->{'device'} ) . "</tt>" );
 print ui_table_row( $text{'slice_label'},
    $slice_label ? "<tt>" . html_escape($slice_label) . "</tt>" : "-" );
 my $slice_bytes = bytes_from_blocks( $slice->{'device'}, $slice->{'blocks'} );
 print ui_table_row( $text{'slice_ssize'},
    $slice_bytes ? safe_nice_size($slice_bytes) : '-' );
 print ui_table_row( $text{'slice_sstart'}, $slice->{'startblock'} );
 print ui_table_row( $text{'slice_send'},
    $slice->{'startblock'} + $slice->{'blocks'} - 1 );
-print &ui_table_row($text{'part_device'},
+# Slice type selector (GPT vs legacy)
-	"<tt>$slice->{'device'}</tt>");
+if ( is_using_gpart() ) {
    my $scheme =
      ( $disk_structure && $disk_structure->{'scheme'} )
      ? $disk_structure->{'scheme'}
      : 'GPT';
    my @opts = list_partition_types($scheme);
-print &ui_table_row($text{'slice_ssize'},
+    # Default sensibly per scheme
-	&nice_size($slice->{'size'}));
+    my $default_type = ( $scheme =~ /GPT/i ) ? 'freebsd-zfs' : 'freebsd';
    print ui_table_row( $text{'slice_stype'},
        ui_select( "type", $slice->{'type'} || $default_type, \@opts ) );
 }
 else {
    # Pre-cache tag options for the slice type select (legacy fdisk)
    my @tags        = fdisk::list_tags();
    my @tag_options = map { [ $_, fdisk::tag_name($_) ] } @tags;
    @tag_options = sort { $a->[1] cmp $b->[1] } @tag_options;
    print ui_table_row( $text{'slice_stype'},
        ui_select( "type", $slice->{'type'}, \@tag_options ) );
 }
-print &ui_table_row($text{'slice_sstart'},
+# Active slice - only applicable for legacy MBR. For GPT/UEFI and for EFI/freebsd-boot types, the active flag is irrelevant.
-	$slice->{'startblock'});
+my $is_gpt =
  is_using_gpart()
  && ( $disk_structure
    && $disk_structure->{'scheme'}
    && $disk_structure->{'scheme'} =~ /GPT/i );
 if ( !$is_gpt && ( $slice->{'type'} !~ /^(?:efi|freebsd-boot)$/i ) ) {
    my $active_default = $slice->{'active'} ? 1 : 0;
    print ui_table_row( $text{'slice_sactive'},
        ui_yesno_radio( "active", $active_default ) );
 }
 else {
    # Do not offer the control; display 'No' since active is not used here
    print ui_table_row( $text{'slice_sactive'}, $text{'no'} );
 }
 print ui_table_row(
    $text{'slice_suse'},
    ( !$slice_use || $slice_use eq $text{'part_nouse'} ) ? $text{'part_nouse'}
    : ( $slice_status[2] ? text( 'part_inuse', $slice_use )
        : text( 'part_foruse', $slice_use ) )
 );
-print &ui_table_row($text{'slice_send'},
+# Add a row for the slice role
-	$slice->{'startblock'} + $slice->{'blocks'} - 1);
+print ui_table_row( $text{'slice_role'}, get_partition_role($slice) );
 print ui_table_end();
 print ui_form_end( [ [ undef, $text{'save'} ] ] );
 print ui_hr();
-print &ui_table_row($text{'slice_stype'},
+# Show partitions table (only for MBR slices that support BSD disklabel)
-	&ui_select("type", $slice->{'type'},
+my $can_have_parts = 0;
-		   [ sort { $a->[1] cmp $b->[1] }
+if ( !is_using_gpart() ) {
 			  map { [ $_, &fdisk::tag_name($_) ] }
 			      &fdisk::list_tags() ]));
-print &ui_table_row($text{'slice_sactive'},
+    # Legacy MBR with BSD disklabel
-	$slice->{'active'} ? $text{'yes'} :
+    $can_have_parts = 1;
-		&ui_yesno_radio("active", $slice->{'active'}));
+}
 elsif ($disk_structure
    && $disk_structure->{'scheme'}
    && $disk_structure->{'scheme'} !~ /GPT/i )
 {
    # MBR-style slice
    $can_have_parts = 1;
 }
 my @links =
  $can_have_parts
  ? ( "<a href='part_form.cgi?device="
      . $url_device
      . "&slice=$url_slice'>"
      . $text{'slice_add'}
      . "</a>" )
  : ();
 if ( @{ $slice->{'parts'} } ) {
    print ui_links_row( \@links ) if @links;
    print ui_columns_start(
        [
            $text{'slice_letter'},    $text{'slice_type'},
            $text{'slice_extent'},    $text{'slice_size'},
            $text{'slice_start'},     $text{'slice_end'},
            $text{'disk_stripesize'}, $text{'slice_use'},
            $text{'slice_role'},
        ]
    );
-print &ui_table_row($text{'slice_suse'},
+    # Pre-calculate scaling factor for the partition extent images
-	!@st ? $text{'part_nouse'} :
+    my $scale = $extwidth / $slice->{'blocks'};
 	$st[2] ? &text('part_inuse', $use) :
 		 &text('part_foruse', $use));
-print &ui_table_end();
+    foreach my $p ( @{ $slice->{'parts'} } ) {
 print &ui_form_end([ [ undef, $text{'save'} ] ]);
-print &ui_hr();
+        # Create images representing the partition extent
        my $gap_before = sprintf( "<img src=images/gap.gif height=10 width=%d>",
            int( $scale * ( $p->{'startblock'} - 1 ) ) );
        my $img_type = $p->{'extended'} ? "ext" : "use";
        my $partition_img =
          sprintf( "<img src=images/%s.gif height=10 width=%d>",
            $img_type, int( $scale * $p->{'blocks'} ) );
        my $gap_after = sprintf(
            "<img src=images/gap.gif height=10 width=%d>",
            int(
                $scale * (
                    $slice->{'blocks'} - $p->{'startblock'} - $p->{'blocks'}
                )
            )
        );
        my $ext = $gap_before . $partition_img . $gap_after;
-# Show partitions table
+        # Cache partition device status information
-my @links = ( "<a href='part_form.cgi?device=".&urlize($disk->{'device'}).
+        my @part_status = fdisk::device_status( $p->{'device'} );
-	      "&slice=$in{'slice'}'>".$text{'slice_add'}."</a>" );
+        my $part_use    = $zfs_info->{ $p->{'device'} }
-if (@{$slice->{'parts'}}) {
+          || fdisk::device_status_link(@part_status);
 	print &ui_links_row(\@links);
 	print &ui_columns_start([
 		$text{'slice_letter'},
 		$text{'slice_type'},
 		$text{'slice_extent'},
 		$text{'slice_size'},
 		$text{'slice_start'},
 		$text{'slice_end'},
 		$text{'slice_use'},
 		]);
 	foreach my $p (@{$slice->{'parts'}}) {
 		# Create images for the extent
                my $ext = "";
                $ext .= sprintf "<img src=images/gap.gif height=10 width=%d>",
                        $extwidth*($p->{'startblock'} - 1) /
                        $slice->{'blocks'};
                $ext .= sprintf "<img src=images/%s.gif height=10 width=%d>",
                        $p->{'extended'} ? "ext" : "use",
                        $extwidth*($p->{'blocks'}) /
                        $slice->{'blocks'};
                $ext .= sprintf "<img src=images/gap.gif height=10 width=%d>",
                  $extwidth*($slice->{'blocks'} - $p->{'startblock'} -
 			     $p->{'blocks'}) / $slice->{'blocks'};
-		# Work out use
+        # Prefer GEOM details for stripesize
-		my @st = &fdisk::device_status($p->{'device'});
+        my $ginfo = get_detailed_disk_info( $p->{'device'} );
-		my $use = &fdisk::device_status_link(@st);
+        my $stripesize =
          ( $ginfo && $ginfo->{'stripesize'} ) ? $ginfo->{'stripesize'} : '-';
-		# Add row for the partition
+        # Classify format/use/role via library helper
-		my $url = "edit_part.cgi?device=".&urlize($disk->{'device'}).
+        ( my $pn = $p->{'device'} ) =~ s{^/dev/}{};
-			  "&slice=".$slice->{'number'}."&part=".$p->{'letter'};
+        my ( $fmt, $use_txt, $role_txt ) = classify_partition_row(
-		print &ui_columns_row([
+            base_device     => $base_device,
-			"<a href='$url'>".uc($p->{'letter'})."</a>",
+            scheme          => ( $disk_structure->{'scheme'} || '' ),
-			"<a href='$url'>$p->{'type'}</a>",
+            part_name       => $pn,
            entry_part_type => $p->{'type'},
            zfs_devices     => $zfs_devices,
        );
        $use_txt  ||= $part_use;
        $role_txt ||= get_partition_role($p);
        # Build edit URL
        my $url =
            "edit_part.cgi?device="
          . $url_device
          . "&slice="
          . $url_slice
          . "&part="
          . &urlize( $p->{'letter'} );
        my $psz_b = bytes_from_blocks( $p->{'device'}, $p->{'blocks'} );
        print ui_columns_row(
            [
                "<a href='$url'>" . uc( $p->{'letter'} ) . "</a>",
                "<a href='$url'>"
                  . html_escape( $fmt || get_format_type($p) ) . "</a>",
                $ext,
-			&nice_size($p->{'size'}),
+                ( $psz_b ? safe_nice_size($psz_b) : '-' ),
                $p->{'startblock'},
                $p->{'startblock'} + $p->{'blocks'} - 1,
-			$use,
+                $stripesize,
-			]);
+                $use_txt,
-		}
+                html_escape($role_txt),
-	print &ui_columns_end();
+            ]
-	print &ui_links_row(\@links);
+        );
    }
    print ui_columns_end();
    print ui_links_row( \@links ) if @links;
 }
 else {
-	# No partitions yet
+    # GPT partitions do not have sub-partitions
-	if (@st) {
+    if ( !$can_have_parts ) {
-		# And directly in use, so none can be created
+
        # No message needed for GPT; partitions are top-level
    }
 # If slice is in use by a filesystem OR it is a boot slice, do not allow creating partitions
    elsif ( @slice_status || $zfs_info->{ $slice->{'device'} } || $is_boot ) {
        print "<b>$text{'slice_none2'}</b><p>\n";
    }
    else {
 		# Show link to add first partition
        print "<b>$text{'slice_none'}</b><p>\n";
-		print &ui_links_row(\@links);
+        print ui_links_row( \@links ) if @links;
    }
 }
 if ( $canedit && !$is_boot ) {    # Do not allow editing boot slices
    print ui_hr();
    print ui_buttons_start();
    if ( !@{ $slice->{'parts'} } ) {
        my $mount_return =
          "edit_slice.cgi?device=$url_device&slice=$url_slice";
        show_filesystem_buttons( $hiddens, \@slice_status, $slice,
            $mount_return );
    }
-
+    print ui_buttons_row(
-if ($canedit) {
+        'change_slice_label.cgi',
-	print &ui_hr();
+        $text{'slice_chglabel'},
-	print &ui_buttons_start();
+        $text{'slice_chglabeldesc'},
-
+        ui_hidden( "device", $in{'device'} ) . "\n"
-	if (!@{$slice->{'parts'}}) {
+          . ui_hidden( "slice", $in{'slice'} )
-		&show_filesystem_buttons($hiddens, \@st, $slice);
+    );
-		}
+    print ui_buttons_row(
 	# Button to delete slice
 	print &ui_buttons_row(
        'delete_slice.cgi',
        $text{'slice_delete'},
        $text{'slice_deletedesc'},
-		&ui_hidden("device", $in{'device'})."\n".
+        ui_hidden( "device", $in{'device'} ) . "\n"
-		&ui_hidden("slice", $in{'slice'}));
+          . ui_hidden( "slice", $in{'slice'} )
    );
    print ui_buttons_end();
 }
-	print &ui_buttons_end();
+# SMART button (physical device)
-	}
+if ( &has_command("smartctl") ) {
    print ui_hr();
    print ui_buttons_start();
    print ui_buttons_row( "smart.cgi", $text{'disk_smart'},
        $text{'disk_smartdesc'}, ui_hidden( "device", $disk->{'device'} ) );
    print ui_buttons_end();
 }
-
+ui_print_footer( "edit_disk.cgi?device=$url_device", $text{'disk_return'} );
 &ui_print_footer("edit_disk.cgi?device=$in{'device'}",
 		 $text{'disk_return'});
--- a/bsdfdisk/fsck.cgi
+++ b/bsdfdisk/fsck.cgi
@@ -6,57 +6,107 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
-&error_setup($text{'fsck_err'});
+&error_setup( $text{'fsck_err'} );
 # Get the disk and slice
 my @disks = &list_disks_partitions();
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'device'} !~ /\.\./  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'slice'}  =~ /^\d+$/ or &error( $text{'slice_egone'} );
 $in{'part'}   =~ /^[a-z]$/ or &error( $text{'part_egone'} ) if $in{'part'};
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
+my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
-$slice || &error($text{'slice_egone'});
+$slice || &error( $text{'slice_egone'} );
-my ($object, $part);
+my ( $object, $part );
-if ($in{'part'} ne '') {
+
-	($part) = grep { $_->{'letter'} eq $in{'part'} }
+if ( $in{'part'} ne '' ) {
-		       @{$slice->{'parts'}};
+    ($part) = grep { $_->{'letter'} eq $in{'part'} } @{ $slice->{'parts'} };
-	$part || &error($text{'part_egone'});
+    $part || &error( $text{'part_egone'} );
    $object = $part;
-	}
+}
 else {
    $object = $slice;
-	}
+}
-&ui_print_unbuffered_header($object->{'desc'}, $text{'fsck_title'}, "");
+# Safety checks: do not run fsck on boot partitions or in-use devices
 if ( is_boot_partition($object) ) {
    &error( $in{'part'} ne '' ? $text{'part_eboot'} : $text{'slice_eboot'} );
 }
 my @st_obj  = &fdisk::device_status( $object->{'device'} );
 my $use_obj = &fdisk::device_status_link(@st_obj);
 if ( @st_obj && $st_obj[2] ) {
    &error( &text( 'part_esave', &html_escape($use_obj) ) );
 }
-# Do the creation
+&ui_print_unbuffered_header( $object->{'desc'}, $text{'fsck_title'}, "" );
-print &text('fsck_checking', "<tt>$object->{'device'}</tt>"),"<br>\n";
+
-print "<pre>\n";
+# If device is ZFS, do not run fsck; show zpool status instead
-my $cmd = &get_check_filesystem_command($disk, $slice, $part);
+my $zmap = get_all_zfs_info();
-&additional_log('exec', undef, $cmd);
+if ( $zmap->{ $object->{'device'} } ) {
-my $fh = "CMD";
+    my $pool = $zmap->{ $object->{'device'} };
-&open_execute_command($fh, $cmd, 2);
+    $pool =~ s/^.*?\b([A-Za-z0-9_\-]+)\b.*$/$1/;
-while(<$fh>) {
+    print &text(
-	print &html_escape($_);
+        'fsck_checking', "<tt>" . &html_escape( $object->{'device'} ) . "</tt>"
-	}
+      ),
-close($fh);
+      "<br>\n";
-print "</pre>";
+    print "<pre>\n";
-if ($?) {
+    my $cmd = "zpool status 2>&1";
-	print $text{'fsck_failed'},"<p>\n";
+    &additional_log( 'exec', undef, $cmd );
-	}
+    print &html_escape( &backquote_command($cmd) );
    print "</pre>";
    print $text{'fsck_done'}, "<p>\n";
 }
 else {
-	print $text{'fsck_done'},"<p>\n";
+    # Do the creation
    print &text(
        'fsck_checking', "<tt>" . &html_escape( $object->{'device'} ) . "</tt>"
      ),
      "<br>\n";
    print "<pre>\n";
    my $cmd = &get_check_filesystem_command( $disk, $slice, $part );
    &additional_log( 'exec', undef, $cmd );
    my $out = &backquote_command( $cmd . " 2>&1" );
    foreach my $line ( split( /\n/, $out ) ) {
        $line =~ s/[^\x09\x0A\x0D\x20-\x7E]//g;
        print &html_escape($line) . "\n";
    }
-&webmin_log("fsck", $in{'part'} ne '' ? "part" : "object",
+    print "</pre>";
-	    $object->{'device'}, $object);
+    my $rc = $? >> 8;
    if ( $rc == 0 ) {
        print $text{'fsck_done'}, "<p>\n";
    }
    elsif ( $rc == 1 ) {
        print $text{'fsck_done'},  "<p>\n";
        print $text{'fsck_fixed'}, "<p>\n" if ( $text{'fsck_fixed'} );
    }
    elsif ( $rc == 2 ) {
        print $text{'fsck_done'},   "<p>\n";
        print $text{'fsck_reboot'}, "<p>\n" if ( $text{'fsck_reboot'} );
    }
    else {
        print $text{'fsck_failed'}, "<p>\n";
    }
 }
 &webmin_log( "fsck", $in{'part'} ne '' ? "part" : "object",
    $object->{'device'}, $object );
-if ($in{'part'} ne '') {
+if ( $in{'part'} ne '' ) {
-	&ui_print_footer("edit_part.cgi?device=$in{'device'}&".
