From ddbbadedcbfa8266b6af49b4e9f6005b447f1483 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Sat, 29 Apr 2023 16:57:52 +0200
Subject: [PATCH] Shares: enhancements and removal of csrf exposure

---
 plugins/dynamix/CacheDevices.page     | 14 +++--
 plugins/dynamix/DeviceInfo.page       | 14 +++--
 plugins/dynamix/DiskList.page         | 38 ++++++-------
 plugins/dynamix/ShareList.page        | 64 ++++++++++++---------
 plugins/dynamix/include/DiskList.php  | 51 ++++++++---------
 plugins/dynamix/include/ShareList.php | 81 ++++++++++++++-------------
 6 files changed, 136 insertions(+), 126 deletions(-)

diff --git a/plugins/dynamix/CacheDevices.page b/plugins/dynamix/CacheDevices.page
index 9cb213c2d..68616dd2a 100644
--- a/plugins/dynamix/CacheDevices.page
+++ b/plugins/dynamix/CacheDevices.page
@@ -16,8 +16,11 @@ Cond="($pool_devices || $var['fsState']=='Stopped')"
  */
 ?>
 <?
+function makeList($list) {
+  return implode(',',array_map('escapestring',$list));
+}
 function sharename($share) {
-  return substr($share,0,-4);
+  return basename($share,'.cfg');
 }
 $bgcolor = strstr('white,azure',$display['theme']) ? '#f2f2f2' : '#1c1c1c';
 ?>
@@ -29,9 +32,9 @@ table.divider{margin-top:20px}
 <script>
 function validate(poolname) {
   var valid = /^[a-z]([a-z0-9_-]*[a-z_-])*$/;
-  var reserved = [<?=implode(',',array_map('escapestring',explode(',',$var['reservedNames'])))?>];
-  var shares = [<?=implode(',',array_map('escapestring',array_filter(array_map('sharename',scandir('boot/config/shares')))))?>];
-  var pools = [<?=implode(',',array_map('escapestring',$pools))?>];
+  var reserved = [<?=makeList(explode(',',_var($var,'reservedNames')))?>];
+  var shares = [<?=makeList(array_map('sharename',glob('boot/config/shares/*.cfg',GLOB_NOSORT)))?>];
+  var pools = [<?=makeList($pools)?>];
   if (!poolname.trim()) return false;
   if (reserved.includes(poolname)) {
     swal({title:"_(Invalid pool name)_",text:"_(Do not use reserved names)_",html:true,type:'error',confirmButtonText:"_(Ok)_"});
@@ -45,9 +48,8 @@ function validate(poolname) {
   } else if (!valid.test(poolname)) {
     swal({title:"_(Invalid pool name)_",text:"_(Use only lowercase with no special characters or leading/trailing digits)_",type:'error',html:true,confirmButtonText:"_(Ok)_"});
     return false;
-  } else {
-    return true;
   }
+  return true;
 }
 function addPoolPopup() {
   var popup = $('#dialogAddPool');
diff --git a/plugins/dynamix/DeviceInfo.page b/plugins/dynamix/DeviceInfo.page
index 2a56a234c..1641cf727 100644
--- a/plugins/dynamix/DeviceInfo.page
+++ b/plugins/dynamix/DeviceInfo.page
@@ -68,8 +68,11 @@ function diskType(...$types) {
   foreach ($types as $type) $pass |= _var($disk,'type')==$type;
   return $pass;
 }
+function makeList($list) {
+  return implode(',',array_map('escapestring',$list));
+}
 function sharename($share) {
-  return substr($share,0,-4);
+  return basename($share,'.cfg');
