From 69510a5fade1f55ca3dc11223d33d3aa76fb08c0 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sat, 22 Jul 2017 15:01:26 +0200
Subject: [PATCH] legacy ui pages cleanup for
 https://github.com/opnsense/core/issues/1733

---
 src/www/carp_status.php                       |  2 +-
 src/www/diag_logs_filter.php                  |  6 ++---
 src/www/firewall_aliases.php                  | 10 ++-----
 src/www/firewall_aliases_edit.php             |  8 +-----
 src/www/firewall_nat.php                      |  5 +---
 src/www/firewall_nat_1to1.php                 |  5 +---
 src/www/firewall_nat_1to1_edit.php            |  5 +---
 src/www/firewall_nat_edit.php                 |  7 ++---
 src/www/firewall_nat_npt.php                  |  5 +---
 src/www/firewall_nat_npt_edit.php             |  6 +----
 src/www/firewall_nat_out.php                  | 12 +++------
 src/www/firewall_nat_out_edit.php             |  8 +-----
 src/www/firewall_rules.php                    |  9 +++----
 src/www/firewall_rules_edit.php               |  5 +---
 src/www/firewall_schedule.php                 |  5 +---
 src/www/firewall_schedule_edit.php            |  6 +----
 src/www/firewall_scrub.php                    |  6 +----
 src/www/firewall_scrub_edit.php               |  6 +----
 src/www/firewall_virtual_ip.php               |  7 ++---
 src/www/firewall_virtual_ip_edit.php          |  8 +-----
 src/www/interfaces.php                        | 12 ++-------
 src/www/interfaces_bridge.php                 |  7 +----
 src/www/interfaces_bridge_edit.php            |  2 +-
 src/www/interfaces_gif.php                    |  6 +----
 src/www/interfaces_gif_edit.php               |  8 +-----
 src/www/interfaces_gre.php                    |  7 +----
 src/www/interfaces_gre_edit.php               |  8 +-----
 src/www/interfaces_groups.php                 |  6 +----
 src/www/interfaces_groups_edit.php            |  9 +------
 src/www/interfaces_lagg.php                   |  8 +-----
 src/www/interfaces_lagg_edit.php              |  5 +---
 src/www/interfaces_ppps.php                   |  6 +----
 src/www/interfaces_ppps_edit.php              |  8 +-----
 src/www/interfaces_qinq.php                   |  7 ++---
 src/www/interfaces_qinq_edit.php              |  8 +-----
 src/www/interfaces_vlan.php                   |  6 +----
 src/www/interfaces_vlan_edit.php              |  8 +-----
 src/www/interfaces_wireless.php               |  7 +----
 src/www/interfaces_wireless_edit.php          |  8 +-----
 src/www/services_dhcp.php                     | 12 +++------
 src/www/services_dhcp_edit.php                |  2 +-
 src/www/services_dhcpv6_edit.php              |  2 +-
 src/www/services_dnsmasq.php                  |  4 +--
 .../services_dnsmasq_domainoverride_edit.php  |  5 +---
 src/www/services_dnsmasq_edit.php             |  6 +----
 src/www/services_ntpd.php                     |  5 +---
 src/www/services_unbound.php                  |  5 +---
 src/www/services_unbound_acls.php             |  5 +---
 .../services_unbound_domainoverride_edit.php  |  7 +----
 src/www/services_unbound_host_edit.php        |  5 +---
 src/www/services_unbound_overrides.php        | 11 ++------
 src/www/status_gateway_groups.php             |  6 +----
 src/www/system_advanced_sysctl.php            |  5 +---
 src/www/system_camanager.php                  | 20 +++-----------
 src/www/system_certmanager.php                | 15 +++--------
 src/www/system_crlmanager.php                 | 19 +++++--------
 src/www/system_gateway_groups.php             |  6 +----
 src/www/system_gateway_groups_edit.php        |  9 +------
 src/www/system_gateways.php                   |  2 +-
 src/www/system_gateways_edit.php              |  2 +-
 src/www/system_groupmanager.php               |  7 ++---
 src/www/system_hasync.php                     |  5 +---
 src/www/system_routes.php                     |  6 +----
 src/www/system_routes_edit.php                | 10 +------
 src/www/system_usermanager.php                |  5 +---
 src/www/system_usermanager_addprivs.php       | 16 +++--------
 src/www/vpn_ipsec.php                         | 27 ++++++-------------
 src/www/vpn_ipsec_phase1.php                  | 26 ++++++------------
 68 files changed, 112 insertions(+), 410 deletions(-)

diff --git a/src/www/carp_status.php b/src/www/carp_status.php
index 71e391761..11c0e7f9f 100644
--- a/src/www/carp_status.php
+++ b/src/www/carp_status.php
@@ -34,7 +34,7 @@ require_once("interfaces.inc");
 if ( !isset($config['virtualip']['vip']) || !is_array($config['virtualip']['vip'])) {
     $config['virtualip']['vip'] = array();
 }
-$a_vip = &$config['virtualip']['vip'];
+$a_vip = &config_read_array('virtualip', 'vip');
 