+    my $url_device = &urlize( $in{'device'} );
-			   "slice=$in{'slice'}&part=$in{'part'}",
+    my $url_slice  = &urlize( $in{'slice'} );
-			 $text{'part_return'});
+    my $url_part   = &urlize( $in{'part'} );
-	}
+    &ui_print_footer(
        "edit_part.cgi?device=$url_device&slice=$url_slice&part=$url_part",
        $text{'part_return'}
    );
 }
 else {
-	&ui_print_footer("edit_slice.cgi?device=$in{'device'}&".
+    my $url_device = &urlize( $in{'device'} );
-			   "slice=$in{'slice'}",
+    my $url_slice  = &urlize( $in{'slice'} );
-			 $text{'slice_return'});
+    &ui_print_footer(
-	}
+        "edit_slice.cgi?device=$url_device&slice=$url_slice",
        $text{'slice_return'} );
 }
--- a/bsdfdisk/images/free.gif
+++ b/bsdfdisk/images/free.gif
--- a/bsdfdisk/index.cgi
+++ b/bsdfdisk/index.cgi
@@ -1,41 +1,57 @@
 #!/usr/local/bin/perl
 # Show a list of disks
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
 our (%in, %text, %config, $module_name);
-&ui_print_header(undef, $text{'index_title'}, "", "intro", 1, 1, 0,
+# Check prerequisites first
-		 &help_search_link("fdisk", "man"));
+my $err = check_fdisk();
 my $err = &check_fdisk();
 if ($err) {
-	&ui_print_endpage(&text('index_problem', $err));
+    ui_print_header(undef, $text{'index_title'}, "", "intro", 1, 1, 0);
-	}
+    print "<b>$text{'index_problem'}</b><br>\n$err\n";
    ui_print_footer("/", $text{'index_return'});
    exit;
 }
 # Print header with help link
 ui_print_header(undef, $text{'index_title'}, "", "intro", 1, 1, 0,
                help_search_link("fdisk", "man"));
 # List and sort disks by device name
 my @disks = list_disks_partitions();
@disks = sort { ($a->{'device'}//'') cmp ($b->{'device'}//'') } @disks;
 my @disks = &list_disks_partitions();
@disks = sort { $a->{'device'} cmp $b->{'device'} } @disks;
 if (@disks) {
-	print &ui_columns_start([ $text{'index_dname'},
+    print ui_columns_start([
        $text{'index_dname'},
        $text{'index_dsize'},
        $text{'index_dmodel'},
-                                  $text{'index_dparts'} ]);
+        $text{'index_dparts'}
    ]);
    foreach my $d (@disks) {
-		print &ui_columns_row([
+        my $device      = $d->{'device'} // '';
-			"<a href='edit_disk.cgi?device=".&urlize($d->{'device'}).
+        my $disk_name   = $device; $disk_name =~ s{^/dev/}{};
-			  "'>".&partition_description($d->{'device'})."</a>",
+        # Prefer mediasize from gpart list (bytes); fallback to diskinfo size
-			&nice_size($d->{'size'}),
+        my $base = $device; $base =~ s{^/dev/}{};
-			$d->{'model'},
+        my $ds = get_disk_structure($base);
-			scalar(@{$d->{'slices'}}),
+        my $bytes = $ds && $ds->{'mediasize'} ? $ds->{'mediasize'} : $d->{'size'};
        my $size_display = defined $bytes ? safe_nice_size($bytes) : '-';
        my $model       = $d->{'model'} // '-';
        my $url_device  = urlize($device);
        my $slices_cnt  = scalar(@{ $d->{'slices'} || [] });
        print ui_columns_row([
            "<a href='edit_disk.cgi?device=$url_device'>$disk_name</a>",
            $size_display,
            $model,  # Now correctly populated from bsdfdisk-lib.pl
            $slices_cnt,
        ]);
    }
-	print &ui_columns_end();
+    print ui_columns_end();
-	}
+}
 else {
-	print "<b>$text{'index_none'}</b> <p>\n";
+    print "<b>$text{'index_none'}</b><p>\n";
-	}
+}
-&ui_print_footer("/", $text{'index'});
+ui_print_footer("/", $text{'index_return'});
--- a/bsdfdisk/lang/en
+++ b/bsdfdisk/lang/en
@@ -1,42 +1,92 @@
 index_title=Partitions on Local Disks
-index_ecmd=The required command $1 is missing
+index_ecmd=Missing required command $1
-index_problem=This module cannot be used : $1
+index_problem=Cannot use this module : $1
-index_none=No disks were found on this system!
+index_none=No disks found on this system!
 index_dname=Disk name
 index_dsize=Total size
 index_dmodel=Make and model
 index_dparts=Slices
 index_return=list of disks
 index_format=Format
 index_efdisk=You must have $1 or $2 installed to use this module
 disk_edevice=Invalid device parameter
 nslice_etype=Invalid slice type
 # Disk overview
 disk_title=Edit Disk
 disk_egone=Disk no longer exists!
 disk_no=Slice
 disk_type=Type
 disk_extent=Extent
 disk_start=Start block
 disk_end=End block
 disk_use=Used by
 disk_scount=$1 partitions
 disk_parts=Partitions
 disk_free=Free space
 disk_vm=Virtual memory
 disk_iscsi=iSCSI shared device $1
 disk_none=This disk has no slices yet.
-disk_size=Size
+disk_dsize=Disk size
-disk_dsize=<b>Disk size:</b> $1
+disk_model=Make and model
-disk_model=<b>Make and model:</b> $1
+disk_cylinders=Cylinders
-disk_cylinders=<b>Cylinders:</b> $1
+disk_blocks=Blocks
-disk_blocks=<b>Blocks:</b> $1
+disk_device=Device file
 disk_device=<b>Device file:</b> $1
 disk_return=disk details and list of slices
 disk_add=Create a new slice.
 disk_smart=Show SMART Status
 disk_smartdesc=Show the current status of this drive as detected by SMART, and check it for disk errors.
 disk_no=No.
 disk_partno=Part. No.
 disk_partname=Part. Name
 disk_partlabel=Part. Label
 disk_subpart=Sub-part.
 disk_size=Size
 disk_free_space=Free Space
 disk_available=Available
 disk_format=Format
 disk_use=Used by
 disk_role=Role Type
-select_device=$1 device $2
+# Debug and scheme
-select_slice=$1 device $2 slice $3
+disk_show_debug=Show raw debug information
-select_part=$1 device $2 slice $3 partition $4
+disk_hide_debug=Hide debug information
 disk_scheme=Partition Scheme
 disk_unknown=Unknown
 disk_sectorsize=Sector Size
 disk_bytes=bytes
 # GEOM information
 disk_geom_header=GEOM Information
 disk_geom_details=GEOM Disk Details
 disk_mediasize=Media Size
 disk_stripesize=Stripe Size
 disk_stripeoffset=Stripe Offset
 disk_mode=Mode
 disk_rotationrate=Rotation Rate
 disk_ident=Identifier
 disk_lunid=LUN ID
 disk_descr=Description
 disk_rpm=RPM
 disk_ssd=SSD (Solid State Drive)
 # Debug panels
 disk_debug_gpart=GPART Output
 disk_debug_structure=Parsed Disk Structure
 disk_debug_geom=GEOM Disk List
 disk_debug_zfs=ZFS Status
 disk_debug_zfs_cache=ZFS Devices Cache
 # Roles and usage
 disk_inzfs=In ZFS pool
 disk_zfs_log=ZFS Log Device
 disk_zfs_cache=ZFS Cache Device
 disk_zfs_spare=ZFS Spare Device
 disk_zfs_mirror=ZFS Mirror
 disk_zfs_stripe=ZFS Stripe
 disk_zfs_single=ZFS Single Device
 disk_zfs_data=ZFS Data Device
 disk_boot=Boot Partition
 disk_boot_role=System Boot
 disk_swap=Swap
 disk_swap_role=Virtual Memory
 # Slice pages
 slice_title=Edit Slice
 slice_egone=Selected slice does not exist!
 slice_ssize=Slice size
@@ -56,55 +106,83 @@ slice_use=Used by
 slice_none=This slice has no partitions yet.
 slice_none2=This slice has no partitions, and none can be created as it is in use as a filesystem.
 slice_delete=Delete Slice
-slice_deletedesc=Delete this slice and all partitions and filesystems within it. Any data on those filesystem will be almost certainly unrecoverable.
+slice_deletedesc=Delete this slice and all partitions and filesystems within it. Any data on that filesystem will be almost certainly unrecoverable.
 slice_return=slice details and list of partitions
 slice_err=Failed to modify slice
 slice_header=Slice details
 slice_suse=Directly used by
 slice_label=Device label
 slice_adddesc=Create a new partition within this slice.
 slice_cannotedit=This slice cannot be modified as it is currently in use.
 slice_eboot=Cannot delete this slice as it contains boot partitions
 slice_bootdesc=This slice contains bootloader code or kernel files needed to start the system
 slice_role=Role
 slice_chglabel=Change device label
 slice_chglabeldesc=Set or update the label for this slice.
 slice_label_title=Change Slice Label
 slice_label_header=Change device label
 slice_label_current=Current label
 slice_label_new=New label
 slice_label_err=Failed to change slice label
 slice_label_empty=Label cannot be empty
 slice_label_noglabel=glabel command not available to set labels on this disk scheme
 # Delete slice dialogs
 dslice_title=Delete Slice
-dslice_rusure=Are you sure you want to delete the slice $1? Any partitions and filesystems within it will also be deleted.
+dslice_rusure=Are you sure you want to delete the slice $1 ? Any partitions and filesystems within it will also be deleted.
 dslice_warn=Warning - this slice is currently used by : $1
 dslice_confirm=Delete Now
 dslice_deleting=Deleting slice $1 ..
 dslice_failed=.. deletion failed : $1
 dslice_done=.. done
 # Create slice
 nslice_title=Create Slice
 nslice_header=New slice details
 nslice_number=Slice number
 nslice_autonext=Will auto-select next index
 nslice_diskblocks=Disk size in blocks
 nslice_start=Starting block
 nslice_end=Ending block
-nslice_type=New slice type
+nslice_type=Slice type
 nslice_makepart=Create default partition?
 nslice_err=Failed to create slice
-nslice_enumber=Missing or non-numeric slice number
+nslice_enumber=Slice number must be a number
 nslice_eclash=A slice with number $1 already exists
 nslice_estart=Starting block must be a number
 nslice_eend=Ending block must be a number
-nslice_erange=Starting block must be lower than the ending block
+nslice_erange=Starting block must be before ending block
-nslice_emax=Ending block cannot be larger than the disk size of $1 blocks
+nslice_emax=Ending block cannot be larger than disk size of $1 blocks
 nslice_creating=Creating slice $1 on $2 ..
-nslice_failed=.. slice creation failed : $1
+nslice_failed=.. creation failed : $1
 nslice_done=.. slice added
 nslice_parting=Create default partitions in slice $1 on $2 ..
 nslice_pfailed=.. partition creation failed : $1
 nslice_pdone=.. partition added
 nslice_existing_header=Existing slices on this disk
 nslice_existing_parts=Existing partitions on this disk
 nslice_existing_slices_label=Existing slices
 nslice_existing_parts_label=Existing partitions
 nslice_enospace=No space on device left to create a slice!
 epart_existing=Existing partitions on this slice
 # Create partition
 npart_title=Create Partition
 npart_header=New partition details
 npart_letter=Partition letter
 npart_diskblocks=Slice size in blocks
 npart_slicerel=(slice-relative)
 npart_creserved=partition 'c' is reserved
 npart_type=Partition type
 npart_err=Failed to create partition
-npart_eletter=Partition number must be a letter from A to D
+npart_eletter=Partition letter must be a-h (excluding c)
 npart_ereserved=Partition 'c' is reserved for the whole slice in BSD disklabels
 npart_eclash=A partition with letter $1 already exists
-npart_emax=Ending block cannot be larger than the slice size of $1 blocks
+npart_emax=Ending block cannot be larger than slice size of $1 blocks
 npart_erange=Start block must be less than end block
 npart_creating=Creating partition $1 on $2 ..
 npart_failed=.. partition creation failed : $1
 npart_done=.. partition added
 # Edit partition
 part_title=Edit Partition
 part_egone=Partition no longer exists!
 part_header=Partition details
@@ -118,9 +196,9 @@ part_nouse=Nothing
 part_inuse=In use by $1
 part_foruse=For use by $1
 part_newfs=Create Filesystem
-part_newfsdesc=Click this button to create a new UFS filesystem on this device. Any data that was previously on the partition will be erased.
+part_newfsdesc=Click this button to create a new filesystem on this device. Will destroy/overwrite previous filesystem if it's not a pool!
 part_fsck=Check Filesystem
-part_fsckdesc=Click this button to check the UFS filesystem on this device, and repair any errors found.
+part_fsckdesc=Click this button to check the filesystem on this device, and repair any errors found.
 part_delete=Delete Partition
 part_deletedesc=Click this button to remove this partition from the slice. Any data on the partition will be lost forever.
 part_return=partition details
@@ -128,18 +206,29 @@ part_err=Failed to save partition
 part_esave=Currently in use by $1
 part_newmount=Mount Partition On:
 part_newmount2=Mount Partition
-part_mountmsg=Mount this device on new directory on your system, so that it can be used to store files. A filesystem must have been already created on the device.
+part_mountmsg=Mount this device on a new directory on your system, so that it can be used to store files. A filesystem must already be created on the device.
-part_mountmsg2=Mount this device as virtual memory on your system, to increase the amount of memory available.
+part_mountmsg2=Mount this device as virtual memory on your system to increase the amount of available memory.
 part_cannotedit=This partition cannot be modified as it is currently in use.
 part_boot=Boot Partition
 part_eboot=Cannot delete boot partitions as this may render the system unbootable
 part_bootdesc=This partition contains bootloader code or kernel files needed to start the system
 part_zfslog=ZFS Log Device
 part_zfsdata=ZFS Data Device
 part_mounted=Mounted on $1
 part_unused=Not in use
 part_bootcannotedit=This partition cannot be modified as it is a boot partition. Changing it could render the system unbootable.
 part_role=Role
 # Delete partition dialogs
 dpart_title=Delete Partition
-dpart_rusure=Are you sure you want to delete the partition $1? Any filesystems within it will also be deleted.