 }
 function displayTemp($temp) {
   global $display;
@@ -452,9 +455,9 @@ function updateMode(form,mode) {
 }
 function validate(poolname) {
   var valid = /^[a-z_]([a-z0-9_-]*[a-z_])*$/;
-  var reserved = [<?=implode(',',array_map('escapestring',explode(',',_var($var,'reservedNames'))))?>];
-  var shares = [<?=implode(',',array_map('escapestring',array_filter(array_map('sharename',scandir('boot/config/shares')))))?>];
-  var pools = [<?=implode(',',array_map('escapestring',$pools))?>];
+  var reserved = [<?=makeList(explode(',',_var($var,'reservedNames')))?>];
+  var shares = [<?=makeList(array_map('sharename',glob('boot/config/shares/*.cfg',GLOB_NOSORT)))?>];
+  var pools = [<?=makeList($pools)?>];
   if (!poolname.trim()) return false;
   if (reserved.includes(poolname)) {
     swal({title:"_(Invalid pool name)_",text:"_(Do not use reserved names)_",type:'error',html:true,confirmButtonText:"_(Ok)_"});
@@ -468,9 +471,8 @@ function validate(poolname) {
   } else if (!valid.test(poolname)) {
     swal({title:"_(Invalid pool name)_",text:"_(Use only lowercase with no special characters or leading/trailing digits)_",type:'error',html:true,confirmButtonText:"_(Ok)_"});
     return false;
-  } else {
-    return true;
   }
+  return true;
 }
 function renamePoolPopup() {
   var popup = $('#dialogRenamePool');
diff --git a/plugins/dynamix/DiskList.page b/plugins/dynamix/DiskList.page
index d589a5285..9c32bbdd4 100644
--- a/plugins/dynamix/DiskList.page
+++ b/plugins/dynamix/DiskList.page
@@ -15,24 +15,6 @@ Cond="_var($var,'fsState')!='Stopped' && _var($var,'shareDisk')!='no'"
  * all copies or substantial portions of the Software.
  */
 ?>
-<script>
-function displayDisks(all) {
-  if (all == 'yes') {
-    $.cookie('ssz','ssz');
-    $('#disk_list').html("<tr><td colspan='8'><div class='spinner'></div></td></tr>");
-    $('div.spinner').html(unraid_logo);
-  }
-  $.get('/webGui/include/DiskList.php',{compute:all,path:'<?=$path?>',scale:'<?=_var($display,'scale')?>',number:'<?=_var($display,'number','.,')?>',fill:$.cookie('ssz')||''},function(data){
-    $.removeCookie('ssz')
-    $('#disk_list').html(data);
-    $('#compute-disks').prop('disabled',!data || data.indexOf('colspan=')!=-1);
-  });
-}
-$(function() {
-  displayDisks('no');
-});
-</script>
-
 <style>
 table.share_status thead tr td:first-child{width:15%}
 table.share_status thead tr td:nth-child(n+3){width:10%}
@@ -42,6 +24,24 @@ table.share_status thead tr td:nth-child(n+3){width:10%}
 <thead><tr><td>_(Name)_</td><td>_(Comment)_</td><td>_(SMB)_</td><td>_(NFS)_</td><td>_(Type)_</td><td>_(Size)_</td><td>_(Free)_</td></tr></thead>
 <tbody id="disk_list"></tbody>
 </table>
-<p><input id="compute-disks" type="button" value="_(Compute All)_" onclick="$(this).prop('disabled',true);displayDisks('yes')"></p>
+
+<input id="compute-disks" type="button" value="_(Compute All)_" onclick="$(this).prop('disabled',true);diskList('',-1)">
 