 $act = null;
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
diff --git a/src/www/diag_logs_filter.php b/src/www/diag_logs_filter.php
index d7dd546a4..738609c9c 100644
--- a/src/www/diag_logs_filter.php
+++ b/src/www/diag_logs_filter.php
@@ -120,7 +120,7 @@ function easyrule_block_rule_create($int = 'wan', $ipproto = "inet") {
     }
 
     filter_rules_sort();
-    $a_filter = &$config['filter']['rule'];
+    $a_filter = &config_read_array('filter', 'rule');
 
     /* Make up a new rule */
     $filterent = array();
@@ -173,7 +173,7 @@ function easyrule_block_alias_add($host, $int = 'wan') {
     if (!isset($config['aliases']['alias'])) {
         $config['aliases']['alias'] = array();
     }
-    $a_aliases = &$config['aliases']['alias'];
+    $a_aliases = &config_read_array('aliases', 'alias');
 
     /* Try to get the ID if the alias already exists */
     $id = easyrule_block_alias_getid($int);
@@ -278,7 +278,7 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipp
     }
 
     filter_rules_sort();
-    $a_filter = &$config['filter']['rule'];
+    $a_filter = &config_read_array('filter', 'rule');
 
     /* Make up a new rule */
     $filterent = array();
diff --git a/src/www/firewall_aliases.php b/src/www/firewall_aliases.php
index 3feef3218..41dcf4e89 100644
--- a/src/www/firewall_aliases.php
+++ b/src/www/firewall_aliases.php
@@ -57,7 +57,7 @@ function find_alias_reference($section, $field, $origname, &$is_alias_referenced
         return;
     }
 
-    $sectionref = &$config;
+    $sectionref = &config_read_array();
     foreach($section as $sectionname) {
         if (is_array($sectionref) && isset($sectionref[$sectionname])) {
             $sectionref = &$sectionref[$sectionname];
@@ -110,13 +110,7 @@ function alias_used_recursive($origname)
     return null;
 }
 
-if (!isset($config['aliases']) || !is_array($config['aliases'])) {
-    $config['aliases'] = array();
-}
-if (!isset($config['aliases']['alias'])) {
-    $config['aliases']['alias'] = array();
-}
-$a_aliases = &$config['aliases']['alias'];
+$a_aliases = &config_read_array('aliases', 'alias');
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (isset($_POST['apply'])) {
diff --git a/src/www/firewall_aliases_edit.php b/src/www/firewall_aliases_edit.php
index 42d774030..601155f3c 100644
--- a/src/www/firewall_aliases_edit.php
+++ b/src/www/firewall_aliases_edit.php
@@ -50,13 +50,7 @@ function geoip_countries()
     return $result;
 }
 
-if (!isset($config['aliases']) || !is_array($config['aliases'])) {
-    $config['aliases'] = array();
-}
-if (!isset($config['aliases']['alias'])) {
-    $config['aliases']['alias'] = array();
-}
-$a_aliases = &$config['aliases']['alias'];
+$a_aliases = &config_read_array('aliases', 'alias');
 
 $pconfig = array();
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/firewall_nat.php b/src/www/firewall_nat.php
index 44c5a5482..4bbdb6ad5 100644
--- a/src/www/firewall_nat.php
+++ b/src/www/firewall_nat.php
@@ -69,11 +69,8 @@ function delete_id($id, &$array)
     }
 }
 
-if (!isset($config['nat']['rule']) || !is_array($config['nat']['rule'])) {
-    $config['nat']['rule'] = array();
-}
 
-$a_nat = &$config['nat']['rule'];
+$a_nat = &config_read_array('nat', 'rule');
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $pconfig = $_POST;
     if (isset($pconfig['id']) && isset($a_nat[$pconfig['id']])) {
diff --git a/src/www/firewall_nat_1to1.php b/src/www/firewall_nat_1to1.php
index 33969b8eb..15866b74a 100644
--- a/src/www/firewall_nat_1to1.php
+++ b/src/www/firewall_nat_1to1.php
@@ -31,10 +31,7 @@ require_once("guiconfig.inc");
 require_once("interfaces.inc");
 require_once("filter.inc");
 
-if (!isset($config['nat']['onetoone'])) {
-    $config['nat']['onetoone'] = array();
-}
-$a_1to1 = &$config['nat']['onetoone'];
+$a_1to1 = &config_read_array('nat', 'onetoone');
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $pconfig = $_POST;
diff --git a/src/www/firewall_nat_1to1_edit.php b/src/www/firewall_nat_1to1_edit.php
index 09d3ae1de..523f1805f 100644
--- a/src/www/firewall_nat_1to1_edit.php
+++ b/src/www/firewall_nat_1to1_edit.php
@@ -31,10 +31,7 @@ require_once("guiconfig.inc");
 require_once("interfaces.inc");
 
 
-if (!isset($config['nat']['onetoone'])) {
-    $config['nat']['onetoone'] = array();
-}
-$a_1to1 = &$config['nat']['onetoone'];
+$a_1to1 = &config_read_array('nat', 'onetoone');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     // input record id, if valid
diff --git a/src/www/firewall_nat_edit.php b/src/www/firewall_nat_edit.php
index 74a4d3f5d..6031b5cf1 100644
--- a/src/www/firewall_nat_edit.php
+++ b/src/www/firewall_nat_edit.php
@@ -33,10 +33,7 @@ require_once("filter.inc");
 