+dpart_rusure=Are you sure you want to delete the partition $1 ? Any filesystems in it will also be deleted.
 dpart_warn=Warning - this partition is currently used by $1
 dpart_confirm=Delete Now
 dpart_deleting=Deleting partition $1 ..
 dpart_failed=.. deletion failed : $1
 dpart_done=.. done
 # New filesystem
 newfs_title=Create Filesystem
 newfs_header=New filesystem details
 newfs_free=Space to reserve for root
@@ -147,27 +236,87 @@ newfs_deffree=Default (8%)
 newfs_trim=Enable TRIM mode for SSDs
 newfs_label=Filesystem label
 newfs_none=None
 newfs_create=Create Now
 newfs_err=Failed to create filesystem
-newfs_efree=Space to reserve for root must be a percentage
+newfs_efree=Missing or invalid percentage of free space
-newfs_elabel=Missing or invalid label
+newfs_elabel=Missing or invalid filesystem label
 newfs_creating=Creating filesystem on $1 ..
-newfs_failed=.. creation failed!
+newfs_failed=.. creation failed : $1
-newfs_done=.. created successfully
+newfs_done=.. filesystem created
 create=Create
 newfs_zfs_title=Create ZFS Filesystem
 newfs_zfs_header=New ZFS filesystem details
 newfs_zfs_parent=Parent file system:
 newfs_zfs_existing=Existing filesystems:
 newfs_zfs_fs=file system
 newfs_zfs_used=used
 newfs_zfs_avail=avail
 newfs_zfs_refer=refer
 newfs_zfs_mount=mountpoint
 newfs_zfs_name=Name:
 newfs_zfs_mountpoint=Mount point:
 newfs_zfs_mount_blank=blank for default
 newfs_zfs_opts=File system options
 newfs_zfs_tab_fs=Create Filesystem
 newfs_zfs_tab_vol=Create Volume
 newfs_zfs_aclflags=ACL inherit flags:
 newfs_zfs_aclflags_desc=Add :fd to base NFSv4 ACL entries
 newfs_zfs_acltype_desc=Controls whether ACLs are enabled and if so what type of ACL to use.
 newfs_zfs_aclinherit_desc=Controls how ACL entries are inherited when files and directories are created.
 newfs_zfs_aclmode_desc=Controls how an ACL is modified during a chmod operation.
 newfs_zfs_err=Failed to create ZFS filesystem
 newfs_zfs_nozfs=zfs command not available
 newfs_zfs_notinpool=Device is not part of a ZFS pool
 newfs_zfs_badname=Invalid dataset name
 newfs_zfs_badopt=Invalid value for option $1
 newfs_zfs_creating=Creating ZFS filesystem on $1 ..
 newfs_zfs_failed=.. creation failed : $1
 newfs_zfs_done=.. filesystem created
 newfs_zvol_title=Create ZFS Volume
 newfs_zvol_header=New ZFS volume details
 newfs_zvol_name=Name:
 newfs_zvol_size=Size:
 newfs_zvol_opts=Volume options
 newfs_zvol_existing=Existing volumes:
 newfs_zvol_vol=volume
 newfs_zvol_volsize=volsize
 newfs_zvol_sparse=Sparse:
 newfs_zvol_sparse_desc=Create as sparse volume (thin provisioned)
 newfs_zvol_refreservation=Refreservation:
 newfs_zvol_err=Failed to create ZFS volume
 newfs_zvol_badname=Invalid volume name
 newfs_zvol_badsize=Invalid volume size
 newfs_zvol_badopt=Invalid value for option $1
 newfs_zvol_badrefres=Invalid refreservation size
 newfs_zvol_creating=Creating ZFS volume on $1 ..
 newfs_zvol_failed=.. creation failed : $1
 newfs_zvol_done=.. volume created
 # FS check
 fsck_title=Check Filesystem
 fsck_header=Filesystem check options
 fsck_repair=Repair mode
 fsck_fix=Only fix safe errors
 fsck_fix2=Try to fix all errors
 fsck_err=Failed to check filesystem
-fsck_checking=Checking filesystem on $1 ..
+fsck_exec=Executing command $1 ..
 fsck_failed=.. check failed!
-fsck_done=.. check completed with no errors found
+fsck_done=.. check complete
 fsck_fixed=.. file system was modified and fixed.
 fsck_reboot=.. file system modified; a reboot may be required.
 fsck_checking=Checking filesystem on $1 ..
 confirm_overwrite=You will destroy/overwrite existing data structures. Continue?
-log_create_slice=Created slice $1
+# Logging
-log_delete_slice=Deleted slice $1
+action_create_slice=Created slice $1
-log_modify_slice=Modified slice $1
+action_delete_slice=Deleted slice $1
-log_create_part=Created partition $1
+action_modify_slice=Modified slice $1
-log_delete_part=Deleted partition $1
+action_create_part=Created partition $1
-log_modify_part=Modified partition $1
+action_delete_part=Deleted partition $1
-log_newfs_part=Created filesystem on partition $1
+action_modify_part=Modified partition $1
-log_fsck_part=Checked filesystem on partition $1
+action_create_fs=Created filesystem on $1
 action_check_fs=Checked filesystem on $1
-__norefs=1
+# Generic
 save=Save
 yes=Yes
 no=No
--- a/bsdfdisk/newfs.cgi
+++ b/bsdfdisk/newfs.cgi
@@ -6,67 +6,123 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
-&error_setup($text{'newfs_err'});
+&error_setup( $text{'newfs_err'} );
 # Get the disk and slice
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'device'} !~ /\.\./  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'slice'}  =~ /^\d+$/ or &error( $text{'slice_egone'} );
 $in{'part'}   =~ /^[a-z]$/ or &error( $text{'part_egone'} ) if $in{'part'};
 my @disks = &list_disks_partitions();
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
+my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
-$slice || &error($text{'slice_egone'});
+$slice || &error( $text{'slice_egone'} );
-my ($object, $part);
+my ( $object, $part );
-if ($in{'part'} ne '') {
+
-	($part) = grep { $_->{'letter'} eq $in{'part'} }
+if ( $in{'part'} ne '' ) {
-		       @{$slice->{'parts'}};
+    ($part) = grep { $_->{'letter'} eq $in{'part'} } @{ $slice->{'parts'} };
-	$part || &error($text{'part_egone'});
+    $part || &error( $text{'part_egone'} );
    $object = $part;
-	}
+}
 else {
    $object = $slice;
-	}
+}
 # Safety checks: do not run newfs on boot partitions or in-use devices
 if ( is_boot_partition($object) ) {
    &error( $in{'part'} ne '' ? $text{'part_eboot'} : $text{'slice_eboot'} );
 }
 my @st_obj  = &fdisk::device_status( $object->{'device'} );
 my $use_obj = &fdisk::device_status_link(@st_obj);
 if ( @st_obj && $st_obj[2] ) {
    &error( &text( 'part_esave', &html_escape($use_obj) ) );
 }
 # Validate inputs
-my $newfs = { };
+my $newfs = {};
-$in{'free_def'} || $in{'free'} =~ /^\d+$/ && $in{'free'} <= 100 ||
+$in{'free_def'}
-	&error($text{'newfs_efree'});
+  || ( $in{'free'} =~ /^\d+$/ && $in{'free'} >= 0 && $in{'free'} <= 100 )
  || &error( $text{'newfs_efree'} );
 $newfs->{'free'} = $in{'free_def'} ? undef : $in{'free'};
 $newfs->{'trim'} = $in{'trim'};
-$in{'label_def'} || $in{'label'} =~ /^\S+$/ ||
+$in{'label_def'}
-	&error($text{'newfs_elabel'});
+  || length( $in{'label'} ) > 0
  || &error( $text{'newfs_elabel'} );
 $newfs->{'label'} = $in{'label_def'} ? undef : $in{'label'};
-&ui_print_unbuffered_header($object->{'desc'}, $text{'newfs_title'}, "");
+&ui_print_unbuffered_header( $object->{'desc'}, $text{'newfs_title'}, "" );
 # Do the creation
-print &text('newfs_creating', "<tt>$object->{'device'}</tt>"),"<br>\n";
+print &text(
    'newfs_creating', "<tt>" . &html_escape( $object->{'device'} ) . "</tt>"
  ),
  "<br>\n";
 print "<pre>\n";
-my $cmd = &get_create_filesystem_command($disk, $slice, $part, $newfs);
+my $cmd = &get_create_filesystem_command( $disk, $slice, $part, $newfs );
-&additional_log('exec', undef, $cmd);
+&additional_log( 'exec', undef, $cmd );
-my $fh = "CMD";
+my $out = &backquote_command( $cmd . " 2>&1" );
-&open_execute_command($fh, $cmd, 2);
+foreach my $line ( split( /\n/, $out ) ) {
-while(<$fh>) {
+    $line =~ s/[^\x09\x0A\x0D\x20-\x7E]//g;
-	print &html_escape($_);
+    print &html_escape($line) . "\n";
-	}
+}
 close($fh);
 print "</pre>";
-if ($?) {
+my $rc = $? >> 8;
-	print $text{'newfs_failed'},"<p>\n";
+if ($rc) {
-	}
+    print $text{'newfs_failed'}, "<p>\n";
 }
 else {
-	print $text{'newfs_done'},"<p>\n";
+    print $text{'newfs_done'}, "<p>\n";
-	&webmin_log("newfs", $in{'part'} ne '' ? "part" : "object",
+    &webmin_log( "newfs", $in{'part'} ne '' ? "part" : "object",
-		    $object->{'device'}, $object);
+        $object->{'device'}, $object );
    # Verify filesystem signature if possible
    if ( has_command('fstyp') ) {
        my $fstyp_out = &backquote_command(
            "fstyp " . quote_path( $object->{'device'} ) . " 2>&1" );
        $fstyp_out =~ s/[\r\n]+$//;
        if ($fstyp_out) {
            print "<pre>\n";
            print &html_escape($fstyp_out) . "\n";
            print "</pre>\n";
        }
        else {
            print
 "<b>Warning:</b> fstyp did not detect a filesystem on this device.<p>\n";
        }
    }
-if ($in{'part'} ne '') {
+# If a label was provided, set the partition label (GPT slice or BSD sub-partition)
-	&ui_print_footer("edit_part.cgi?device=$in{'device'}&".
+    if ( !$in{'label_def'} && defined $in{'label'} && length $in{'label'} ) {
-			   "slice=$in{'slice'}&part=$in{'part'}",
+        my $errlbl = set_partition_label(
-			 $text{'part_return'});
+            disk  => $disk,
            slice => $slice,
            part  => ( $in{'part'} ne '' ? $part : undef ),
            label => $in{'label'}
        );
        if ($errlbl) {
            print "Warning: failed to set partition label: \n"
              . &html_escape($errlbl) . "\n";
        }
    }
 }
 if ( $in{'part'} ne '' ) {
    my $url_device = &urlize( $in{'device'} );
    my $url_slice  = &urlize( $in{'slice'} );
    my $url_part   = &urlize( $in{'part'} );
    &ui_print_footer(
        "edit_part.cgi?device=$url_device&slice=$url_slice&part=$url_part",
        $text{'part_return'}
    );
 }
 else {
-	&ui_print_footer("edit_slice.cgi?device=$in{'device'}&".
+    my $url_device = &urlize( $in{'device'} );
-			   "slice=$in{'slice'}",
+    my $url_slice  = &urlize( $in{'slice'} );
-			 $text{'slice_return'});
+    &ui_print_footer(
-	}
+        "edit_slice.cgi?device=$url_device&slice=$url_slice",
        $text{'slice_return'} );
 }
--- a/bsdfdisk/newfs_form.cgi
+++ b/bsdfdisk/newfs_form.cgi
@@ -6,56 +6,492 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
 # Get the disk and slice
 # Validate input parameters to prevent command injection
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/ or &error("Invalid device name");
 $in{'device'} !~ /\.\./                or &error("Invalid device name");
 $in{'slice'} =~ /^\d+$/   or &error("Invalid slice number")     if $in{'slice'};
 $in{'part'}  =~ /^[a-z]$/ or &error("Invalid partition letter") if $in{'part'};
 my @disks = &list_disks_partitions();
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
+my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
-$slice || &error($text{'slice_egone'});
+$slice || &error( $text{'slice_egone'} );
 my $object;
-if ($in{'part'} ne '') {
+my $url_device = &urlize( $in{'device'} );
-	my ($part) = grep { $_->{'letter'} eq $in{'part'} }
+my $url_slice  = &urlize( $in{'slice'} );
-			  @{$slice->{'parts'}};
+my $url_part   = &urlize( $in{'part'} );
-	$part || &error($text{'part_egone'});
+
 if ( $in{'part'} ne '' ) {
    $in{'part'} =~ /^[a-z]$/ or &error("Invalid partition letter");
    my ($part) = grep { $_->{'letter'} eq $in{'part'} } @{ $slice->{'parts'} };
    $part || &error( $text{'part_egone'} );
    $object = $part;
-	}
+}
 else {
    $object = $slice;
 }
 # If this device is part of a ZFS pool, offer dataset creation instead
 my $zdev = get_zfs_device_info($object);
 if ($zdev) {
    &ui_print_header( $object->{'desc'}, $text{'newfs_title'}, "" );
    # Parent pool summary (best effort)
    my $parent   = $zdev->{'pool'};
    my $parent_q = quote_path($parent);
    my $zlist    = &backquote_command(
        "zfs list -H -o name,used,avail,refer,mountpoint $parent_q 2>/dev/null"
    );
    if ($zlist) {
        chomp($zlist);
        my @cols = split( /\t/, $zlist );
        if ( @cols >= 5 ) {
            print "<b>$text{'newfs_zfs_parent'}</b>\n";
            print ui_columns_start(
                [
                    $text{'newfs_zfs_fs'},    $text{'newfs_zfs_used'},
                    $text{'newfs_zfs_avail'}, $text{'newfs_zfs_refer'},
                    $text{'newfs_zfs_mount'}
                ]
            );
            print ui_columns_row( [ map { html_escape($_) } @cols[ 0 .. 4 ] ] );
            print ui_columns_end();
            print "<br/>\n";
        }
    }
-&ui_print_header($object->{'desc'}, $text{'newfs_title'}, "");
+    # Existing filesystems under this pool
    my $zlist_fs = &backquote_command(
 "zfs list -H -r -t filesystem -o name,used,avail,refer,mountpoint $parent_q 2>/dev/null"
    );
    if ($zlist_fs) {
        my @lines = split( /\n/, $zlist_fs );
        if ( @lines && $lines[0] =~ /^\Q$parent\E(\t|$)/ ) {
            shift @lines;
        }
        if (@lines) {
            print "<b>$text{'newfs_zfs_existing'}</b>\n";
            print ui_columns_start(
                [
                    $text{'newfs_zfs_fs'},    $text{'newfs_zfs_used'},
                    $text{'newfs_zfs_avail'}, $text{'newfs_zfs_refer'},
                    $text{'newfs_zfs_mount'}
                ]
            );
            foreach my $ln (@lines) {
                my @cols = split( /\t/, $ln );
                next unless @cols >= 5;
                print ui_columns_row(
                    [ map { html_escape($_) } @cols[ 0 .. 4 ] ] );
            }
            print ui_columns_end();
            print "<br/>\n";
        }
    }
-print &ui_form_start("newfs.cgi", "post");
+    # Existing volumes under this pool
-print &ui_hidden("device", $in{'device'});
+    my $zlist_vol = &backquote_command(
-print &ui_hidden("slice", $in{'slice'});
+"zfs list -H -r -t volume -o name,used,avail,refer,volsize $parent_q 2>/dev/null"
-print &ui_hidden("part", $in{'part'});
+    );
-print &ui_table_start($text{'newfs_header'}, undef, 2);
+    if ($zlist_vol) {
        my @lines = split( /\n/, $zlist_vol );
        if ( @lines && $lines[0] =~ /^\Q$parent\E(\t|$)/ ) {
            shift @lines;
        }
        if (@lines) {
            print "<b>$text{'newfs_zvol_existing'}</b>\n";
            print ui_columns_start(
                [
                    $text{'newfs_zvol_vol'},  $text{'newfs_zfs_used'},
                    $text{'newfs_zfs_avail'}, $text{'newfs_zfs_refer'},
                    $text{'newfs_zvol_volsize'}
                ]
            );
            foreach my $ln (@lines) {