 :disk_list_help:
+
+<script>
+function diskList(name,all) {
+  timers.diskList = setTimeout(function(){$('div.spinner.fixed').show();},500);
+  $.post('/webGui/include/DiskList.php',{compute:name,path:"<?=rawurlencode($path)?>",all:all},function(data){
+    clearTimeout(timers.diskList);
+    $('div.spinner.fixed').hide();
+    $('#disk_list').html(data);
+    if (all!=1) $('#compute-disks').prop('disabled',!data||data.indexOf('colspan=')!=-1);
+  });
+}
+function computeDisk(name,status) {
+  status.html("<i class='fa fa-circle-o-notch fa-spin'></i> _(Please wait)_...");
+  diskList(name,1);
+}
+$(diskList('',0));
+</script>
diff --git a/plugins/dynamix/ShareList.page b/plugins/dynamix/ShareList.page
index fba193450..75ec81f9a 100644
--- a/plugins/dynamix/ShareList.page
+++ b/plugins/dynamix/ShareList.page
@@ -15,28 +15,11 @@ Cond="_var($var,'fsState')!='Stopped' && _var($var,'shareUser')=='e'"
  * all copies or substantial portions of the Software.
  */
 ?>
-<script>
-function displayShares(all) {
-  if (all == 'yes') {
-    $.cookie('ssz','ssz');
-    $('#shareslist').html("<tr><td colspan='8'><div class='spinner'></div></td></tr>");
-    $('div.spinner').html(unraid_logo);
-  }
-  $.get('/webGui/include/ShareList.php',{compute:all,path:'<?=addslashes(htmlspecialchars($path))?>',scale:'<?=_var($display,'scale')?>',number:'<?=_var($display,'number','.,')?>',raw:'<?=_var($display,'raw')?>',fill:$.cookie('ssz')},function(data){
-    $.removeCookie('ssz')
-    $('#shareslist').html(data);
-    $('#compute-shares').prop('disabled',!data || data.indexOf('colspan=')!=-1);
-  });
-}
-$(function() {
-  displayShares('no');
-});
-</script>
-
 <style>
 table.share_status thead tr td:first-child{width:15%}
 table.share_status thead tr td:nth-child(n+3){width:9%!important}
 table.share_status thead tr td:nth-child(5){width:13%!important}
+td.empty{text-align:center;padding-top:12px}
 i.fa-fw{margin-right:2px}
 </style>
 
@@ -44,13 +27,42 @@ i.fa-fw{margin-right:2px}
 <thead><tr><td>_(Name)_</td><td>_(Comment)_</td><td>_(SMB)_</td><td>_(NFS)_</td><td>_(Storage)_</td><td>_(Size)_</td><td>_(Free)_</td></tr></thead>
 <tbody id="shareslist"></tbody>
 </table>
-<p><form name="share_form" method="POST" action="<?=htmlspecialchars($path)?>/Share?name=">
-<input id="compute-shares" type="button" value="_(Compute All)_" onclick="$(this).prop('disabled',true);displayShares('yes')">
-<?if (_var($var,'startMode')=='Normal'):?>
-<input type="submit" value="_(Add Share)_"<?=_var($var,'shareUser')=='e'?'>':' disabled>User shares must be <strong>enabled</strong> to add shares.'?>
-<?else:?>
-<input type="submit" value="_(Add Share)_" disabled>
-<?endif;?>
-</form></p>
+
+<form name="share_form" method="POST" action="<?=htmlspecialchars($path)?>/Share?name=">
+<input type="button" id="compute-shares" value="_(Compute All)_" onclick="$(this).prop('disabled',true);shareList('',-1)">
+<input type="submit" value="_(Add Share)_">
+<input type="button" value="_(Clean Up)_" onclick="cleanup()">
+</form>
 