 
 // init config and get reference
-if (!isset($config['nat']['rule']) || !is_array($config['nat']['rule'])) {
-    $config['nat']['rule'] = array();
-}
-$a_nat = &$config['nat']['rule'];
+$a_nat = &config_read_array('nat', 'rule');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     // load form data from config
@@ -300,7 +297,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 if ($filterentid === false) {
                     $filterent['associated-rule-id'] = $natent['associated-rule-id'];
                 } else {
-                    $filterent =& $config['filter']['rule'][$filterentid];
+                    $filterent = &config_read_array('filter', 'rule', $filterentid);
                 }
             }
             pconfig_to_address($filterent['source'], $pconfig['src'],
diff --git a/src/www/firewall_nat_npt.php b/src/www/firewall_nat_npt.php
index a769e20f9..01d7e6c16 100644
--- a/src/www/firewall_nat_npt.php
+++ b/src/www/firewall_nat_npt.php
@@ -31,10 +31,7 @@ require_once("guiconfig.inc");
 require_once("filter.inc");
 require_once("interfaces.inc");
 
-if (!isset($config['nat']['npt'])) {
-  $config['nat']['npt'] = array();
-}
-$a_npt = &$config['nat']['npt'];
+$a_npt = &config_read_array('nat', 'npt');
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $pconfig = $_POST;
diff --git a/src/www/firewall_nat_npt_edit.php b/src/www/firewall_nat_npt_edit.php
index 3a584abea..a55f87e69 100644
--- a/src/www/firewall_nat_npt_edit.php
+++ b/src/www/firewall_nat_npt_edit.php
@@ -30,11 +30,7 @@
 require_once("guiconfig.inc");
 require_once("interfaces.inc");
 
-
-if (!isset($config['nat']['npt'])) {
-    $config['nat']['npt'] = array();
-}
-$a_npt = &$config['nat']['npt'];
+$a_npt = &config_read_array('nat', 'npt');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (isset($_GET['dup']) && isset($a_npt[$_GET['dup']])) {
diff --git a/src/www/firewall_nat_out.php b/src/www/firewall_nat_out.php
index 7c5a9b3e7..3e0db1169 100644
--- a/src/www/firewall_nat_out.php
+++ b/src/www/firewall_nat_out.php
@@ -34,16 +34,10 @@ require_once("interfaces.inc");
 
 $GatewaysList = return_gateways_array(false, true) + return_gateway_groups_array();
 
-if (!isset($config['nat']['outbound']))
-    $config['nat']['outbound'] = array();
-
-if (!isset($config['nat']['outbound']['rule']))
-    $config['nat']['outbound']['rule'] = array();
-
-if (!isset($config['nat']['outbound']['mode']))
+$a_out = &config_read_array('nat', 'outbound', 'rule');
+if (!isset($config['nat']['outbound']['mode'])) {
     $config['nat']['outbound']['mode'] = "automatic";
-
-$a_out = &$config['nat']['outbound']['rule'];
+}
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $pconfig = $_POST;
diff --git a/src/www/firewall_nat_out_edit.php b/src/www/firewall_nat_out_edit.php
index 127e8bae3..4cf59befd 100644
--- a/src/www/firewall_nat_out_edit.php
+++ b/src/www/firewall_nat_out_edit.php
@@ -75,13 +75,7 @@ function formTranslateAddresses() {
     return $retval;
 }
 
-if (!isset($config['nat']['outbound']['rule'])) {
-    if (!isset($config['nat']['outbound'])) {
-        $config['nat']['outbound'] = array();
-    }
-    $config['nat']['outbound']['rule'] = array();
-}
-$a_out = &$config['nat']['outbound']['rule'];
+$a_out = &config_read_array('nat', 'outbound', 'rule');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     // input record id, if valid
diff --git a/src/www/firewall_rules.php b/src/www/firewall_rules.php
index c70a73d30..c64d57ed2 100644
--- a/src/www/firewall_rules.php
+++ b/src/www/firewall_rules.php
@@ -32,11 +32,8 @@ require_once("guiconfig.inc");
 require_once("filter.inc");
 require_once("system.inc");
 
-if (!isset($config['filter']['rule'])) {
-    $config['filter']['rule'] = array();
-}
+$a_filter = &config_read_array('filter', 'rule');
 
-$a_filter = &$config['filter']['rule'];
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (isset($_GET['if'])) {
         $current_if = htmlspecialchars($_GET['if']);
@@ -65,7 +62,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         if (!empty($a_filter[$id]['associated-rule-id'])) {
             // unlink nat entry
             if (isset($config['nat']['rule'])) {
-                $a_nat = &$config['nat']['rule'];
+                $a_nat = &config_read_array('nat', 'rule');
                 foreach ($a_nat as &$natent) {
                     if ($natent['associated-rule-id'] == $a_filter[$id]['associated-rule-id']) {
                         $natent['associated-rule-id'] = '';
@@ -83,7 +80,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         foreach ($pconfig['rule'] as $rulei) {
             // unlink nat entry
             if (isset($config['nat']['rule'])) {
-                $a_nat = &$config['nat']['rule'];
+                $a_nat = &config_read_array('nat', 'rule');
                 foreach ($a_nat as &$natent) {
                     if ($natent['associated-rule-id'] == $a_filter[$rulei]['associated-rule-id']) {
                         $natent['associated-rule-id'] = '';
diff --git a/src/www/firewall_rules_edit.php b/src/www/firewall_rules_edit.php
index 819357b96..e824b27b5 100644
--- a/src/www/firewall_rules_edit.php
+++ b/src/www/firewall_rules_edit.php
@@ -74,10 +74,7 @@ function is_posnumericint($arg) {
 }
 