                my @cols = split( /\t/, $ln );
                next unless @cols >= 5;
                print ui_columns_row(
                    [ map { html_escape($_) } @cols[ 0 .. 4 ] ] );
            }
            print ui_columns_end();
            print "<br/>\n";
        }
    }
-print &ui_table_row($text{'part_device'},
+    my %fs_descriptions = (
-	"<tt>$object->{'device'}</tt>");
+        'recordsize' => {
            '128K' => '128K (General/Default)',
            '1M'   => '1M (Media/Large files)',
            '4M'   => '4M',
            '16K'  => '16K (Database)',
            '4K'   => '4K (VM)'
        },
        'compression' => {
            'lz4'  => 'lz4 (Recommended)',
            'off'  => 'off (None)',
            'gzip' => 'gzip (High compression)'
        },
        'atime' => {
            'off' => 'off (Performance)',
            'on'  => 'on (Record access time)'
        },
        'sync' => {
            'disabled' => 'disabled (Performance)',
            'standard' => 'standard (Safety)',
            'always'   => 'always (Maximum Safety)'
        },
        'acltype' => {
            'nfsv4'    => 'nfsv4 (ZFS Default)',
            'posixacl' => 'posixacl (Linux Default)'
        },
        'aclinherit' => {
            'passthrough' => 'passthrough (SMB Recommended)',
            'restricted'  => 'restricted (ZFS Default)'
        },
        'aclmode' => {
            'passthrough' => 'passthrough (SMB Recommended)',
            'discard'     => 'discard (ZFS Default)'
        }
    );
    my @fs_order = (
        'recordsize', 'compression', 'atime',   'sync',
        'exec',       'canmount',    'acltype', 'aclinherit',
        'aclmode',    'xattr'
    );
    my %fs_defaults = (
        'recordsize'  => '128K',
        'compression' => 'lz4',
        'atime'       => 'off',
        'sync'        => 'default',
        'acltype'     => 'nfsv4',
        'aclinherit'  => 'passthrough',
        'aclmode'     => 'passthrough',
        'canmount'    => 'on',
        'exec'        => 'on',
        'xattr'       => 'sa',
    );
    my %fs_opts = (
        'recordsize' =>
          '512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K, 1M',
        'compression' => 'on, off, lz4, gzip',
        'atime'       => 'on, off',
        'sync'        => 'standard, always, disabled',
        'exec'        => 'on, off',
        'canmount'    => 'on, off, noauto',
        'acltype'     => 'nfsv4, posixacl',
        'aclinherit'  =>
          'discard, noallow, restricted, passthrough, passthrough-x',
        'aclmode' => 'discard, groupmask, passthrough',
        'xattr'   => 'on, off, sa',
    );
    my %acl_tooltips = (
        'acltype'    => $text{'newfs_zfs_acltype_desc'},
        'aclinherit' => $text{'newfs_zfs_aclinherit_desc'},
        'aclmode'    => $text{'newfs_zfs_aclmode_desc'},
    );
-print &ui_table_row($text{'newfs_free'},
+    my $base_url =
-	&ui_opt_textbox("free", undef, 4, $text{'newfs_deffree'})."%");
+        "newfs_form.cgi?device="
      . $url_device
      . "&slice=$url_slice";
    $base_url .= "&part=$url_part" if ( $in{'part'} ne '' );
    my @tabs = (
        [ "zfs",  $text{'newfs_zfs_tab_fs'},  $base_url . "&mode=zfs" ],
        [ "zvol", $text{'newfs_zfs_tab_vol'}, $base_url . "&mode=zvol" ],
    );
    print &ui_tabs_start( \@tabs, "mode", $in{'mode'} || $tabs[0]->[0], 1 );
    print &ui_tabs_start_tab( "mode", "zfs" );
-print &ui_table_row($text{'newfs_trim'},
+    print &ui_form_start( "zfs_create.cgi", "post", undef,
-	&ui_yesno_radio("trim", 0));
+        "onsubmit='return validateFsForm(this)'" );
    print &ui_hidden( "device", $in{'device'} );
    print &ui_hidden( "slice",  $in{'slice'} );
    print &ui_hidden( "part",   $in{'part'} );
    print &ui_hidden( "parent", $parent );
-print &ui_table_row($text{'newfs_label'},
+    print &ui_table_start( $text{'newfs_zfs_header'}, 'width=100%', 2 );
-	&ui_opt_textbox("label", undef, 20, $text{'newfs_none'}));
+    print &ui_table_row( $text{'newfs_zfs_name'},
        html_escape($parent) . "/" . &ui_textbox( "zfs", undef, 24 ) );
    print &ui_table_row( $text{'newfs_zfs_mountpoint'},
            &ui_filebox( 'mountpoint', '', 25, undef, undef, 1 ) . " ("
          . $text{'newfs_zfs_mount_blank'}
          . ")" );
    print &ui_table_end();
    print &ui_table_start( $text{'newfs_zfs_opts'}, "width=100%", undef );
    foreach my $key (@fs_order) {
        my @options;
        push( @options, [ 'default', 'default' ] );
        foreach my $opt ( split( ", ", $fs_opts{$key} ) ) {
            my $label = $fs_descriptions{$key}{$opt} || $opt;
            push( @options, [ $opt, $label ] );
        }
        my $default_val = $fs_defaults{$key} || 'default';
        my $help =
          $acl_tooltips{$key}
          ? "<br><small><i>$acl_tooltips{$key}</i></small>"
          : "";
        my $selected = defined( $in{$key} ) ? $in{$key} : $default_val;
        print ui_table_row( $key . ': ',
            ui_select( $key, $selected, \@options, 1, 0, 1 ) . $help );
    }
    my $add_inherit_default =
      defined( $in{'add_inherit'} ) ? $in{'add_inherit'} : 1;
    print ui_table_row(
        $text{'newfs_zfs_aclflags'},
        ui_checkbox(
            'add_inherit',                    1,
            $text{'newfs_zfs_aclflags_desc'}, $add_inherit_default
        )
    );
    print &ui_table_end();
    print &ui_form_end( [ [ undef, $text{'create'} ] ] );
    print &ui_tabs_end_tab( "mode", "zfs" );
    # ZVOL tab
    print &ui_tabs_start_tab( "mode", "zvol" );
    my %zvol_defaults = (
        'volblocksize'   => '16K',
        'compression'    => 'lz4',
        'sync'           => 'default',
        'logbias'        => 'latency',
        'primarycache'   => 'all',
        'secondarycache' => 'all',
    );
    my %zvol_opts = (
        'volblocksize'   => '512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K',
        'compression'    => 'on, off, lz4, gzip',
        'sync'           => 'standard, always, disabled',
        'logbias'        => 'latency, throughput',
        'primarycache'   => 'all, metadata, none',
        'secondarycache' => 'all, metadata, none',
    );
    my %zvol_desc = (
        'volblocksize' => {
            '512' => '512B',
            '1K'  => '1K',
            '2K'  => '2K',
            '4K'  => '4K (Swap)',
            '8K'  => '8K (Databases)',
            '16K' => '16K (VM/Default)',
            '64K' => '64K (Backups)',
        },
        'logbias' => {
            'latency'    => 'latency (databases, NFS sync)',
            'throughput' => 'throughput (VM, media/backups)',
        },
        'primarycache' => {
            'all'      => 'all (filesystems)',
            'metadata' => 'metadata (VM, iSCSI)',
            'none'     => 'none (Swap)',
        },
        'secondarycache' => {
            'all'      => 'all (general filesystems)',
            'metadata' => 'metadata (VM, databases)',
            'none'     => 'none (media)',
        },
    );
    print &ui_form_start( "zvol_create.cgi", "post", undef,
        "onsubmit='return validateZvolForm(this)'" );
    print &ui_hidden( "device", $in{'device'} );
    print &ui_hidden( "slice",  $in{'slice'} );
    print &ui_hidden( "part",   $in{'part'} );
    print &ui_hidden( "parent", $parent );
    print &ui_table_start( $text{'newfs_zvol_header'}, 'width=100%', 2 );
    print &ui_table_row( $text{'newfs_zvol_name'},
        html_escape($parent) . "/" . &ui_textbox( "zvol", undef, 24 ) );
    print &ui_table_row(
        $text{'newfs_zvol_size'},
        &ui_textbox(
            'size', undef, 20, undef, undef, "oninput='updateRefres()'"
        )
    );
    print &ui_table_end();
    print &ui_table_start( $text{'newfs_zvol_opts'}, "width=100%", undef );
    foreach my $key (
        qw(volblocksize compression sync logbias primarycache secondarycache))
    {
        my @options;
        push( @options, [ 'default', 'default' ] );
        foreach my $opt ( split( ", ", $zvol_opts{$key} ) ) {
            my $label = $zvol_desc{$key}{$opt} || $opt;
            push( @options, [ $opt, $label ] );
        }
        my $default_val = $zvol_defaults{$key} || 'default';
        my $selected    = defined( $in{$key} ) ? $in{$key} : $default_val;
        print ui_table_row( $key . ': ',
            ui_select( $key, $selected, \@options, 1, 0, 1 ) );
    }
    my $sparse_default = defined( $in{'sparse'} ) ? $in{'sparse'} : 1;
    print ui_table_row( $text{'newfs_zvol_sparse'},
            ui_yesno_radio( 'sparse', $sparse_default )
          . " <small>"
          . $text{'newfs_zvol_sparse_desc'}
          . "</small>" );
    print ui_table_row( $text{'newfs_zvol_refreservation'},
        ui_textbox( 'refreservation', 'none', 20 )
          . "<span id='refres_label'></span>" );
    print &ui_table_end();
    print &ui_form_end( [ [ undef, $text{'create'} ] ] );
    print &ui_tabs_end_tab( "mode", "zvol" );
    print &ui_tabs_end(1);
    print <<'EOF';
 <script type="text/javascript">
 function validateFsForm(form) {
 	var name = form.zfs.value;
 	var nameRegex = /^[a-zA-Z0-9_\-.:]+$/;
 	if (!name || !nameRegex.test(name)) {
 		alert("Invalid Name. Please use alphanumeric characters, -, _, ., or :");
 		return false;
 	}
 	return true;
 }
 function validateZvolForm(form) {
 	var name = form.zvol.value;
 	var nameRegex = /^[a-zA-Z0-9_\-.:]+$/;
 	if (!name || !nameRegex.test(name)) {
 		alert("Invalid Name. Please use alphanumeric characters, -, _, ., or :");
 		return false;
 	}
 	if (name.indexOf("/") !== -1 || name.indexOf("@") !== -1 || name.indexOf("#") !== -1) {
 		alert("Invalid Name. Do not include '/', '@' or '#'.");
 		return false;
 	}
 	if (name.charAt(0) === "-" || name.charAt(0) === ".") {
 		alert("Invalid Name. It cannot start with '-' or '.'.");
 		return false;
 	}
 	if (name.indexOf("..") !== -1) {
 		alert("Invalid Name. It cannot contain '..'.");
 		return false;
 	}
 	var size = form.size.value;
 	var regex = /^\d+(\.\d+)?[KMGTP]?$/i;
 	if (!size || !regex.test(size) || parseFloat(size) <= 0) {
 		alert("Invalid size format. Please use format like 10G, 500M, etc.");
 		return false;
 	}
 	var ref = form.refreservation.value;
 	if (ref && ref.toLowerCase() !== "none") {
 		if (!regex.test(ref) || parseFloat(ref) <= 0) {
 			alert("Invalid refreservation format. Please use format like 10G, 500M, etc.");
 			return false;
 		}
 		// Compare sizes when possible
 		function toBytes(v) {
 			var m = v.match(/^(\d+(?:\.\d+)?)([KMGTP]?)$/i);
 			if (!m) return null;
 			var n = parseFloat(m[1]);
 			var u = (m[2] || "").toUpperCase();
 			var mult = 1;
 			if (u === "K") mult = 1024;
 			else if (u === "M") mult = 1024*1024;
 			else if (u === "G") mult = 1024*1024*1024;
 			else if (u === "T") mult = 1024*1024*1024*1024;
 			else if (u === "P") mult = 1024*1024*1024*1024*1024;
 			return n * mult;
 		}
 		var sizeB = toBytes(size);
 		var refB = toBytes(ref);
 		if (sizeB && refB && refB > sizeB) {
 			alert("Refreservation cannot be larger than the volume size.");
 			return false;
 		}
 	}
 	return true;
 }
 function updateRefres() {
 	var sparseList = document.getElementsByName("sparse");
 	var refres = document.getElementsByName("refreservation")[0];
 	var size = document.getElementsByName("size")[0];
 	var label = document.getElementById("refres_label");
 	if (!sparseList || sparseList.length === 0 || !refres || !size || !label) return;
 	var sparseOn = false;
 	for (var i = 0; i < sparseList.length; i++) {
 		if (sparseList[i].checked && sparseList[i].value === "1") {
 			sparseOn = true;
 		}
 	}
 	if (sparseOn) {
 		refres.disabled = false;
 		var sVal = size.value ? size.value : "Size";
 		label.innerHTML = " (" + sVal + " max, default: none)";
 	} else {
 		refres.disabled = true;
 		label.innerHTML = " (" + "Volume is thick provisioned)";
 	}
 }
 function bindSparseRadios() {
 	var sparseList = document.getElementsByName("sparse");
 	if (!sparseList) return;
 	for (var i = 0; i < sparseList.length; i++) {
 		sparseList[i].onclick = updateRefres;
 	}
 }
 window.onload = function() { updateRefres(); bindSparseRadios(); };
 </script>
 EOF
    if ( $in{'part'} ne '' ) {
        &ui_print_footer(
            "edit_part.cgi?device=$url_device&slice=$url_slice&part=$url_part",
            $text{'part_return'}
        );
    }
    else {
        &ui_print_footer(
            "edit_slice.cgi?device=$url_device&slice=$url_slice",
            $text{'slice_return'} );
    }
    exit;
 }
 # Default: UFS newfs form
 &ui_print_header( $object->{'desc'}, $text{'newfs_title'}, "" );
 my $confirm_msg = $text{'confirm_overwrite'}
  || 'You will destroy/overwrite existing data structures. Continue?';
 my $confirm_js = $confirm_msg;
 $confirm_js =~ s/\\/\\\\/g;
 $confirm_js =~ s/'/\\'/g;
 $confirm_js =~ s/\r?\n/\\n/g;
 print &ui_form_start( "newfs.cgi", "post", undef,
    "onsubmit=\"return confirm('$confirm_js')\"" );
 print &ui_hidden( "device", $in{'device'} );
 print &ui_hidden( "slice",  $in{'slice'} );
 print &ui_hidden( "part",   $in{'part'} );
 print &ui_table_start( $text{'newfs_header'}, undef, 2 );
 print &ui_table_row( $text{'part_device'}, "<tt>$object->{'device'}</tt>" );
 print &ui_table_row( $text{'newfs_free'},
    &ui_opt_textbox( "free", undef, 4, $text{'newfs_deffree'} ) . "%" );
 print &ui_table_row( $text{'newfs_trim'}, &ui_yesno_radio( "trim", 0 ) );
 print &ui_table_row( $text{'newfs_label'},
    &ui_opt_textbox( "label", undef, 20, $text{'newfs_none'} ) );
 print &ui_table_end();
-print &ui_form_end([ [ undef, $text{'newfs_create'} ] ]);
+print &ui_form_end( [ [ undef, $text{'save'} ] ] );
-if ($in{'part'} ne '') {
+if ( $in{'part'} ne '' ) {
-	&ui_print_footer("edit_part.cgi?device=$in{'device'}&".
+    &ui_print_footer(
-			   "slice=$in{'slice'}&part=$in{'part'}",
+        "edit_part.cgi?device=$url_device&slice=$url_slice&part=$url_part",
-			 $text{'part_return'});
+        $text{'part_return'}
-	}
+    );
 }
 else {
-	&ui_print_footer("edit_slice.cgi?device=$in{'device'}&".