 :share_list_help:
+
+<script>
+function shareList(name,all) {
+  timers.shareList = setTimeout(function(){$('div.spinner.fixed').show();},500);
+  $.post('/webGui/include/ShareList.php',{compute:name,path:"<?=rawurlencode($path)?>",all:all},function(data){
+    clearTimeout(timers.shareList);
+    $('div.spinner.fixed').hide();
+    $('#shareslist').html(data);
+    if (all!=1) $('#compute-shares').prop('disabled',!data||data.indexOf('colspan=')!=-1);
+  });
+}
+function computeShare(name,status) {
+  status.html("<i class='fa fa-circle-o-notch fa-spin'></i> _(Please wait)_...");
+  shareList(name,1);
+}
+function cleanup() {
+  swal({title:"_(CLEAN UP)_",text:"_(Remove unused share configurations)_",type:'info',html:true,animation:'none',showCancelButton:true,closeOnConfirm:false,confirmButtonText:"<?=_('Proceed')?>",cancelButtonText:"<?=_('Cancel')?>"},function(cleanup){
+    if (!cleanup) return;
+    $.post('/webGui/include/ShareList.php',{cleanup:1},function(data){
+      let text = "_(No unused share configurations present)_";
+      let type = "info";
+      if (data > 0) {
+        text = "_(Removed share configurations)_: "+data;
+        type = "success";
+      }
+      swal({title:"_(CLEAN UP)_",text:text,type:type,html:true,confirmButtonText:"_(Ok)_"});
+    });
+  });
+}
+$(shareList('',0));
+</script>
diff --git a/plugins/dynamix/include/DiskList.php b/plugins/dynamix/include/DiskList.php
index 6479da36b..f8bd58e40 100644
--- a/plugins/dynamix/include/DiskList.php
+++ b/plugins/dynamix/include/DiskList.php
@@ -13,24 +13,27 @@
 <?
 $docroot = $docroot ?? $_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp';
 
-require_once "$docroot/webGui/include/Helpers.php";
-
 // add translations
 $_SERVER['REQUEST_URI'] = 'shares';
 require_once "$docroot/webGui/include/Translations.php";
+require_once "$docroot/webGui/include/Helpers.php";
+
+$compute = rawurldecode(_var($_POST,'compute'));
+$path    = rawurldecode(_var($_POST,'path'));
+$all     = _var($_POST,'all');
 
 $shares  = parse_ini_file('state/shares.ini',true);
 $disks   = parse_ini_file('state/disks.ini',true);
 $var     = parse_ini_file('state/var.ini');
 $sec     = parse_ini_file('state/sec.ini',true);
 $sec_nfs = parse_ini_file('state/sec_nfs.ini',true);
-$compute = unscript(_var($_GET,'compute'));
-$path    = unscript(_var($_GET,'path'));
-$fill    = unscript(_var($_GET,'fill'));
 
-$display = [];
-$display['scale'] = unscript(_var($_GET,'scale'));
-$display['number'] = unscript(_var($_GET,'number','.,'));
+// exit when no disks
+$nodisks = "<tr><td class='empty' colspan='7'><i class='fa fa-folder-open-o icon'></i>"._('There are no exportable disk shares')."</td></tr>";
+if (!$disks) die($nodisks);
+
+// GUI settings
+extract(parse_plugin_cfg('dynamix',true));
 
 // Display export settings
 function disk_share_settings($protocol,$share) {
@@ -38,40 +41,35 @@ function disk_share_settings($protocol,$share) {
   if ($protocol!='yes' || _var($share,'export')=='-') return "-";
   return (_var($share,'export')=='e') ? _(ucfirst(_var($share,'security'))) : '<em>'._(ucfirst(_var($share,'security'))).'</em>';
 }
-
 function globalInclude($name) {
   global $var;
   return substr($name,0,4)!='disk' || !_var($var,'shareUserInclude') || strpos(_var($var,'shareUserInclude').",","$name,")!==false;
 }
-
 function shareInclude($name) {
   global $include;
   return !$include || substr($name,0,4)!='disk' || strpos("$include,", "$name,")!==false;
 }
-
 function sharesOnly($disk) {
   return in_array(_var($disk,'type'),['Data','Cache']) && _var($disk,'exportable')=='yes';
 }
-
 // filter disk shares
 $disks = array_filter($disks,'sharesOnly');
 