 
-if (!isset($config['filter']['rule'])) {
-    $config['filter']['rule'] = array();
-}
-$a_filter = &$config['filter']['rule'];
+$a_filter = &config_read_array('filter', 'rule');
 
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/firewall_schedule.php b/src/www/firewall_schedule.php
index 48e969431..709c0831e 100644
--- a/src/www/firewall_schedule.php
+++ b/src/www/firewall_schedule.php
@@ -34,10 +34,7 @@ require_once("filter.inc");
 $dayArray = array (gettext('Mon'),gettext('Tues'),gettext('Wed'),gettext('Thur'),gettext('Fri'),gettext('Sat'),gettext('Sun'));
 $monthArray = array (gettext('January'),gettext('February'),gettext('March'),gettext('April'),gettext('May'),gettext('June'),gettext('July'),gettext('August'),gettext('September'),gettext('October'),gettext('November'),gettext('December'));
 
-if (!isset($config['schedules']['schedule'])) {
-    $config['schedules']['schedule'] = array();
-}
-$a_schedules = &$config['schedules']['schedule'];
+$a_schedules = &config_read_array('schedules', 'schedule');
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $pconfig = $_POST;
diff --git a/src/www/firewall_schedule_edit.php b/src/www/firewall_schedule_edit.php
index 58daf1021..e5fdb4ed6 100644
--- a/src/www/firewall_schedule_edit.php
+++ b/src/www/firewall_schedule_edit.php
@@ -81,11 +81,7 @@ function schedule_sort()
 $dayArray = array (gettext('Mon'),gettext('Tues'),gettext('Wed'),gettext('Thur'),gettext('Fri'),gettext('Sat'),gettext('Sun'));
 $monthArray = array (gettext('January'),gettext('February'),gettext('March'),gettext('April'),gettext('May'),gettext('June'),gettext('July'),gettext('August'),gettext('September'),gettext('October'),gettext('November'),gettext('December'));
 
-
-if (!isset($config['schedules']['schedule'])) {
-    $config['schedules']['schedule'] = array();
-}
-$a_schedules = &$config['schedules']['schedule'];
+$a_schedules = &config_read_array('schedules', 'schedule');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     // input record id, if valid
diff --git a/src/www/firewall_scrub.php b/src/www/firewall_scrub.php
index 334a1b518..4671cba41 100644
--- a/src/www/firewall_scrub.php
+++ b/src/www/firewall_scrub.php
@@ -29,11 +29,7 @@
 require_once("guiconfig.inc");
 require_once("filter.inc");
 
-if (!isset($config['filter']['scrub']['rule'])) {
-    $config['filter']['scrub'] = array();
-    $config['filter']['scrub']['rule'] = array();
-}
-$a_scrub = &$config['filter']['scrub']['rule'];
+$a_scrub = &config_read_array('filter', 'scrub', 'rule');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     $pconfig = array();
diff --git a/src/www/firewall_scrub_edit.php b/src/www/firewall_scrub_edit.php
index da619bbdd..17352ad97 100644
--- a/src/www/firewall_scrub_edit.php
+++ b/src/www/firewall_scrub_edit.php
@@ -75,11 +75,7 @@ function formNetworks()
     return $networks;
 }
 
-if (!isset($config['filter']['scrub']['rule'])) {
-    $config['filter']['scrub'] = array();
-    $config['filter']['scrub']['rule'] = array();
-}
-$a_scrub = &$config['filter']['scrub']['rule'];
+$a_scrub = &config_read_array('filter', 'scrub', 'rule');
 
 // define form fields
 $config_fields = array('interface', 'proto', 'srcnot', 'src', 'srcmask', 'dstnot', 'dst', 'dstmask', 'dstport',
diff --git a/src/www/firewall_virtual_ip.php b/src/www/firewall_virtual_ip.php
index 0ce747e78..c7abf98fc 100644
--- a/src/www/firewall_virtual_ip.php
+++ b/src/www/firewall_virtual_ip.php
@@ -39,7 +39,7 @@ require_once("filter.inc");
 function deleteVIPEntry($id) {
     global $config;
     $input_errors = array();
-    $a_vip = &$config['virtualip']['vip'];
+    $a_vip = &config_read_array('virtualip', 'vip');
     /* make sure no inbound NAT mappings reference this entry */
     if (isset($config['nat']['rule'])) {
         foreach ($config['nat']['rule'] as $rule) {
@@ -127,10 +127,7 @@ function deleteVIPEntry($id) {
     return $input_errors;
 }
 
-if (!isset($config['virtualip']['vip'])) {
-    $config['virtualip']['vip'] = array();
-}
-$a_vip = &$config['virtualip']['vip'];
+$a_vip = &config_read_array('virtualip', 'vip');
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $pconfig = $_POST;
diff --git a/src/www/firewall_virtual_ip_edit.php b/src/www/firewall_virtual_ip_edit.php
index 84ced84eb..e454835da 100644
--- a/src/www/firewall_virtual_ip_edit.php
+++ b/src/www/firewall_virtual_ip_edit.php
@@ -50,13 +50,7 @@ function find_last_used_vhid() {
 