+    &ui_print_footer(
-			   "slice=$in{'slice'}",
+        "edit_slice.cgi?device=$url_device&slice=$url_slice",
-			 $text{'slice_return'});
+        $text{'slice_return'} );
-	}
+}
--- a/bsdfdisk/part_form.cgi
+++ b/bsdfdisk/part_form.cgi
@@ -6,54 +6,109 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
 # Get the disk and slice
 my @disks = &list_disks_partitions();
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'device'} !~ /\.\./  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'slice'}  =~ /^\d+$/ or &error( $text{'slice_egone'} );
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
+my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
-$slice || &error($text{'slice_egone'});
+$slice || &error( $text{'slice_egone'} );
-&ui_print_header($slice->{'desc'}, $text{'npart_title'}, "");
+&ui_print_header( $slice->{'desc'}, $text{'npart_title'}, "" );
-print &ui_form_start("create_part.cgi", "post");
+print &ui_form_start( "create_part.cgi", "post" );
-print &ui_hidden("device", $in{'device'});
+print &ui_hidden( "device", $in{'device'} );
-print &ui_hidden("slice", $in{'slice'});
+print &ui_hidden( "slice",  $in{'slice'} );
-print &ui_table_start($text{'npart_header'}, undef, 2);
+print &ui_table_start( $text{'npart_header'}, undef, 2 );
-# Partition number (first free)
+# Partition number (first free, skipping 'c' which is reserved for the whole slice)
-my %used = map { $_->{'letter'}, $_ } @{$slice->{'parts'}};
+my %used = map { $_->{'letter'}, $_ } @{ $slice->{'parts'} };
 $used{'c'} = 1;    # Reserve 'c' for the whole slice (BSD convention)
 my $l = 'a';
-while($used{$l}) {
+while ( $used{$l} ) {
    $l++;
-	}
+}
-print &ui_table_row($text{'npart_letter'},
+print &ui_table_row( $text{'npart_letter'},
-	&ui_textbox("letter", $l, 4));
+        &ui_textbox( "letter", $l, 4 ) . " <i>("
      . $text{'npart_creserved'}
      . ")</i>" );
 # Slice size in blocks
-print &ui_table_row($text{'npart_diskblocks'},
+print &ui_table_row( $text{'npart_diskblocks'}, $slice->{'blocks'} );
 	$slice->{'blocks'});
-# Start and end blocks (defaults to last part)
+# Start and end blocks for BSD partitions are SLICE-RELATIVE (not disk-absolute)
-my ($start, $end) = (0, $slice->{'blocks'});
+# Start at 0 (or after last partition), end at slice size - 1
-foreach my $p (sort { $a->{'startblock'} cmp $b->{'startblock'} }
+my ( $start, $end ) = ( 0, $slice->{'blocks'} - 1 );
-		    @{$slice->{'parts'}}) {
+foreach my $p ( sort { $a->{'startblock'} <=> $b->{'startblock'} }
-	$start = $p->{'startblock'} + $p->{'blocks'} + 1;
+    @{ $slice->{'parts'} } )
-	}
+{
-print &ui_table_row($text{'nslice_start'},
+    # Partitions are already stored as slice-relative
-	&ui_textbox("start", $start, 10));
+    $start = $p->{'startblock'} + $p->{'blocks'};
-print &ui_table_row($text{'nslice_end'},
+}
-	&ui_textbox("end", $end, 10));
+if ( defined $in{'start'} && $in{'start'} =~ /^\d+$/ ) {
    $start = $in{'start'};
 }
 if ( defined $in{'end'} && $in{'end'} =~ /^\d+$/ ) { $end = $in{'end'}; }
 print &ui_table_row( $text{'nslice_start'} . " " . $text{'npart_slicerel'},
    &ui_textbox( "start", $start, 10 ) );
 print &ui_table_row( $text{'nslice_end'} . " " . $text{'npart_slicerel'},
    &ui_textbox( "end", $end, 10 ) );
 # Partition type
-print &ui_table_row($text{'npart_type'},
+# For BSD-on-MBR inner label partitions, offer FreeBSD partition types
-	&ui_select("type", '4.2BSD',
+my $scheme        = 'BSD';
-		   [ &list_partition_types() ]));
+my $default_ptype = 'freebsd-ufs';
 print &ui_table_row( $text{'npart_type'},
    &ui_select( "type", $default_ptype, [ list_partition_types($scheme) ] ) );
 print &ui_table_end();
-print &ui_form_end([ [ undef, $text{'create'} ] ]);
+print &ui_form_end( [ [ undef, $text{'save'} ] ] );
-&ui_print_footer("edit_slice.cgi?device=$in{'device'}&slice=$in{'slice'}",
+# Existing partitions summary
-		 $text{'slice_return'});
+if ( @{ $slice->{'parts'} || [] } ) {
    my $zfs = get_all_zfs_info();
    print &ui_hr();
    print &ui_columns_start(
        [
            $text{'slice_letter'}, $text{'slice_type'}, $text{'slice_start'},
            $text{'slice_end'},    $text{'slice_size'}, $text{'slice_use'},
            $text{'slice_role'}
        ],
        $text{'epart_existing'}
    );
    foreach my $p ( sort { $a->{'startblock'} <=> $b->{'startblock'} }
        @{ $slice->{'parts'} } )
    {
        my $ptype = get_type_description( $p->{'type'} ) || $p->{'type'};
        my @stp   = fdisk::device_status( $p->{'device'} );
        my $usep =
             $zfs->{ $p->{'device'} }
          || fdisk::device_status_link(@stp)
          || $text{'part_nouse'};
        my $rolep = get_partition_role($p);
        my $pb    = bytes_from_blocks( $p->{'device'}, $p->{'blocks'} );
        print &ui_columns_row(
            [
                uc( $p->{'letter'} ),
                &html_escape($ptype),
                $p->{'startblock'},
                $p->{'startblock'} + $p->{'blocks'} - 1,
                ( $pb ? safe_nice_size($pb) : '-' ),
                &html_escape($usep),
                &html_escape($rolep)
            ]
        );
    }
    print &ui_columns_end();
 }
 my $url_device = &urlize( $in{'device'} );
 my $url_slice  = &urlize( $in{'slice'} );
 &ui_print_footer( "edit_slice.cgi?device=$url_device&slice=$url_slice",
    $text{'slice_return'} );
--- a/bsdfdisk/save_part.cgi
+++ b/bsdfdisk/save_part.cgi
@@ -6,30 +6,39 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
-&error_setup($text{'part_err'});
+&error_setup( $text{'part_err'} );
 # Get the disk and slice
 my @disks = &list_disks_partitions();
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'device'} !~ /\.\./  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'slice'}  =~ /^\d+$/ or &error( $text{'slice_egone'} );
 $in{'part'}   =~ /^[a-z]$/ or &error( $text{'part_egone'} );
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
+my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
-$slice || &error($text{'slice_egone'});
+$slice || &error( $text{'slice_egone'} );
-my ($part) = grep { $_->{'letter'} eq $in{'part'} } @{$slice->{'parts'}};
+my ($part) = grep { $_->{'letter'} eq $in{'part'} } @{ $slice->{'parts'} };
-$part || &error($text{'part_egone'});
+$part || &error( $text{'part_egone'} );
 # Check if in use
-my @st = &fdisk::device_status($part->{'device'});
+my @st  = &fdisk::device_status( $part->{'device'} );
 my $use = &fdisk::device_status_link(@st);
-if (@st && $st[2]) {
+if ( @st && $st[2] ) {
-	&error(&text('part_esave', $use));
+    &error( &text( 'part_esave', &html_escape($use) ) );
-	}
+}
 # Make the change
 $in{'type'} =~ /^[a-zA-Z0-9._-]+$/
  or &error( $text{'part_etype'} || 'Invalid partition type' );
 $part->{'type'} = $in{'type'};
-my $err = &save_partition($disk, $slice, $part);
+my $err = &save_partition( $disk, $slice, $part );
-&error($err) if ($err);
+&error( &html_escape($err) ) if ($err);
-&webmin_log("modify", "part", $part->{'device'}, $part);
+&webmin_log( "modify", "part", $part->{'device'}, $part );
-&redirect("edit_slice.cgi?device=$in{'device'}&slice=$in{'slice'}");
+my $url_device = &urlize( $in{'device'} );
 my $url_slice  = &urlize( $in{'slice'} );
 &redirect("edit_slice.cgi?device=$url_device&slice=$url_slice");
--- a/bsdfdisk/save_slice.cgi
+++ b/bsdfdisk/save_slice.cgi
@@ -6,25 +6,53 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
-&error_setup($text{'slice_err'});
+&error_setup( $text{'slice_err'} );
 # Get the disk and slice
 my @disks = &list_disks_partitions();
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'device'} !~ /\.\./  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'slice'}  =~ /^\d+$/ or &error( $text{'slice_egone'} );
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{$disk->{'slices'}};
+my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
-$slice || &error($text{'slice_egone'});
+$slice || &error( $text{'slice_egone'} );
 # Apply changes
-my $oldslice = { %$slice };
+my $oldslice = {%$slice};
 $in{'type'} =~ /^[a-zA-Z0-9._-]+$/
  or &error( $text{'nslice_etype'} || 'Invalid slice type' );
 $slice->{'type'}   = $in{'type'};
-if (!$slice->{'active'}) {
+$slice->{'active'} = $in{'active'} if ( defined $in{'active'} );
 	$slice->{'active'} = $in{'active'};
 	}
 my $err = &modify_slice($disk, $oldslice, $slice);
 &error($err) if ($err);
-&webmin_log("modify", "slice", $slice->{'device'}, $slice);
+# Apply active flag for MBR disks via gpart set/unset when it changed
-&redirect("edit_disk.cgi?device=$in{'device'}");
+my $base = $disk->{'device'};
 $base =~ s{^/dev/}{};
 my $ds = get_disk_structure($base);
 if ( is_using_gpart() && $ds && $ds->{'scheme'} && $ds->{'scheme'} !~ /GPT/i ) {
    my $idx = _safe_uint( slice_number($slice) );
    &error( $text{'slice_egone'} ) unless defined $idx;
    if (   defined $oldslice->{'active'}
        && defined $slice->{'active'}
        && $oldslice->{'active'} != $slice->{'active'} )
    {
        my $cmd =
          $slice->{'active'}
          ? "gpart set -a active -i $idx " . quote_path($base)
          : "gpart unset -a active -i $idx " . quote_path($base);
        my $out = backquote_command("$cmd 2>&1");
        if ( $? != 0 ) {
            &error( "Failed to change active flag: " . &html_escape($out) );
        }
    }
 }
 my $err = &modify_slice( $disk, $oldslice, $slice );
 &error( &html_escape($err) ) if ($err);
 &webmin_log( "modify", "slice", $slice->{'device'}, $slice );
 my $url_device = &urlize( $in{'device'} );
 &redirect("edit_disk.cgi?device=$url_device");
--- a/bsdfdisk/save_slice_label.cgi
+++ b/bsdfdisk/save_slice_label.cgi
@@ -0,0 +1,49 @@
 #!/usr/local/bin/perl
 # Save slice label (GPT label or glabel)
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
 our ( %in, %text, $module_name );
 &ReadParse();
 &error_setup( $text{'slice_label_err'} );
 # Validate input parameters to prevent command injection
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/ or &error("Invalid device name");
 $in{'device'} !~ /\.\./                or &error("Invalid device name");
 $in{'slice'}  =~ /^\d+$/               or &error("Invalid slice number");
 my $label = defined $in{'label'} ? $in{'label'} : '';
 $label =~ s/^\s+|\s+$//g;
 $label ne '' || &error( $text{'slice_label_empty'} );
 # Get the disk and slice
 my @disks = &list_disks_partitions();
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
 $disk || &error( $text{'disk_egone'} );
 my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
 $slice || &error( $text{'slice_egone'} );
 # Ensure we can set labels on this scheme
 my $base_device = $disk->{'device'};
 $base_device =~ s{^/dev/}{};
 my $ds = get_disk_structure($base_device);
 if ( !$ds || !$ds->{'scheme'} || $ds->{'scheme'} !~ /GPT/i ) {
    if ( !has_command('glabel') ) {
        &error( $text{'slice_label_noglabel'} );
    }
 }
 my $err = set_partition_label(
    disk  => $disk,
    slice => $slice,
    label => $label,
 );
 &error( &html_escape($err) ) if ($err);
 &webmin_log( "label", "slice", $slice->{'device'}, { 'label' => $label } );
 my $url_device = &urlize( $in{'device'} );
 my $url_slice  = &urlize( $in{'slice'} );
 &redirect("edit_slice.cgi?device=$url_device&slice=$url_slice");
--- a/bsdfdisk/slice_form.cgi
+++ b/bsdfdisk/slice_form.cgi
@@ -6,57 +6,177 @@ use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
-our (%in, %text, $module_name);
+our ( %in, %text, $module_name );
 &ReadParse();
 # Get the disk
 my @disks = &list_disks_partitions();
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'device'} !~ /\.\./ or &error( $text{'disk_edevice'} || 'Invalid device' );
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
-$disk || &error($text{'disk_egone'});
+$disk || &error( $text{'disk_egone'} );
-&ui_print_header($disk->{'desc'}, $text{'nslice_title'}, "");
+my $url_device = &urlize( $in{'device'} );
-print &ui_form_start("create_slice.cgi", "post");
+&ui_print_header( $disk->{'desc'}, $text{'nslice_title'}, "" );
-print &ui_hidden("device", $in{'device'});
+
-print &ui_table_start($text{'nslice_header'}, undef, 2);
+# Determine scheme for read-only behavior and note
 my $base_device = $disk->{'device'};
 $base_device =~ s{^/dev/}{};
 my $disk_structure = get_disk_structure($base_device);
 my $is_gpt =
  (      is_using_gpart()
      && $disk_structure
      && ( $disk_structure->{'scheme'} || '' ) =~ /GPT/i );
 # Check if there is any free space on the device
 my $has_free_space = 0;
 if ( $disk_structure && $disk_structure->{'entries'} ) {
    foreach my $entry ( @{ $disk_structure->{'entries'} } ) {
        if ( $entry->{'type'} eq 'free' && $entry->{'size'} > 0 ) {
            $has_free_space = 1;
            last;
        }
    }
 }
 # If no free space, show error and return
 if ( !$has_free_space ) {
    print "<p><b>$text{'nslice_enospace'}</b></p>\n";
    &ui_print_footer( "edit_disk.cgi?device=$url_device", $text{'disk_return'} );
    exit;
 }
 print &ui_form_start( "create_slice.cgi", "post" );
 print &ui_hidden( "device", $in{'device'} );
 print &ui_table_start( $text{'nslice_header'}, undef, 2 );
 # Slice number (first free)
-my %used = map { $_->{'number'}, $_ } @{$disk->{'slices'}};
+my %used = map { $_->{'number'}, $_ } @{ $disk->{'slices'} };
 my $n    = 1;
-while($used{$n}) {
+while ( $used{$n} ) {
    $n++;
-	}
+}
-print &ui_table_row($text{'nslice_number'},
+my $num_field =
-	&ui_textbox("number", $n, 6));
+  $is_gpt
  ? "<input type='text' name='number' value='"
  . &html_escape($n)
  . "' size='6' readonly> <span style='color:#666;font-style:italic'>"
  . $text{'nslice_autonext'}
  . "</span>"
  : &ui_textbox( "number", $n, 6 );
 print &ui_table_row( $text{'nslice_number'}, $num_field );
-# Disk size in blocks
+# Disk size in blocks (prefer GPART total blocks)
-print &ui_table_row($text{'nslice_diskblocks'},
+my $disk_blocks =
-	$disk->{'blocks'});
+  ( $disk_structure && $disk_structure->{'total_blocks'} )
  ? $disk_structure->{'total_blocks'}
  : ( $disk->{'blocks'} || 0 );
 print &ui_table_row( $text{'nslice_diskblocks'}, $disk_blocks );
-# Start and end blocks (defaults to last slice+1)
+# Start and end blocks (defaults to last slice+1). Allow prefill from query.