-// Compute all disk shares & check encryption
+// Compute disk shares & check encryption
 $crypto = false;
 foreach ($disks as $name => $disk) {
-  if ($compute=='yes') exec("webGui/scripts/disk_size ".escapeshellarg($name)." ssz2");
+  if ($all!=0 && (!$compute || $compute==$name)) exec("/$docroot/webGui/scripts/disk_size ".escapeshellarg($name)." ssz2");
   $crypto |= strpos(_var($disk,'fsType'),'luks:')!==false;
 }
-
 // global shares include/exclude
 $myDisks = array_filter(array_diff(array_keys($disks), explode(',',_var($var,'shareUserExclude'))), 'globalInclude');
 
 // Share size per disk
 $ssz2 = [];
-if ($fill)
-  foreach (glob("state/*.ssz2", GLOB_NOSORT) as $entry) $ssz2[basename($entry, ".ssz2")] = file($entry,FILE_IGNORE_NEW_LINES|FILE_SKIP_EMPTY_LINES);
-else
+if ($all==0)
   exec("rm -f /var/local/emhttp/*.ssz2");
+else
+  foreach (glob("state/*.ssz2",GLOB_NOSORT) as $entry) $ssz2[basename($entry,'.ssz2')] = file($entry,FILE_IGNORE_NEW_LINES|FILE_SKIP_EMPTY_LINES);
 
 // Build table
 $row = 0;
@@ -95,7 +93,7 @@ foreach ($disks as $name => $disk) {
   echo "<td>",disk_share_settings(_var($var,'shareNFSEnabled'), $sec_nfs[$name]),"</td>";
   $cmd="/webGui/scripts/disk_size&arg1=$name&arg2=ssz2";
   $type = _var($disk,'rotational') ? _('HDD') : _('SSD');
-  if (array_key_exists($name, $ssz2)) {
+  if (array_key_exists($name,$ssz2)) {
     echo "<td>$type</td>";
     echo "<td>",my_scale(_var($disk,'fsSize',0)*1024, $unit)," $unit</td>";
     echo "<td>",my_scale(_var($disk,'fsFree',0)*1024, $unit)," $unit</td>";
@@ -103,28 +101,23 @@ foreach ($disks as $name => $disk) {
     foreach ($ssz2[$name] as $entry) {
       [$sharename,$sharesize] = my_explode('=',$entry);
       if ($sharename=='share.total') continue;
-      $include = _var($shares[$sharename],'include');
       $inside = in_array(_var($disk,'name'), array_filter(array_diff($myDisks, explode(',',_var($shares[$sharename],'exclude'))), 'shareInclude'));
       echo "<tr class='",($inside ? "'>" : "warning'>");
-      echo "<td><a class='view'></a><a href=\"/update.htm?cmd=$cmd&csrf_token={$var['csrf_token']}\" target=\"progressFrame\" title=\"";
-      echo _('Recompute'),"...\" onclick='$.cookie(\"ssz\",\"ssz\",{path:\"/\"});$(\".disk-$row-1\").html(\"",_('Please wait'),"...\");$(\".disk-$row-2\").html(\"\");'><i class='fa fa-refresh icon'></i></a>&nbsp;$sharename</td>";
+      echo "<td><a class='view'></a><a href='#' title='",_('Recompute'),"...' onclick=\"computeDisk('",rawurlencode($name),"',$(this).parent())\"><i class='fa fa-refresh icon'></i></a>&nbsp;$sharename</td>";
       echo "<td>",($inside ? "" : "<em>"._('Share is outside the list of designated disks')."</em>"),"</td>";
       echo "<td></td>";
       echo "<td></td>";
       echo "<td></td>";
-      echo "<td class='disk-$row-1'>",my_scale($sharesize, $unit)," $unit</td>";
-      echo "<td class='disk-$row-2'>",my_scale(_var($disk,'fsFree',0)*1024, $unit)," $unit</td>";
+      echo "<td>",my_scale($sharesize, $unit)," $unit</td>";
+      echo "<td>",my_scale(_var($disk,'fsFree',0)*1024, $unit)," $unit</td>";
       echo "</tr>";
     }
   } else {
     echo "<td>$type</td>";
-    echo "<td><a href=\"/update.htm?cmd=$cmd&csrf_token={$var['csrf_token']}\" target=\"progressFrame\" onclick=\"$.cookie('ssz','ssz');$(this).text('";
-    echo _('Please wait'),"...')\">",_('Compute'),"...</a></td>";
+    echo "<td><a href='#' onclick=\"computeDisk('",rawurlencode($name),"',$(this))\">",_('Compute'),"...</a></td>";
     echo "<td>",my_scale(_var($disk,'fsFree',0)*1024, $unit)," $unit</td>";
     echo "</tr>";
   }
 }
-if ($row==0) {
-  echo "<tr><td colspan='7' style='text-align:center;padding-top:12px'><i class='fa fa-folder-open-o icon'></i>",_('There are no exportable disk shares'),"</td></tr>";
-}
+if ($row==0) echo $nodisks;
 ?>
diff --git a/plugins/dynamix/include/ShareList.php b/plugins/dynamix/include/ShareList.php
index 056f756b6..1e50ea855 100644
--- a/plugins/dynamix/include/ShareList.php
+++ b/plugins/dynamix/include/ShareList.php
@@ -14,7 +14,18 @@
 $docroot = $docroot ?? $_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp';
 