 
 // create new vip array if none existent
-if (!isset($config['virtualip']) || !is_array($config['virtualip'])) {
-    $config['virtualip'] = array();
-}
-if (!isset($config['virtualip']['vip']) || !is_array($config['virtualip']['vip'])) {
-    $config['virtualip']['vip'] = array();
-}
-$a_vip = &$config['virtualip']['vip'];
+$a_vip = &config_read_array('virtualip', 'vip');
 
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/interfaces.php b/src/www/interfaces.php
index 200890bc1..2c99352af 100644
--- a/src/www/interfaces.php
+++ b/src/www/interfaces.php
@@ -316,16 +316,8 @@ function get_wireless_channel_info($interface) {
 $ifdescrs = get_configured_interface_with_descr(false, true);
 
 // reference to interface section
-if (empty($config['interfaces']) || !is_array($config['interfaces'])) {
-    $config['interfaces'] = array();
-}
-$a_interfaces = &$config['interfaces'];
-
-if (empty($config['ppps']['ppp']) || !is_array($config['ppps']['ppp'])) {
-    $config['ppps'] = array();
-    $config['ppps']['ppp'] = array();
-}
-$a_ppps = &$config['ppps']['ppp'];
+$a_interfaces = &config_read_array('interfaces');
+$a_ppps = &config_read_array('ppps', 'ppp');
 
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/interfaces_bridge.php b/src/www/interfaces_bridge.php
index 1dfc1737f..054ffa339 100644
--- a/src/www/interfaces_bridge.php
+++ b/src/www/interfaces_bridge.php
@@ -31,12 +31,7 @@ require_once("guiconfig.inc");
 require_once("interfaces.inc");
 
 
-if (!isset($config['bridges']['bridged']) || !is_array($config['bridges']['bridged'])) {
-    $a_bridges = array();
-} else {
-    $a_bridges = &$config['bridges']['bridged'] ;
-}
-
+$a_bridges = &config_read_array('bridges', 'bridged') ;
 
 function bridge_inuse($bridge_if) {
     foreach (legacy_config_get_interfaces() as $if => $intf) {
diff --git a/src/www/interfaces_bridge_edit.php b/src/www/interfaces_bridge_edit.php
index 07d075236..d2e183720 100644
--- a/src/www/interfaces_bridge_edit.php
+++ b/src/www/interfaces_bridge_edit.php
@@ -39,7 +39,7 @@ if (!isset($config['bridges']['bridged']) || !is_array($config['bridges']['bridg
     $config['bridges']['bridged'] = array();
 }
 
-$a_bridges = &$config['bridges']['bridged'];
+$a_bridges = &config_read_array('bridges', 'bridged');
 
 // interface list
 $ifacelist = array();
diff --git a/src/www/interfaces_gif.php b/src/www/interfaces_gif.php
index d8ab316d7..13d36a657 100644
--- a/src/www/interfaces_gif.php
+++ b/src/www/interfaces_gif.php
@@ -39,11 +39,7 @@ function gif_inuse($gif_intf) {
     return false;
 }
 
-if (!isset($config['gifs']['gif']) || !is_array($config['gifs']['gif'])) {
-    $a_gifs = array();
-} else {
-    $a_gifs = &$config['gifs']['gif'] ;
-}
+$a_gifs = &config_read_array('gifs', 'gif') ;
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (!empty($a_gifs[$_POST['id']])) {
diff --git a/src/www/interfaces_gif_edit.php b/src/www/interfaces_gif_edit.php
index 59d68b341..0b9793abf 100644
--- a/src/www/interfaces_gif_edit.php
+++ b/src/www/interfaces_gif_edit.php
@@ -32,13 +32,7 @@ require_once("system.inc");
 require_once("interfaces.inc");
 require_once("services.inc");
 
-if (!isset($config['gifs']) || !is_array($config['gifs'])) {
-    $config['gifs'] = array();
-}
-if (!isset($config['gifs']['gif']) || !is_array($config['gifs']['gif'])) {
-    $config['gifs']['gif'] = array();
-}
-$a_gifs = &$config['gifs']['gif'];
+$a_gifs = &config_read_array('gifs', 'gif');
 
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/interfaces_gre.php b/src/www/interfaces_gre.php
index 4549b321e..4e9991cf5 100644
--- a/src/www/interfaces_gre.php
+++ b/src/www/interfaces_gre.php
@@ -39,12 +39,7 @@ function gre_inuse($gre_intf) {
     return false;
 }
 
-if (!isset($config['gres']['gre']) || !is_array($config['gres']['gre'])) {
-    $a_gres = array();
-} else {
-    $a_gres = &$config['gres']['gre'] ;
-}
-
+$a_gres = &config_read_array('gres', 'gre') ;
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (!empty($a_gres[$_POST['id']])) {
diff --git a/src/www/interfaces_gre_edit.php b/src/www/interfaces_gre_edit.php
index 92a27a950..76483d046 100644
--- a/src/www/interfaces_gre_edit.php
+++ b/src/www/interfaces_gre_edit.php
@@ -32,13 +32,7 @@ require_once("system.inc");
 require_once("interfaces.inc");
 require_once("services.inc");
 