-my ($start, $end) = (63, $disk->{'blocks'});
+my ( $start, $end ) = ( 2048, $disk_blocks > 0 ? $disk_blocks - 1 : 0 );
-foreach my $s (sort { $a->{'startblock'} cmp $b->{'startblock'} }
+foreach my $s ( sort { $a->{'startblock'} <=> $b->{'startblock'} }
-		    @{$disk->{'slices'}}) {
+    @{ $disk->{'slices'} } )
-	$start = $s->{'startblock'} + $s->{'blocks'} + 1;
+{
-	}
+    $start = $s->{'startblock'} + $s->{'blocks'};    # leave 1 block (512B) gap
-print &ui_table_row($text{'nslice_start'},
+}
-	&ui_textbox("start", $start, 10));
+if ( defined $in{'start'} && $in{'start'} =~ /^\d+$/ ) {
-print &ui_table_row($text{'nslice_end'},
+    $start = $in{'start'};
-	&ui_textbox("end", $end, 10));
+}
 if ( defined $in{'end'} && $in{'end'} =~ /^\d+$/ ) { $end = $in{'end'}; }
 print &ui_table_row( $text{'nslice_start'},
    &ui_textbox( "start", $start, 10 ) );
 print &ui_table_row( $text{'nslice_end'}, &ui_textbox( "end", $end, 10 ) );
 # Slice type
-print &ui_table_row($text{'nslice_type'},
+if ( is_using_gpart() ) {
-	&ui_select("type", 'a5',
+    my $scheme =
-	   [ sort { $a->[1] cmp $b->[1] }
+      ( $disk_structure && $disk_structure->{'scheme'} )
-		  map { [ $_, &fdisk::tag_name($_) ] }
+      ? $disk_structure->{'scheme'}
-		      &fdisk::list_tags() ]));
+      : 'GPT';
    my $default_stype = ( $scheme =~ /GPT/i ) ? 'freebsd-zfs' : 'freebsd';
    print &ui_table_row( $text{'nslice_type'},
        &ui_select( "type", $default_stype, [ list_partition_types($scheme) ] )
    );
 }
 else {
    print &ui_table_row(
        $text{'nslice_type'},
        &ui_select(
            "type", 'a5',
            [
                sort { $a->[1] cmp $b->[1] }
                map  { [ $_, &fdisk::tag_name($_) ] } &fdisk::list_tags()
            ]
        )
    );
 }
-# Also create partition?
+# Also create partition? (only for MBR slices with BSD disklabel support)
-print &ui_table_row($text{'nslice_makepart'},
+if ( !$is_gpt ) {
-	&ui_yesno_radio("makepart", 1));
+    print &ui_table_row( $text{'slice_add'}, &ui_yesno_radio( "makepart", 1 ) );
 }
 print &ui_table_end();
-print &ui_form_end([ [ undef, $text{'create'} ] ]);
+print &ui_form_end( [ [ undef, $text{'save'} ] ] );
-&ui_print_footer("edit_disk.cgi?device=$in{'device'}",
+# Existing slices summary
-		 $text{'disk_return'});
+print &ui_hr();
 print &ui_subheading( $text{'nslice_existing_slices_label'} );
 print &ui_columns_start(
    [
        $text{'disk_no'},  $text{'disk_type'}, $text{'disk_start'},
        $text{'disk_end'}, $text{'disk_size'}
    ],
    $text{'nslice_existing_header'}
 );
 foreach
  my $s ( sort { $a->{'number'} <=> $b->{'number'} } @{ $disk->{'slices'} } )
 {
    my $stype = get_type_description( $s->{'type'} ) || $s->{'type'};
    my $szb   = bytes_from_blocks( $s->{'device'}, $s->{'blocks'} );
    my $sz    = defined $szb ? safe_nice_size($szb) : '-';
    print &ui_columns_row(
        [
            $s->{'number'},     &html_escape($stype),
            $s->{'startblock'}, $s->{'startblock'} + $s->{'blocks'} - 1,
            $sz,
        ]
    );
 }
 print &ui_columns_end();
 # Existing partitions summary
 my @parts_rows;
 foreach
  my $s ( sort { $a->{'number'} <=> $b->{'number'} } @{ $disk->{'slices'} } )
 {
    next unless @{ $s->{'parts'} || [] };
    foreach my $p ( @{ $s->{'parts'} } ) {
        my $ptype = get_type_description( $p->{'type'} ) || $p->{'type'};
        my $pb    = bytes_from_blocks( $p->{'device'}, $p->{'blocks'} );
        my $psz   = defined $pb ? safe_nice_size($pb) : '-';
        push @parts_rows,
          [
            $s->{'number'},                          uc( $p->{'letter'} ),
            &html_escape($ptype),                    $p->{'startblock'},
            $p->{'startblock'} + $p->{'blocks'} - 1, $psz
          ];
    }
 }
 if (@parts_rows) {
    print &ui_subheading( $text{'nslice_existing_parts_label'} );
    print &ui_columns_start(
        [
            'Slice',              $text{'slice_letter'}, $text{'slice_type'},
            $text{'slice_start'}, $text{'slice_end'},    $text{'slice_size'}
        ],
        $text{'nslice_existing_parts'}
    );
    foreach my $row (@parts_rows) { print &ui_columns_row($row); }
    print &ui_columns_end();
 }
 &ui_print_footer( "edit_disk.cgi?device=$url_device", $text{'disk_return'} );
--- a/bsdfdisk/smart.cgi
+++ b/bsdfdisk/smart.cgi
@@ -0,0 +1,110 @@
 #!/usr/local/bin/perl
 # Show SMART status for a given device
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
 our ( %in, %text, $module_name );
 &ReadParse();
 # Validate device param
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
  or &error( $text{'disk_edevice'} || 'Invalid device' );
 $in{'device'} !~ /\.\./ or &error( $text{'disk_edevice'} || 'Invalid device' );
 # Check smartctl availability
 &has_command('smartctl')
  or &error( $text{'index_ecmd'}
    ? &text( 'index_ecmd', 'smartctl' )
    : 'smartctl not available' );
 my $device   = $in{'device'};
 my $dev_html = &html_escape($device);
 &ui_print_header( $dev_html, $text{'disk_smart'} || 'SMART Status', "" );
 print "<div class='panel panel-default'>\n";
 print "<div class='panel-heading'><h3 class='panel-title'>SMART status for "
  . "<tt>$dev_html</tt></h3></div>\n";
 print "<div class='panel-body'>\n";
 sub _smartctl_needs_type {
    my ($out) = @_;
    return ( $out =~ /Please specify device type with the -d option/i
          || $out =~ /Unknown USB bridge/i );
 }
 sub _smartctl_no_smart {
    my ($out) = @_;
    return ( $out =~ /Read Device Identity failed/i
          || $out =~ /unsupported scsi opcode/i
          || $out =~ /Device does not support SMART/i
          || $out =~ /SMART support is:\s*Unavailable/i
          || $out =~ /mandatory SMART command failed/i );
 }
 my $cmd      = "smartctl -a " . &quote_path($device) . " 2>&1";
 my $out      = &backquote_command($cmd);
 my $used_cmd = $cmd;
 my $note;
 # If smartctl requests a device type or indicates SMART unsupported,
 # try common USB bridge options.
 if ( _smartctl_needs_type($out) || _smartctl_no_smart($out) ) {
    my @types = (
        'sat,auto',    'sat',        'scsi',       'auto',
        'usbjmicron',  'usbprolific', 'usbcypress', 'usbsunplus',
    );
    my $best_out = $out;
    my $best_cmd = $cmd;
    foreach my $t (@types) {
        my $try_cmd = "smartctl -a -d $t " . &quote_path($device) . " 2>&1";
        my $try_out = &backquote_command($try_cmd);
        # If it still needs a type, keep trying
        if ( _smartctl_needs_type($try_out) ) {
            $best_out = $try_out;
            $best_cmd = $try_cmd;
            next;
        }
        # If SMART commands fail, try permissive once
        if ( _smartctl_no_smart($try_out) ) {
            my $perm_cmd = "smartctl -a -T permissive -d $t "
              . &quote_path($device) . " 2>&1";
            my $perm_out = &backquote_command($perm_cmd);
            if (   !_smartctl_needs_type($perm_out)
                && !_smartctl_no_smart($perm_out) )
            {
                $out      = $perm_out;
                $used_cmd = $perm_cmd;
                last;
            }
            $best_out = $perm_out;
            $best_cmd = $perm_cmd;
            next;
        }
        # Success
        $out      = $try_out;
        $used_cmd = $try_cmd;
        last;
    }
    if ( $used_cmd eq $cmd ) {
        $out      = $best_out;
        $used_cmd = $best_cmd;
        if ( _smartctl_no_smart($out) ) {
            $note = "SMART may not be supported by this USB device or bridge.";
        }
    }
 }
 if ($note) {
    print "<div class='alert alert-warning'>$note</div>\n";
 }
 print "<pre>" . &html_escape("Command: $used_cmd\n\n$out") . "</pre>\n";
 print "</div></div>\n";
 &ui_print_footer( "edit_disk.cgi?device=" . &urlize($device),
    $text{'disk_return'} );
--- a/bsdfdisk/zfs_create.cgi
+++ b/bsdfdisk/zfs_create.cgi
@@ -0,0 +1,121 @@
 #!/usr/local/bin/perl
 # Create a ZFS filesystem (dataset) within the pool owning this device
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
 our ( %in, %text, $module_name );
 &ReadParse();
 &error_setup( $text{'newfs_zfs_err'} );
 # Validate input parameters to prevent command injection
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/ or &error("Invalid device name");
 $in{'device'} !~ /\.\./                or &error("Invalid device name");
 $in{'slice'}  =~ /^\d+$/               or &error("Invalid slice number");
 $in{'part'}   =~ /^[a-z]$/ or &error("Invalid partition letter") if $in{'part'};
 &has_command('zfs') or &error( $text{'newfs_zfs_nozfs'} );
 # Get the disk and slice
 my @disks = &list_disks_partitions();
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
 $disk || &error( $text{'disk_egone'} );
 my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
 $slice || &error( $text{'slice_egone'} );
 my ( $object, $part );
 if ( $in{'part'} ne '' ) {
    ($part) = grep { $_->{'letter'} eq $in{'part'} } @{ $slice->{'parts'} };
    $part || &error( $text{'part_egone'} );
    $object = $part;
 }
 else {
    $object = $slice;
 }
 # Determine ZFS pool for this device
 my $zdev = get_zfs_device_info($object);
 $zdev || &error( $text{'newfs_zfs_notinpool'} );
 my $parent = $zdev->{'pool'};
 # Validate dataset name
 my $name = $in{'zfs'};
 $name =~ s/^\s+|\s+$//g if defined $name;
 $name && $name =~ /^[a-zA-Z0-9_\-.:]+$/ or &error( $text{'newfs_zfs_badname'} );
 my $dataset = $parent . "/" . $name;
 # Allowed property values
 my %allowed = (
    'recordsize' =>
      { map { $_ => 1 } qw(512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K 1M) },
    'compression' => { map { $_ => 1 } qw(on off lz4 gzip) },
    'atime'       => { map { $_ => 1 } qw(on off) },
    'sync'        => { map { $_ => 1 } qw(standard always disabled) },
    'exec'        => { map { $_ => 1 } qw(on off) },
    'canmount'    => { map { $_ => 1 } qw(on off noauto) },
    'acltype'     => { map { $_ => 1 } qw(nfsv4 posixacl) },
    'aclinherit'  => {
        map { $_ => 1 }
          qw(discard noallow restricted passthrough passthrough-x)
    },
    'aclmode' => { map { $_ => 1 } qw(discard groupmask passthrough) },
    'xattr'   => { map { $_ => 1 } qw(on off sa) },
 );
 my @props =
  qw(recordsize compression atime sync exec canmount acltype aclinherit aclmode xattr);
 my @opts;
 foreach my $p (@props) {
    next if ( !defined $in{$p} || $in{$p} eq '' || $in{$p} eq 'default' );
    $allowed{$p} && $allowed{$p}->{ $in{$p} }
      or &error( &text( 'newfs_zfs_badopt', $p ) );
    push( @opts, "-o $p=" . &quote_path( $in{$p} ) );
 }
 if ( defined $in{'mountpoint'} && $in{'mountpoint'} ne '' ) {
    push( @opts, "-o mountpoint=" . &quote_path( $in{'mountpoint'} ) );
 }
 &ui_print_unbuffered_header( $object->{'desc'}, $text{'newfs_zfs_title'}, "" );
 print &text( 'newfs_zfs_creating', "<tt>" . &html_escape($dataset) . "</tt>" ),
  "<br>\n";
 print "<pre>\n";
 my $cmd = "zfs create " . join( " ", @opts ) . " " . &quote_path($dataset);
 &additional_log( 'exec', undef, $cmd );
 my $fh;
 &open_execute_command( $fh, $cmd, 2 );
 if ($fh) {
    while (<$fh>) { print &html_escape($_); }
    close($fh);
 }
 print "</pre>";
 if ($?) {
    print $text{'newfs_zfs_failed'}, "<p>\n";
 }
 else {
    # Optional ACL inherit flags
    if ( $in{'add_inherit'} ) {
        my $cmd2 = acl_inherit_flags_cmd($dataset);
        if ($cmd2) { system($cmd2); }
    }
    print $text{'newfs_zfs_done'}, "<p>\n";
    &webmin_log( "zfs-create", "dataset", $dataset, { parent => $parent } );
 }
 if ( $in{'part'} ne '' ) {
    my $url_device = &urlize( $in{'device'} );
    my $url_slice  = &urlize( $in{'slice'} );
    my $url_part   = &urlize( $in{'part'} );
    &ui_print_footer(
        "edit_part.cgi?device=$url_device&slice=$url_slice&part=$url_part",
        $text{'part_return'}
    );
 }
 else {
    my $url_device = &urlize( $in{'device'} );
    my $url_slice  = &urlize( $in{'slice'} );
    &ui_print_footer(
        "edit_slice.cgi?device=$url_device&slice=$url_slice",
        $text{'slice_return'} );
 }
--- a/bsdfdisk/zvol_create.cgi
+++ b/bsdfdisk/zvol_create.cgi
@@ -0,0 +1,128 @@
 #!/usr/local/bin/perl
 # Create a ZFS volume (zvol) within the pool owning this device
 use strict;
 use warnings;
 no warnings 'redefine';
 no warnings 'uninitialized';
 require './bsdfdisk-lib.pl';
 our ( %in, %text, $module_name );