 if (isset($_POST['scan'])) {
-  die((new \FilesystemIterator("/mnt/user/{$_POST['scan']}"))->valid() ? '0' : '1');
+  die((new FilesystemIterator("/mnt/user/{$_POST['scan']}"))->valid() ? '0' : '1');
+}
+if (isset($_POST['cleanup'])) {
+  $n = 0;
+  // active shares
+  $shares = array_keys(parse_ini_file('state/shares.ini',true));
+  // stored shares
+  foreach (glob("/boot/config/shares/*.cfg",GLOB_NOSORT) as $name) {
+    if (!in_array(basename($name,'.cfg'),$shares)) {$n++; unlink($name);}
+  }
+  // return number of deleted files
+  die((string)$n);
 }
 
 // add translations
@@ -22,27 +33,26 @@ $_SERVER['REQUEST_URI'] = 'shares';
 require_once "$docroot/webGui/include/Translations.php";
 require_once "$docroot/webGui/include/Helpers.php";
 
+$compute = rawurldecode(_var($_POST,'compute'));
+$path    = rawurldecode(_var($_POST,'path'));
+$all     = _var($_POST,'all');
+
 $shares  = parse_ini_file('state/shares.ini',true);
 $disks   = parse_ini_file('state/disks.ini',true);
 $var     = parse_ini_file('state/var.ini');
 $sec     = parse_ini_file('state/sec.ini',true);
 $sec_nfs = parse_ini_file('state/sec_nfs.ini',true);
-$compute = unscript(_var($_GET,'compute'));
-$path    = unscript(_var($_GET,'path'));
-$fill    = unscript(_var($_GET,'fill'));
 
-$display = [];
-$display['scale'] = unscript(_var($_GET,'scale'));
-$display['number'] = unscript(_var($_GET,'number','.,'));
-$display['raw'] = unscript(_var($_GET,'raw'));
+// exit when no shares
+$noshares = "<tr><td class='empty' colspan='7'><i class='fa fa-folder-open-o icon'></i>"._('There are no exportable user shares')."</td></tr>";
+if (!$shares) die($noshares);
+
+// GUI settings
+extract(parse_plugin_cfg('dynamix',true));
 
 $pools_check = pools_filter(cache_filter($disks));
 $pools = implode(',', $pools_check);
 
-if (!$shares) {
-  echo "<tr><td colspan='7' style='text-align:center;padding-top:12px'><i class='fa fa-folder-open-o icon'></i>",_('There are no exportable user shares'),"</td></tr>";
-  exit;
-}
 // Natural sorting of share names
 uksort($shares,'strnatcasecmp');
 