-if (!isset($config['gres']) || !is_array($config['gres'])) {
-    $config['gres'] = array();
-}
-if (!isset($config['gres']['gre']) || !is_array($config['gres']['gre'])) {
-    $config['gres']['gre'] = array();
-}
-$a_gres = &$config['gres']['gre'];
+$a_gres = &config_read_array('gres', 'gre');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     // read form data
diff --git a/src/www/interfaces_groups.php b/src/www/interfaces_groups.php
index 04bf64cd5..254498116 100644
--- a/src/www/interfaces_groups.php
+++ b/src/www/interfaces_groups.php
@@ -31,11 +31,7 @@
 require_once("guiconfig.inc");
 require_once("interfaces.inc");
 
-if (!isset($config['ifgroups']['ifgroupentry'])) {
-    $a_ifgroups = array();
-} else {
-    $a_ifgroups = &$config['ifgroups']['ifgroupentry'];
-}
+$a_ifgroups = &config_read_array('ifgroups', 'ifgroupentry');
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (!empty($a_ifgroups[$_POST['id']])) {
diff --git a/src/www/interfaces_groups_edit.php b/src/www/interfaces_groups_edit.php
index c5e085998..ff7eb5643 100644
--- a/src/www/interfaces_groups_edit.php
+++ b/src/www/interfaces_groups_edit.php
@@ -31,14 +31,7 @@
 require_once("guiconfig.inc");
 require_once("interfaces.inc");
 
-if (!isset($config['ifgroups']) || !is_array($config['ifgroups'])) {
-    $config['ifgroups'] = array();
-}
-if (!isset($config['ifgroups']['ifgroupentry']) || !is_array($config['ifgroups']['ifgroupentry'])) {
-    $config['ifgroups']['ifgroupentry'] = array();
-}
-
-$a_ifgroups = &$config['ifgroups']['ifgroupentry'];
+$a_ifgroups = &config_read_array('ifgroups', 'ifgroupentry');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     // read form data
diff --git a/src/www/interfaces_lagg.php b/src/www/interfaces_lagg.php
index 25383940e..8bd335740 100644
--- a/src/www/interfaces_lagg.php
+++ b/src/www/interfaces_lagg.php
@@ -48,13 +48,7 @@ function lagg_inuse($lagg_intf) {
     return false;
 }
 
-
-if (!isset($config['laggs']['lagg'])) {
-    $a_laggs = array();
-} else {
-    $a_laggs = &$config['laggs']['lagg'] ;
-}
-
+$a_laggs = &config_read_array('laggs', 'lagg') ;
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (!empty($a_laggs[$_POST['id']])) {
diff --git a/src/www/interfaces_lagg_edit.php b/src/www/interfaces_lagg_edit.php
index 3e107f282..37bddc2f1 100644
--- a/src/www/interfaces_lagg_edit.php
+++ b/src/www/interfaces_lagg_edit.php
@@ -76,10 +76,7 @@ function available_interfaces($selected_id=null)
 
 $laggprotos = array("none", "lacp", "failover", "fec", "loadbalance", "roundrobin");
 
-if (!isset($config['laggs']['lagg'])) {
-    $config['laggs']['lagg'] = array();
-}
-$a_laggs = &$config['laggs']['lagg'];
+$a_laggs = &config_read_array('laggs', 'lagg');
 
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/interfaces_ppps.php b/src/www/interfaces_ppps.php
index ad202c50d..892ffb7ba 100644
--- a/src/www/interfaces_ppps.php
+++ b/src/www/interfaces_ppps.php
@@ -42,11 +42,7 @@ function ppp_inuse($ppp_intf) {
     return false;
 }
 
-if (!isset($config['ppps']['ppp']) || !is_array($config['ppps']['ppp'])) {
-    $a_ppps = array();
-} else {
-    $a_ppps = &$config['ppps']['ppp'];
-}
+$a_ppps = &config_read_array('ppps', 'ppp');
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (!empty($a_ppps[$_POST['id']])) {
diff --git a/src/www/interfaces_ppps_edit.php b/src/www/interfaces_ppps_edit.php
index a3588133c..987d61b22 100644
--- a/src/www/interfaces_ppps_edit.php
+++ b/src/www/interfaces_ppps_edit.php
@@ -32,13 +32,7 @@ require_once("guiconfig.inc");
 require_once("interfaces.inc");
 require_once("services.inc");
 
-if (!isset($config['ppps'])) {
-    $config['ppps'] = array();
-}
-if (!isset($config['ppps']['ppp'])) {
-    $config['ppps']['ppp'] = array();
-}
-$a_ppps = &$config['ppps']['ppp'];
+$a_ppps = &config_read_array('ppps', 'ppp');
 
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/interfaces_qinq.php b/src/www/interfaces_qinq.php
index 238db22cc..41931ba2e 100644
--- a/src/www/interfaces_qinq.php
+++ b/src/www/interfaces_qinq.php
@@ -40,11 +40,8 @@ function qinq_inuse($qinq_intf) {
     return false;
 }
 
-if (!isset($config['qinqs']['qinqentry']) || !is_array($config['qinqs']['qinqentry'])) {
-    $a_qinqs = array();
-} else {
-    $a_qinqs = &$config['qinqs']['qinqentry'];
-}
+
+$a_qinqs = &config_read_array('qinqs', 'qinqentry');
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (!empty($a_qinqs[$_POST['id']])) {
diff --git a/src/www/interfaces_qinq_edit.php b/src/www/interfaces_qinq_edit.php
index c325f2164..e65681670 100644
--- a/src/www/interfaces_qinq_edit.php
+++ b/src/www/interfaces_qinq_edit.php
@@ -30,13 +30,7 @@
 require_once("guiconfig.inc");
 require_once("interfaces.inc");
 