 &ReadParse();
 &error_setup( $text{'newfs_zvol_err'} );
 # Validate input parameters to prevent command injection
 $in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/ or &error("Invalid device name");
 $in{'device'} !~ /\.\./                or &error("Invalid device name");
 $in{'slice'}  =~ /^\d+$/               or &error("Invalid slice number");
 $in{'part'}   =~ /^[a-z]$/ or &error("Invalid partition letter") if $in{'part'};
 &has_command('zfs') or &error( $text{'newfs_zfs_nozfs'} );
 # Get the disk and slice
 my @disks = &list_disks_partitions();
 my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
 $disk || &error( $text{'disk_egone'} );
 my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
 $slice || &error( $text{'slice_egone'} );
 my ( $object, $part );
 if ( $in{'part'} ne '' ) {
    ($part) = grep { $_->{'letter'} eq $in{'part'} } @{ $slice->{'parts'} };
    $part || &error( $text{'part_egone'} );
    $object = $part;
 }
 else {
    $object = $slice;
 }
 # Determine ZFS pool for this device
 my $zdev = get_zfs_device_info($object);
 $zdev || &error( $text{'newfs_zfs_notinpool'} );
 my $parent = $zdev->{'pool'};
 # Validate zvol name and size
 my $name = $in{'zvol'};
 $name =~ s/^\s+|\s+$//g if defined $name;
 $name && $name =~ /^[a-zA-Z0-9_\-.:]+$/
  or &error( $text{'newfs_zvol_badname'} );
 my $size = $in{'size'};
 $size =~ s/^\s+|\s+$//g if defined $size;
 $size && $size =~ /^\d+(\.\d+)?[KMGTP]?$/i
  or &error( $text{'newfs_zvol_badsize'} );
 my $dataset = $parent . "/" . $name;
 # Allowed property values
 my %allowed = (
    'volblocksize' => { map { $_ => 1 } qw(512 1K 2K 4K 8K 16K 32K 64K 128K) },
    'compression'  => { map { $_ => 1 } qw(on off lz4 gzip) },
    'sync'         => { map { $_ => 1 } qw(standard always disabled) },
    'logbias'      => { map { $_ => 1 } qw(latency throughput) },
    'primarycache' => { map { $_ => 1 } qw(all metadata none) },
    'secondarycache' => { map { $_ => 1 } qw(all metadata none) },
 );
 my @props =
  qw(volblocksize compression sync logbias primarycache secondarycache);
 my @opts;
 foreach my $p (@props) {
    next if ( !defined $in{$p} || $in{$p} eq '' || $in{$p} eq 'default' );
    $allowed{$p} && $allowed{$p}->{ $in{$p} }
      or &error( &text( 'newfs_zvol_badopt', $p ) );
    push( @opts, "-o $p=" . &quote_path( $in{$p} ) );
 }
 my $sparse = $in{'sparse'};
 my $refres = $in{'refreservation'};
 if ( defined $refres ) {
    $refres =~ s/^\s+|\s+$//g;
    if ( $refres ne '' && lc($refres) ne 'none' ) {
        $refres =~ /^\d+(\.\d+)?[KMGTP]?$/i
          or &error( $text{'newfs_zvol_badrefres'} );
        push( @opts, "-o refreservation=" . &quote_path($refres) );
    }
 }
 &ui_print_unbuffered_header( $object->{'desc'}, $text{'newfs_zvol_title'}, "" );
 print &text( 'newfs_zvol_creating', "<tt>" . &html_escape($dataset) . "</tt>" ),
  "<br>\n";
 print "<pre>\n";
 my $cmd =
    "zfs create "
  . ( $sparse ? "-s " : "" ) . "-V "
  . &quote_path($size) . " "
  . join( " ", @opts ) . " "
  . &quote_path($dataset);
 &additional_log( 'exec', undef, $cmd );
 my $fh;
 &open_execute_command( $fh, $cmd, 2 );
 if ($fh) {
    while (<$fh>) { print &html_escape($_); }
    close($fh);
 }
 print "</pre>";
 if ($?) {
    print $text{'newfs_zvol_failed'}, "<p>\n";
 }
 else {
    print $text{'newfs_zvol_done'}, "<p>\n";
    &webmin_log( "zfs-create", "zvol", $dataset,
        { parent => $parent, volsize => $size } );
 }
 if ( $in{'part'} ne '' ) {
    my $url_device = &urlize( $in{'device'} );
    my $url_slice  = &urlize( $in{'slice'} );
    my $url_part   = &urlize( $in{'part'} );
    &ui_print_footer(
        "edit_part.cgi?device=$url_device&slice=$url_slice&part=$url_part",
        $text{'part_return'}
    );
 }
 else {
    my $url_device = &urlize( $in{'device'} );
    my $url_slice  = &urlize( $in{'slice'} );
    &ui_print_footer(
        "edit_slice.cgi?device=$url_device&slice=$url_slice",
        $text{'slice_return'} );
 }
--- a/change-user/index.cgi
+++ b/change-user/index.cgi
@@ -126,10 +126,11 @@ if ($access{'locale'}) {
 if ($access{'theme'}) {
 	# Show personal theme
 	my %tinfo = ();
 	my $tname;
 	if ($gconfig{'theme'}) {
 		my ($gtheme, $goverlay) = split(/\s+/, $gconfig{'theme'});
-		my %tinfo = &webmin::get_theme_info($gtheme);
+		%tinfo = &webmin::get_theme_info($gtheme);
 		$tname = $tinfo{'desc'};
 		}
 	else {
@@ -140,6 +141,16 @@ if ($access{'theme'}) {
 	my @overlays = grep { $_->{'overlay'} } @all;
 	# Main theme
 	my $tconf_link;
 	if ($user->{'theme'} && $user->{'theme'} eq $tinfo{'dir'} &&
 	    $tinfo{'config_link'}) {
 		$tconf_link = &ui_tag('span', &ui_link(
 			"@{[&get_webprefix()]}/$tinfo{'config_link'}",
 			&ui_tag('span', '⚙', 
 				{ class => 'theme-config-char',
 				  title => $text{'themes_configure'} }),
 			'text-link'), { style => 'position: relative;' });
 		}
 	print &ui_table_row($text{'index_theme'},
 		&ui_radio("theme_def", defined($user->{'theme'}) ? 0 : 1,
 			  [ [ 1, &text('index_themeglobal', $tname)."<br>" ],
@@ -149,7 +160,8 @@ if ($access{'theme'}) {
 				? [ '', $text{'index_themedef'} ]
 				: (),
 			  map { [ $_->{'dir'}, $_->{'desc'} ] }
-			      @themes ]), undef, [ "valign=top","valign=top" ]);
+			      @themes ]).$tconf_link,
 		undef, [ "valign=top","valign=top" ]);
 	# Overlay, if any
 	if (@overlays) {
--- a/cluster-software/cluster-software-lib.pl
+++ b/cluster-software/cluster-software-lib.pl
@@ -10,6 +10,24 @@ use WebminCore;
 $parallel_max = 20;
 %access = &get_module_acl();
 # validate_remote_download_target()
 # Validates URL-derived download target fields in %in
 sub validate_remote_download_target
 {
 $in{'host'} =~ /^\S+$/ || &error("Invalid download host");
 my @ips = &to_ipaddress($in{'host'});
 push(@ips, &to_ip6address($in{'host'}));
@ips || &error("Invalid download host");
 if ($in{'ftpfile'}) {
 	$in{'ftpfile'} =~ /^\/\S+$/ || &error("Invalid FTP path");
 	}
 else {
 	$in{'port'} =~ /^\d+$/ && $in{'port'} >= 1 && $in{'port'} <= 65535 ||
 		&error("Invalid HTTP port");
 	$in{'page'} =~ /^\/\S*$/ || &error("Invalid HTTP path");
 	}
 }
 # list_software_hosts()
 # Returns a list of all hosts whose software is being managed by this module
 sub list_software_hosts
--- a/cluster-software/do_install.cgi
+++ b/cluster-software/do_install.cgi
@@ -24,6 +24,9 @@ else {
 	}
 $in{'source'} == 3 || -r $in{'file'} || &error($text{'do_edeleted'});
 if ($in{'source'} == 2 && $in{'down'}) {
 	&validate_remote_download_target();
 	}
 &ui_print_header(undef, $text{'do_title'}, "");
 # Setup error handler for down hosts
@@ -75,8 +78,9 @@ foreach $h (@hosts) {
 		elsif ($in{'source'} == 0) {
 			# Is the file the same on remote (like if we have NFS)
 			local @st = stat($in{'file'});
 			local $qfile = &quote_literal_escape($in{'file'});
 			local $rst = &remote_eval($s->{'host'}, "software",
-						  "[ stat('$in{'file'}') ]");
+						  "[ stat('$qfile') ]");
 			local @rst = @$rst;
 			if (@st && @rst && $st[7] == $rst[7] &&
 			    $st[9] == $rst[9]) {
@@ -170,8 +174,11 @@ foreach $h (@hosts) {
 					}
 				}
 			}
-		&remote_eval($s->{'host'}, "software", "unlink('$rfile')")
+		if ($need_unlink) {
-			if ($need_unlink);
+			local $qfile = &quote_literal_escape($rfile);
 			&remote_eval($s->{'host'}, "software",
 				     "unlink('$qfile')");
 			}
 		print $wh &serialise_variable(\@rv);
 		close($wh);
--- a/cluster-software/do_install_serial.cgi
+++ b/cluster-software/do_install_serial.cgi
@@ -12,6 +12,9 @@ foreach $p (@packages) {
 	push(@names, $n); push(@descs, $d);
 	}
 -r $in{'file'} || &error($text{'do_edeleted'});
 if ($in{'source'} == 2 && $in{'down'}) {
 	&validate_remote_download_target();
 	}
 &ui_print_header(undef, $text{'do_title'}, "");
 print "<b>",&text('do_header', join(" ", @names)),"</b><p>\n";
@@ -78,7 +81,10 @@ foreach $h (@hosts) {
 				}
 			}
 		}
-	&remote_eval($s->{'host'}, "software", "unlink('$rfile')") if ($need_unlink);
+	if ($need_unlink) {
 		local $qfile = &quote_literal_escape($rfile);
 		&remote_eval($s->{'host'}, "software", "unlink('$qfile')");
 		}
 	}
 unlink($in{'file'}) if ($in{'need_unlink'});
 print "<p><b>$text{'do_done'}</b><p>\n";
--- a/cluster-usermin/upgrade.cgi
+++ b/cluster-usermin/upgrade.cgi
@@ -332,7 +332,8 @@ foreach $h (@hosts) {
 				 \$ENV{'config_dir'} = \$config{'usermin_dir'};
 				 \$ENV{'webmin_upgrade'} = 1;
 				 \$ENV{'autothird'} = 1;
-				 \$out = `(cd $extract/usermin-$version && $setup) </dev/null 2>&1 | tee /tmp/.webmin/usermin-setup.out`;
+				 \$tmp = &tempname_dir();
 				 \$out = `(cd $extract/usermin-$version && $setup) </dev/null 2>&1 | tee \$tmp/usermin-setup.out`;
 				 (\$out, \$?)");
 			if ($out !~ /success/i) {
 				print $wh &serialise_variable(
--- a/cluster-webmin/upgrade.cgi
+++ b/cluster-webmin/upgrade.cgi
@@ -423,7 +423,8 @@ foreach $h (@hosts) {
 				 \$ENV{'config_dir'} = \$config_directory;
 				 \$ENV{'webmin_upgrade'} = 1;
 				 \$ENV{'autothird'} = 1;
-				 \$out = `(cd $extract/webmin-$version && $setup) </dev/null 2>&1 | tee /tmp/.webmin/webmin-setup.out`;
+				 \$tmp = &tempname_dir();
 				 \$out = `(cd $extract/webmin-$version && $setup) </dev/null 2>&1 | tee \$tmp/webmin-setup.out`;
 				 (\$out, \$?)");
 			if ($ex || $out !~ /success|^0$/i) {
 				print $wh &serialise_variable(
--- a/cpan/delete_file.cgi
+++ b/cpan/delete_file.cgi
@@ -4,7 +4,7 @@
 require './cpan-lib.pl';
 &ReadParse();
-$tmp_base = $gconfig{'tempdir'} || "/tmp/.webmin";
+$tmp_base = $gconfig{'tempdir'} || &default_webmin_temp_dir();
 foreach $f (split(/\0/, $in{'file'})) {
 	$f =~ /^\Q$tmp_base\E\// || &error($text{'delete_efile'});
 	unlink($f);
--- a/cron/backup_config.pl
+++ b/cron/backup_config.pl
@@ -43,7 +43,9 @@ if (!$fcron) {
 	local $user;
 	opendir(DIR, $config{'cron_dir'});
 	while($user = readdir(DIR)) {
-		system("cp $config{'cron_dir'}/$user $cron_temp_file");
+		next if ($user =~ /^\./);
 		system("cp ".quotemeta("$config{'cron_dir'}/$user").
 		       " ".quotemeta($cron_temp_file));
 		&copy_crontab($user);
 		}
 	closedir(DIR);
--- a/cron/cron-lib.pl
+++ b/cron/cron-lib.pl
@@ -309,7 +309,8 @@ elsif ($fcron) {
 			 undef, $cron_temp_file, undef);
 	}
 else {
-	system("cp ".&translate_filename("$config{'cron_dir'}/$_[0]->{'user'}").
+	system("cp ".quotemeta(
 			&translate_filename("$config{'cron_dir'}/$_[0]->{'user'}")).
 	       " ".quotemeta($cron_temp_file)." 2>/dev/null");
 	}
 }
@@ -513,7 +514,7 @@ if (&read_file_contents($cron_temp_file) =~ /\S/) {
 		$ENV{"VISUAL"} = $ENV{"EDITOR"} =
 			"$module_root_directory/cron_editor.pl";
 		$ENV{"CRON_EDITOR_COPY"} = $cron_temp_file;
-		system("chown $_[0] $cron_temp_file");
+		system("chown ".quotemeta($_[0])." ".quotemeta($cron_temp_file));
 		local $oldpwd = &get_current_dir();
 		chdir("/");
 		if ($single_user) {
@@ -600,7 +601,7 @@ sub user_sub
 {
 local($tmp);
 $tmp = $_[0];
-$tmp =~ s/USER/$_[1]/g;
+$tmp =~ s/USER/quotemeta($_[1])/ge;
 return $tmp;
 }
@@ -833,7 +834,7 @@ if ($config{'vixie_cron'} && (!$nospecial || $job->{'special'})) {
 			1, 0, 0, 0, "onChange='change_special_mode(form, 1)'");
 	$rv .= &ui_table_row($msg,
 		&ui_radio("special_def", $job->{'special'} ? 1 : 0,
-			  [ [ 1, $text{'edit_special1'}." ".$specialsel ],
+			  [ [ 1, $text{'edit_special1'}."&nbsp;&nbsp;".$specialsel ],
 			    [ 0, $text{'edit_special0'} ] ]),
 			  $msg ? $width-1 : $width);
 	}
@@ -924,7 +925,7 @@ foreach my $arr ("mins", "hours", "days", "months", "weekdays") {
 $table .= &ui_columns_row(\@cols, [ "valign=top", "valign=top", "valign=top",
 				    "valign=top", "valign=top" ]);
 $table .= &ui_columns_end();
-$table .= $text{'edit_ctrl'};
+$table .= &ui_note($text{'edit_ctrl'}, 0);
 $rv .= &ui_table_row(undef, $table, $width, undef, ['data-schedule-tr']);
 return $rv;
 }
@@ -1056,7 +1057,8 @@ foreach $arr ("mins", "hours", "days", "months", "weekdays") {
 		}
 	print "</tr></table></td>\n";
 	}
-print "</tr> <tr $cb> <td colspan=5>$text{'edit_ctrl'}</td> </tr>\n";
+my $ctlnote = &ui_note($text{'edit_ctrl'}, 0);
 print "</tr> <tr $cb> <td colspan=5>$ctlnote</td> </tr>\n";
 }
 =head2 parse_times_input(&job, &in)
@@ -1556,7 +1558,7 @@ if ($err) {
 =head2 cleanup_temp_files
-Called from cron to delete old files in the Webmin /tmp directory, and also
+Called from cron to delete old files in the Webmin temp directory, and also
 old lock links directories.