@@ -52,33 +62,29 @@ function user_share_settings($protocol,$share) {
   if ($protocol!='yes' || $share['export']=='-') return "-";
   return ($share['export']=='e') ? _(ucfirst($share['security'])) : '<em>'._(ucfirst($share['security'])).'</em>';
 }
-
 function globalInclude($name) {
   global $var;
   return substr($name,0,4)!='disk' || !$var['shareUserInclude'] || strpos("{$var['shareUserInclude']},","$name,")!==false;
 }
-
 function shareInclude($name) {
   global $include;
   return !$include || substr($name,0,4)!='disk' || strpos("$include,", "$name,")!==false;
 }
-
-// Compute all user shares & check encryption
+// Compute user shares & check encryption
 $crypto = false;
 foreach ($shares as $name => $share) {
-  if ($compute=='yes') exec("webGui/scripts/share_size ".escapeshellarg($name)." ssz1 ".escapeshellarg($pools));
-  $crypto |= $share['luksStatus']>0;
+  if ($all!=0 && (!$compute || $compute==$name)) exec("$docroot/webGui/scripts/share_size ".escapeshellarg($name)." ssz1 ".escapeshellarg($pools));
+  $crypto |= _var($share,'luksStatus',0)>0;
 }
-
 // global shares include/exclude
 $myDisks = array_filter(array_diff(array_keys($disks), explode(',',$var['shareUserExclude'])), 'globalInclude');
 
 // Share size per disk
 $ssz1 = [];
-if ($fill)
-  foreach (glob("state/*.ssz1", GLOB_NOSORT) as $entry) $ssz1[basename($entry, ".ssz1")] = parse_ini_file($entry);
-else
+if ($all==0)
   exec("rm -f /var/local/emhttp/*.ssz1");
+else
+  foreach (glob("state/*.ssz1",GLOB_NOSORT) as $entry) $ssz1[basename($entry,'.ssz1')] = parse_ini_file($entry);
 