-if (!isset($config['qinqs']) || !is_array($config['qinqs'])) {
-    $config['qinqs'] = array();
-}
-if (!isset($config['qinqs']['qinqentry']) || !is_array($config['qinqs']['qinqentry'])) {
-    $config['qinqs']['qinqentry'] = array();
-}
-$a_qinqs = &$config['qinqs']['qinqentry'];
+$a_qinqs = &config_read_array('qinqs', 'qinqentry');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     $id = 0;
diff --git a/src/www/interfaces_vlan.php b/src/www/interfaces_vlan.php
index ee2f81bce..770a504aa 100644
--- a/src/www/interfaces_vlan.php
+++ b/src/www/interfaces_vlan.php
@@ -41,11 +41,7 @@ function vlan_inuse($vlan_intf) {
     return false;
 }
 
-if (!isset($config['vlans']['vlan']) || !is_array($config['vlans']['vlan'])) {
-    $a_vlans = array();
-} else {
-    $a_vlans = &$config['vlans']['vlan'] ;
-}
+$a_vlans = &config_read_array('vlans', 'vlan') ;
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (!empty($a_vlans[$_POST['id']])) {
diff --git a/src/www/interfaces_vlan_edit.php b/src/www/interfaces_vlan_edit.php
index 69cd7679b..e5a3d45f3 100644
--- a/src/www/interfaces_vlan_edit.php
+++ b/src/www/interfaces_vlan_edit.php
@@ -32,13 +32,7 @@ require_once("system.inc");
 require_once("interfaces.inc");
 require_once("services.inc");
 
-if (!isset($config['vlans']) || !is_array($config['vlans'])) {
-    $config['vlans'] = array();
-}
-if (!isset($config['vlans']['vlan']) || !is_array($config['vlans']['vlan'])) {
-    $config['vlans']['vlan'] = array();
-}
-$a_vlans = &$config['vlans']['vlan'];
+$a_vlans = &config_read_array('vlans', 'vlan');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     // read form data
diff --git a/src/www/interfaces_wireless.php b/src/www/interfaces_wireless.php
index c2090163f..d686af3b8 100644
--- a/src/www/interfaces_wireless.php
+++ b/src/www/interfaces_wireless.php
@@ -40,12 +40,7 @@ function clone_inuse($cloneif) {
     return false;
 }
 
-if (!isset($config['wireless']['clone']) || !is_array($config['wireless']['clone'])) {
-    $a_clones = array();
-} else {
-    $a_clones = &$config['wireless']['clone'];
-}
-
+$a_clones = &config_read_array('wireless', 'clone');
 
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
diff --git a/src/www/interfaces_wireless_edit.php b/src/www/interfaces_wireless_edit.php
index a4bfcf5df..955d78a7f 100644
--- a/src/www/interfaces_wireless_edit.php
+++ b/src/www/interfaces_wireless_edit.php
@@ -41,13 +41,7 @@ function clone_inuse($cloneif) {
     return false;
 }
 
-if (!isset($config['wireless']) || !is_array($config['wireless'])) {
-    $config['wireless'] = array();
-}
-if (!isset($config['wireless']['clone']) || !is_array($config['wireless']['clone'])) {
-    $config['wireless']['clone'] = array();
-}
-$a_clones = &$config['wireless']['clone'];
+$a_clones = &config_read_array('wireless', 'clone');
 
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/services_dhcp.php b/src/www/services_dhcp.php
index 530e1ec7b..f1eb5cfe1 100644
--- a/src/www/services_dhcp.php
+++ b/src/www/services_dhcp.php
@@ -127,7 +127,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (empty($config['dhcpd'][$if]['pool'])) {
         $config['dhcpd'][$if]['pool'] = array();
     }
-    $a_pools = &$config['dhcpd'][$if]['pool'];
+    $a_pools = &config_read_array('dhcpd', $if, 'pool');
 
     if (!empty($_GET['act'])) {
         $act = $_GET['act'];
@@ -141,7 +141,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     } elseif ($act == "newpool") {
         $dhcpdconf = array();
     } else {
-        $dhcpdconf = &$config['dhcpd'][$if];
+        $dhcpdconf = &config_read_array('dhcpd', $if);
     }
     $pconfig = array();
     // simple 1-on-1 copy
@@ -185,7 +185,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (empty($config['dhcpd'][$if]['pool'])) {
         $config['dhcpd'][$if]['pool'] = array();
     }
-    $a_pools = &$config['dhcpd'][$if]['pool'];
+    $a_pools = &config_read_array('dhcpd', $if, 'pool');
 
     if (!empty($_POST['act'])) {
         $act = $_POST['act'];
@@ -309,11 +309,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             }
         }
 