 =cut
@@ -1568,7 +1570,7 @@ if (!$gconfig{'tempdelete_days'}) {
 	return;
 	}
-# Cleanup files in /tmp/.webmin
+# Cleanup files in the default Webmin temp directory
 if ($gconfig{'tempdir'} && !$gconfig{'tempdirdelete'}) {
 	print STDERR "Temp file clearing is not done for the custom directory $gconfig{'tempdir'}\n";
 	}
@@ -1576,7 +1578,7 @@ else {
 	my $tempdir = &transname();
 	$tempdir =~ s/\/([^\/]+)$//;
 	if (!$tempdir || $tempdir eq "/") {
-		$tempdir = "/tmp/.webmin";
+		$tempdir = &default_webmin_temp_dir();
 		}
 	my $cutoff = time() - $gconfig{'tempdelete_days'}*24*60*60;
--- a/cron/cron_editor.pl
+++ b/cron/cron_editor.pl
@@ -5,8 +5,8 @@
 sleep(1);	# This is needed because the stupid crontab -e command
 		# checks the mtime before and after editing, and if they are
 		# the same it assumes no change has been made!!
-open(SRC, "<".$ENV{"CRON_EDITOR_COPY"});
+open(SRC, "<", $ENV{"CRON_EDITOR_COPY"});
-open(DST, ">".$ARGV[0]) || die "Failed to open $ARGV[0] : $!";
+open(DST, ">", $ARGV[0]) || die "Failed to open $ARGV[0] : $!";
 while(<SRC>) {
 	if (!/^#.*DO NOT EDIT/i && !/^#.*installed on/i &&
 	    !/^#.*Cron version/i) {
--- a/cron/exec_cron.cgi
+++ b/cron/exec_cron.cgi
@@ -57,7 +57,7 @@ if ($in{'bg'}) {
 		&open_tempfile(TEMP, ">$temp");
 		&print_tempfile(TEMP, $input);
 		&close_tempfile(TEMP);
-		&execute_command("(($lines[0]) ; rm -f $temp) &", $temp,
+		&execute_command("(($lines[0]) ; rm -f ".quotemeta($temp).") &", $temp,
 				 undef, undef);
 		}
 	else {
--- a/cron/index.cgi
+++ b/cron/index.cgi
@@ -230,9 +230,9 @@ if ($in{'search'}) {
 # Show search form
 print &ui_form_start("index.cgi");
-print "$text{'index_search'}:&nbsp;\n";
+print "$text{'index_search'} &nbsp;\n";
 print &ui_textbox("search", $in{'search'}, 20);
-print &ui_submit($text{'index_ok'});
+print &ui_submit($text{'ui_searchok'});
 print &ui_form_end();
 # Check if we are over the display limit
--- a/cron/lang/ar.auto
+++ b/cron/lang/ar.auto
@@ -27,7 +27,7 @@ index_enable=تمكين الوظائف المختارة
 index_esearch=لا توجد وظائف تطابق بحثك عن$1.
 index_toomany2=هناك الكثير من الوظائف لا تظهر. استخدم نموذج البحث أعلاه للحد من القائمة.
 index_search=العثور على وظائف مطابقة كرون
-index_ok=بحث
+ui_searchok=بحث
 index_searchres=وظائف Cron مطابقة$1 ..
 index_reset=إعادة ضبط البحث.
 index_econfigcheck=لا يمكن إدارة مهام Cron على نظامك ، لأن تكوين الوحدة غير صالح :$1
--- a/cron/lang/bg
+++ b/cron/lang/bg
@@ -25,7 +25,7 @@ index_enable=Включи избраните задачи
 index_esearch=Няма задачи, които да съответстват на търсенето ви за $1.
 index_toomany2=Задачите са твърде много, за да бъдат показани. Използвайте системата за търсене по-горе, за да ограничите списъка.
 index_search=Открий задачи на Cron, които съответстват
-index_ok=Търсене
+ui_searchok=Търсене
 index_searchres=Задачи на Cron, които съответстват на $1 ..
 index_reset=Инициализиране на търсенето.
 index_econfigcheck=Задачите на Cron не могат да бъдат управлявани във вашата система, тъй като конфигурацията на модула не е валидна : $1
--- a/cron/lang/ca
+++ b/cron/lang/ca
@@ -27,7 +27,7 @@ index_enable=Activa els Treballs Seleccionats
 index_esearch=No hi ha cap treball que coincideixi amb la recerca de $1.
 index_toomany2=Hi ha massa treballs per mostrar. Utilitza el formulari de cerca de dalt per limitar la llista.
 index_search=Busca els treballs Cron que coincideixin amb
-index_ok=Busca
+ui_searchok=Busca
 index_searchres=Treballs cron que coincideixen amb...
 index_reset=Reinici la cerca.
 index_econfigcheck=No es poden gestionar treballs Cron al sistema perquè la configuració del mòdul no és vàlida: $1
--- a/cron/lang/cs
+++ b/cron/lang/cs
@@ -23,7 +23,7 @@ index_enable=Zapnout vybrané úlohy
 index_esearch=Žádné úlohy neodpovídají vyhledávací podmínce $1.
 index_toomany2=Příliš mnoho úloh k zobrazení. Použijte formulář vyhledávání k omezení jejich počtu.
 index_search=Najít úlohy Cronu odpovídající podmínce
-index_ok=Hledat
+ui_searchok=Hledat
 index_searchres=Úlohy Cronu vyhovující $1 ..
 index_reset=Resetovat hledání.
 index_econfigcheck=Úlohy Cronu nelze na Vašem systému spravovat, dokud nebude konfigurace modulu v pořádku: $1
--- a/cron/lang/da.auto
+++ b/cron/lang/da.auto
@@ -27,7 +27,7 @@ index_enable=Aktivér valgte job
 index_esearch=Ingen job matchede din søgning efter $1.
 index_toomany2=Der er for mange job at vise. Brug søgeformen ovenfor til at begrænse listen.
 index_search=Find matchende Cron-job
-index_ok=Søg
+ui_searchok=Søg
 index_searchres=Cron job matchende $1 ..
 index_reset=Nulstil søgning.
 index_econfigcheck=Cron-job kan ikke administreres på dit system, da modulkonfigurationen ikke er gyldig : $1
--- a/cron/lang/de
+++ b/cron/lang/de
@@ -27,7 +27,7 @@ index_enable=Ausgewählte Jobs aktivieren
 index_esearch=Keine Jobs entsprechen Ihrer Suche nach $1.
 index_toomany2=Es gibt zu viele Jobs, um sie anzuzeigen. Verwenden Sie das Suchformular oben, um die Liste zu begrenzen.
 index_search=Finde passende Cron-Jobs
-index_ok=Suche
+ui_searchok=Suche
 index_searchres=Cron-Jobs, die $1 entsprechen ..
 index_reset=Suche zurücksetzen.
 index_econfigcheck=Cron-Jobs können auf Ihrem System nicht verwaltet werden, da die Modulkonfiguration ungültig ist: $1
--- a/cron/lang/el.auto
+++ b/cron/lang/el.auto
@@ -27,7 +27,7 @@ index_enable=Ενεργοποίηση επιλεγμένων εργασιών
 index_esearch=Καμία εργασία δεν ταιριάζει με την αναζήτησή σας για $1.
 index_toomany2=Υπάρχουν πάρα πολλές δουλειές για προβολή. Χρησιμοποιήστε τη φόρμα αναζήτησης παραπάνω για να περιορίσετε τη λίστα.
 index_search=Βρείτε τις αντιστοιχίες εργασιών Cron
-index_ok=Αναζήτηση
+ui_searchok=Αναζήτηση
 index_searchres=Οι εργασίες Cron αντιστοιχούν στο $1 ..
 index_reset=Επαναφορά αναζήτησης.
 index_econfigcheck=Δεν είναι δυνατή η διαχείριση των εργασιών Cron στο σύστημά σας, καθώς η διαμόρφωση της μονάδας δεν είναι έγκυρη : $1
--- a/cron/lang/en
+++ b/cron/lang/en
@@ -27,7 +27,7 @@ index_enable=Enable Selected Jobs
 index_esearch=No jobs matched your search for $1.
 index_toomany2=There are too many jobs to show. Use the search form above to limit the list.
 index_search=Find Cron jobs matching
-index_ok=Search
+ui_searchok=Search
 index_searchres=Cron jobs matching $1 ..
 index_reset=Reset search.
 index_econfigcheck=Cron jobs cannot be managed on your system, as the module configuration is not valid : $1
@@ -63,8 +63,8 @@ edit_run=Run Now
 edit_saverun=Save and Run Now
 edit_clone=Clone Job
 edit_return=cron job
-edit_ctrl=Note: Ctrl-click (or command-click on the Mac) to select and de-select minutes, hours, days and months.
+edit_ctrl=Tip: Use Ctrl-click (or ⌘-click on Mac) to select or deselect multiple items, or Shift-click to select a range
-edit_special1=Simple schedule ..
+edit_special1=Simple schedule
 edit_special0=Times and dates selected below ..
 edit_special_hourly=Hourly
 edit_special_daily=Daily (at midnight)
--- a/cron/lang/es.auto
+++ b/cron/lang/es.auto
@@ -10,7 +10,7 @@ index_enable=Habilitar trabajos seleccionados
 index_esearch=Ningún trabajo coincide con su búsqueda de $1.
 index_toomany2=Hay demasiados trabajos para mostrar. Use el formulario de búsqueda anterior para limitar la lista.
 index_search=Encuentra trabajos de Cron que coincidan
-index_ok=Buscar
+ui_searchok=Buscar
 index_searchres=Cron empleos que coinciden con $1 ..
 index_reset=Restablecer búsqueda.
 index_econfigcheck=Los trabajos Cron no se pueden administrar en su sistema, ya que la configuración del módulo no es válida : $1
--- a/cron/lang/eu.auto
+++ b/cron/lang/eu.auto
@@ -27,7 +27,7 @@ index_enable=Gaitu hautatutako lanak
 index_esearch=Ez da lanik datorren $1 bilaketarekin.
 index_toomany2=Lanpostu gehiegi daude erakusteko. Erabili goiko inprimakia zerrenda mugatzeko.
 index_search=Aurkitu Cron lanekin bat datozenak
-index_ok=Search
+ui_searchok=Search
 index_searchres=$1 datozen Cron lanak.
 index_reset=Bilaketa berrezarri.
 index_econfigcheck=Cron lanak ezin dira zure sisteman kudeatu, moduluaren konfigurazioa ez baita baliozkoa : $1
--- a/cron/lang/fa.auto
+++ b/cron/lang/fa.auto
@@ -14,7 +14,7 @@ index_enable=مشاغل انتخاب شده را فعال کنید
 index_esearch=هیچ مشاقی با جستجوی$1 شما مطابقت ندارد.
 index_toomany2=کارهای بسیار زیادی برای نشان دادن وجود دارد. برای محدود کردن لیست از فرم جستجو در بالا استفاده کنید.
 index_search=تطبیق کار Cron را پیدا کنید
-index_ok=جستجو کردن
+ui_searchok=جستجو کردن
 index_searchres=مشاغل کرون مطابق با$1 ..
 index_reset=تنظیم مجدد جستجو
 index_econfigcheck=مشاغل Cron روی سیستم شما قابل مدیریت نیست ، زیرا پیکربندی ماژول معتبر نیست :$1
--- a/cron/lang/fi.auto
+++ b/cron/lang/fi.auto
@@ -27,7 +27,7 @@ index_enable=Ota valitut työt käyttöön
 index_esearch=Yksikään työ ei vastannut hakutulosta $1.
 index_toomany2=Työpaikkoja on liian paljon näytettäväksi. Rajoita luetteloa yllä olevan hakulomakkeen avulla.
 index_search=Etsi sopivia Cron-töitä
-index_ok=Hae
+ui_searchok=Hae
 index_searchres=Cron-työt, jotka vastaavat $1 ..
 index_reset=Nollaa haku.
 index_econfigcheck=Cron-töitä ei voida hallita järjestelmässäsi, koska moduulin kokoonpano ei ole kelvollinen : $1
--- a/cron/lang/fr
+++ b/cron/lang/fr
@@ -24,7 +24,7 @@ index_enable=Activer les tâches sélectionnées
 index_esearch=Aucune tâche ne correspond à votre recherche pour $1.
 index_toomany2=Il y a trop de tâches à montrer. Utilisez le formulaire de recherche ci-dessus pour limiter la liste.
 index_search=Trouver les tâches Cron correspondantes
-index_ok=Rechercher
+ui_searchok=Rechercher
 index_searchres=Les tâches Cron correspondent à $1 ...
 index_reset=Réinitialiser la recherche
 index_econfigcheck=Les tâches Cron ne peuvent pas être gérées sur votre système car la configuration du module n'est pas valide : $1
--- a/cron/lang/hr.auto
+++ b/cron/lang/hr.auto
@@ -6,7 +6,7 @@ index_ecrondir_create=Pokušajte stvoriti direktorij poslova $1 ?
 index_esearch=Nijedan posao ne odgovara vašoj pretrazi za $1.
 index_toomany2=Previše je poslova za pokazati. Upotrijebite gornji obrazac za pretraživanje da biste ograničili popis.
 index_search=Pronađite Cron poslove koji se podudaraju
-index_ok=traži
+ui_searchok=traži
 index_searchres=Cron poslovi koji odgovaraju $1 ..
 index_reset=Poništi pretraživanje.
 index_econfigcheck=Cron poslovi ne mogu se upravljati u vašem sustavu, jer konfiguracija modula nije valjana : $1
--- a/cron/lang/hu
+++ b/cron/lang/hu
@@ -27,7 +27,7 @@ index_enable=Kiválasztott munka engedélyezése
 index_esearch=Nem található a keresett $1
 index_toomany2=Túl sok megjelenítendő munka. Használja a keresési mezőt a lista szűrésére!
 index_search=Időzített feladat (Cron munka) keresése:
-index_ok=Keresés
+ui_searchok=Keresés
 index_searchres=Egyező Cron munkák: $1 ..
 index_reset=Keresés visszaállítása.
 index_econfigcheck=A Cron munkákat nem tudjuk kezelni az ön rendszerén, mivel a modul beállítások nem megfelelőek: $1
--- a/cron/lang/it.auto
+++ b/cron/lang/it.auto
@@ -6,7 +6,7 @@ index_ecrondir_create=Prova a creare la directory dei lavori $1 ?
 index_esearch=Nessun lavoro corrisponde alla tua ricerca per $1.
 index_toomany2=Ci sono troppi lavori da mostrare. Utilizzare il modulo di ricerca sopra per limitare l'elenco.
 index_search=Trova i lavori Cron corrispondenti
-index_ok=Ricerca
+ui_searchok=Ricerca
 index_searchres=Cron lavori corrispondenti a $1 ..
 index_reset=Reimposta ricerca.
 index_econfigcheck=I lavori Cron non possono essere gestiti sul sistema in quanto la configurazione del modulo non è valida : $1
--- a/cron/lang/ja.auto
+++ b/cron/lang/ja.auto
@@ -15,7 +15,7 @@ index_enable=選択したジョブを有効にする
 index_esearch=$1の検索に一致するジョブはありません。
 index_toomany2=表示するジョブが多すぎます。上記の検索フォームを使用して、リストを制限します。
 index_search=一致するCronジョブを検索
-index_ok=探す
+ui_searchok=探す
 index_searchres=$1に一致するCronジョブ ..
 index_reset=検索をリセットします。
 index_econfigcheck=モジュール構成が無効であるため、cronジョブをシステムで管理できません： $1
--- a/cron/lang/ko.auto
+++ b/cron/lang/ko.auto
@@ -19,7 +19,7 @@ index_enable=선택된 작업 사용
 index_esearch=$1 에 대한 검색과 일치하는 작업이 없습니다.
 index_toomany2=표시 할 작업이 너무 많습니다. 위의 검색 양식을 사용하여 목록을 제한하십시오.
 index_search=일치하는 Cron 작업 찾기
-index_ok=검색
+ui_searchok=검색
 index_searchres=$1 과 (와) 일치하는 Cron 작업
 index_reset=검색을 재설정하십시오.
 index_econfigcheck=모듈 구성이 유효하지 않으므로 시스템에서 Cron 작업을 관리 할 수 없습니다 : $1
--- a/cron/lang/ms
+++ b/cron/lang/ms
@@ -23,7 +23,7 @@ index_enable=Membolehkan Tugas Terpilih
 index_esearch=Tiada tugas yang sepadan dengan carian anda untuk $1.
 index_toomany2=Terdapat terlalu banyak tugas untuk dipaparkan. Guna borang carian di atas untuk menghadkan senarai.
 index_search=Mencari tugas Cron yang sepadan
-index_ok=Carian
+ui_searchok=Carian
 index_searchres=Tugas Cron yang sepadan $1 ..
 index_reset=Tetapan semula carian.
 index_econfigcheck=Tugas Cron tidak boleh diuruskan pada sistem anda, seperti konfigurasi modul itu tidak sah: $1
--- a/Show More
+++ b/Show More