 // Build table
 $row = 0;
@@ -95,19 +101,16 @@ foreach ($shares as $name => $share) {
     case 2: $luks = "<a class='info' onclick='return false'><i class='padlock fa fa-unlock-alt orange-text'></i><span>"._('Some or all files unencrypted')."</span></a>"; break;
    default: $luks = "<a class='info' onclick='return false'><i class='padlock fa fa-lock red-text'></i><span>"._('Unknown encryption state')."</span></a>"; break;
   } else $luks = "";
-  echo "<tr><td><a class='view' href=\"/$path/Browse?dir=/mnt/user/",urlencode($name),"\"><i class=\"icon-u-tab\" title=\"",_('Browse')," /mnt/user/".urlencode($name),"\"></i></a>";
+  echo "<tr><td><a class='view' href=\"/$path/Browse?dir=/mnt/user/",rawurlencode($name),"\"><i class=\"icon-u-tab\" title=\"",_('Browse')," /mnt/user/".rawurlencode($name),"\"></i></a>";
   echo "<a class='info nohand' onclick='return false'><i class='fa fa-$orb orb $color-orb'></i><span style='left:18px'>$help</span></a>$luks<a href=\"/$path/Share?name=";
-  echo urlencode($name),"\" onclick=\"$.cookie('one','tab1')\">",compress($name),"</a></td>";
+  echo rawurlencode($name),"\" onclick=\"$.cookie('one','tab1')\">",compress($name),"</a></td>";
   echo "<td>{$share['comment']}</td>";
   echo "<td>",user_share_settings($var['shareSMBEnabled'], $sec[$name]),"</td>";
   echo "<td>",user_share_settings($var['shareNFSEnabled'], $sec_nfs[$name]),"</td>";
-  $cmd="/webGui/scripts/share_size&arg1=".urlencode($name)."&arg2=ssz1&arg3=".urlencode($pools);
-  /* Check for non existent pool device. */
-  if ($share['cachePool']) {
-    if (! in_array($share['cachePool'], $pools_check)) {
-      $share['useCache'] = "no";
-    }
-  }
+
+  // Check for non existent pool device
+  if (isset($share['cachePool']) && !in_array($share['cachePool'], $pools_check)) $share['useCache'] = "no";
+
   switch ($share['useCache']) {
   case 'no':
     $cache = "<a class='hand info none' onclick='return false'><i class='fa fa-database fa-fw'></i>"._('Array')."<span>".sprintf(_('Primary storage %s'),_('Array'))."</span></a>";
@@ -123,7 +126,7 @@ foreach ($shares as $name => $share) {
     $cache = "<a class='hand info none' onclick='return false'><i class='fa fa-bullseye fa-fw'></i>$exclusive".compress(my_disk($share['cachePool'],$display['raw']))."<span>".sprintf(_('Primary storage %s'),$share['cachePool']).($exclusive ? ", "._('Exclusive access') : "")."</span></a>";
     break;
   }
-  if (array_key_exists($name, $ssz1)) {
+  if (array_key_exists($name,$ssz1)) {
     echo "<td>$cache</td>";
     echo "<td>",my_scale($ssz1[$name]['disk.total'], $unit)," $unit</td>";
     echo "<td>",my_scale($share['free']*1024, $unit)," $unit</td>";
@@ -133,23 +136,21 @@ foreach ($shares as $name => $share) {
       $include = $share['include'];
       $inside = in_array($diskname, array_filter(array_diff($myDisks, explode(',',$share['exclude'])), 'shareInclude'));
       echo "<tr class='",($inside ? "'>" : "warning'>");
-      echo "<td><a class='view'></a><a href=\"/update.htm?cmd=$cmd&csrf_token={$var['csrf_token']}\" target=\"progressFrame\" title=\"";
-      echo _('Recompute'),"...\" onclick='$.cookie(\"ssz\",\"ssz\",{path:\"/\"});$(\".share-$row-1\").html(\"",_('Please wait'),"...\");$(\".share-$row-2\").html(\"\");'><i class='fa fa-refresh icon'></i></a>&nbsp;",_(my_disk($diskname,$display['raw']),3),"</td>";
+      echo "<td><a class='view'></a><a href='#' title='",_('Recompute'),"...' onclick=\"computeShare('",rawurlencode($name),"',$(this).parent())\"><i class='fa fa-refresh icon'></i></a>&nbsp;",_(my_disk($diskname,$display['raw']),3),"</td>";
       echo "<td>",($inside ? "" : "<em>"._('Share is outside the list of designated disks')."</em>"),"</td>";
       echo "<td></td>";
       echo "<td></td>";
       echo "<td></td>";
-      echo "<td class='share-$row-1'>",my_scale($disksize, $unit)," $unit</td>";
-      echo "<td class='share-$row-2'>",my_scale($disks[$diskname]['fsFree']*1024, $unit)," $unit</td>";
+      echo "<td>",my_scale($disksize, $unit)," $unit</td>";
+      echo "<td>",my_scale($disks[$diskname]['fsFree']*1024, $unit)," $unit</td>";
       echo "</tr>";
     }
   } else {
     echo "<td>$cache</td>";
-    echo "<td><a href=\"/update.htm?cmd=$cmd&csrf_token={$var['csrf_token']}\" target=\"progressFrame\" onclick=\"$.cookie('ssz','ssz');$(this).text('",_('Please wait')."...')\">",_('Compute'),"...</a></td>";
+    echo "<td><a href='#' onclick=\"computeShare('",rawurlencode($name),"',$(this))\">",_('Compute'),"...</a></td>";
     echo "<td>",my_scale($share['free']*1024, $unit)," $unit</td>";
     echo "</tr>";
   }
 }
-if ($row==0) {
-  echo "<tr><td colspan='7' style='text-align:center;padding-top:12px'><i class='fa fa-folder-open-o icon'></i>",_('There are no exportable user shares'),"</td></tr>";
-}
+if ($row==0) echo $noshares;
+?>