-        if (!empty($config['dhcpd'][$if]['staticmap'])) {
-            $a_maps = &$config['dhcpd'][$if]['staticmap'];
-        } else {
-            $a_maps = array();
-        }
+        $a_maps = &config_read_array('dhcpd', $if, 'staticmap');
         $noip = false;
         foreach ($a_maps as $map) {
             if (empty($map['ipaddr'])) {
diff --git a/src/www/services_dhcp_edit.php b/src/www/services_dhcp_edit.php
index d2932e753..11fc301d7 100644
--- a/src/www/services_dhcp_edit.php
+++ b/src/www/services_dhcp_edit.php
@@ -102,7 +102,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (empty($config['dhcpd'][$if]['staticmap'])) {
         $config['dhcpd'][$if]['staticmap'] = array();
     }
-    $a_maps = &$config['dhcpd'][$if]['staticmap'];
+    $a_maps = &config_read_array('dhcpd', $if, 'staticmap');
     $input_errors = array();
 
     /* input validation */
diff --git a/src/www/services_dhcpv6_edit.php b/src/www/services_dhcpv6_edit.php
index f3f4ab562..5979d8434 100644
--- a/src/www/services_dhcpv6_edit.php
+++ b/src/www/services_dhcpv6_edit.php
@@ -105,7 +105,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     }
 
     /* check for overlaps */
-    $a_maps = &$config['dhcpdv6'][$if]['staticmap'];
+    $a_maps = &config_read_array('dhcpdv6', $if, 'staticmap');
     foreach ($a_maps as $mapent) {
         if (isset($id) && ($a_maps[$id] === $mapent)) {
             continue;
diff --git a/src/www/services_dnsmasq.php b/src/www/services_dnsmasq.php
index 89abb6c62..d6dbc5a0c 100644
--- a/src/www/services_dnsmasq.php
+++ b/src/www/services_dnsmasq.php
@@ -133,7 +133,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         header(url_safe('Location: /services_dnsmasq.php'));
         exit;
     } elseif (!empty($pconfig['act']) && $pconfig['act'] == 'del') {
-        $a_hosts = &$config['dnsmasq']['hosts'];
+        $a_hosts = &config_read_array('dnsmasq', 'hosts');
         if (isset($pconfig['id']) && !empty($a_hosts[$pconfig['id']])) {
             unset($a_hosts[$pconfig['id']]);
             write_config();
@@ -141,7 +141,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             exit;
         }
     } elseif (!empty($pconfig['act']) && $pconfig['act'] == 'doverride') {
-        $a_domainOverrides = &$config['dnsmasq']['domainoverrides'];
+        $a_domainOverrides = &config_read_array('dnsmasq', 'domainoverrides');
         if (isset($pconfig['id']) && !empty($a_domainOverrides[$pconfig['id']])) {
             unset($a_domainOverrides[$pconfig['id']]);
             write_config();
diff --git a/src/www/services_dnsmasq_domainoverride_edit.php b/src/www/services_dnsmasq_domainoverride_edit.php
index 472e4c814..40d22634f 100644
--- a/src/www/services_dnsmasq_domainoverride_edit.php
+++ b/src/www/services_dnsmasq_domainoverride_edit.php
@@ -33,10 +33,7 @@ require_once("services.inc");
 require_once("interfaces.inc");
 
 
-if (empty($config['dnsmasq']['domainoverrides']) || !is_array($config['dnsmasq']['domainoverrides'])) {
-    $config['dnsmasq']['domainoverrides'] = array();
-}
-$a_domainOverrides = &$config['dnsmasq']['domainoverrides'];
+$a_domainOverrides = &config_read_array('dnsmasq', 'domainoverrides');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (isset($_GET['id']) && !empty($a_domainOverrides[$_GET['id']])) {
diff --git a/src/www/services_dnsmasq_edit.php b/src/www/services_dnsmasq_edit.php
index 24085f066..7fe62e0f8 100644
--- a/src/www/services_dnsmasq_edit.php
+++ b/src/www/services_dnsmasq_edit.php
@@ -36,11 +36,7 @@ function hostcmp($a, $b)
     return strcasecmp($a['host'], $b['host']);
 }
 
-if (empty($config['dnsmasq']['hosts']) || !is_array($config['dnsmasq']['hosts'])) {
-    $config['dnsmasq']['hosts'] = array();
-}
-
-$a_hosts = &$config['dnsmasq']['hosts'];
+$a_hosts = &config_read_array('dnsmasq', 'hosts');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (isset($_GET['id']) && !empty($a_hosts[$_GET['id']])) {
diff --git a/src/www/services_ntpd.php b/src/www/services_ntpd.php
index 2537358d0..94ffcd99a 100644
--- a/src/www/services_ntpd.php
+++ b/src/www/services_ntpd.php
@@ -35,10 +35,7 @@ require_once("system.inc");
 require_once("interfaces.inc");
 require_once("plugins.inc.d/ntpd.inc");
 
-if (!isset($config['ntpd']) || !is_array($config['ntpd'])) {
-    $config['ntpd'] = array();
-}
-$a_ntpd = &$config['ntpd'];
+$a_ntpd = &config_read_array('ntpd');
 
 $copy_fields = array('orphan', 'statsgraph', 'logpeer', 'logsys', 'clockstats', 'loopstats', 'interface',
                      'peerstats', 'noquery', 'noserve', 'kod', 'nomodify', 'nopeer', 'notrap', 'leapsec');
diff --git a/src/www/services_unbound.php b/src/www/services_unbound.php
index 26c8e1e41..614b9dfaf 100644
--- a/src/www/services_unbound.php
+++ b/src/www/services_unbound.php
@@ -32,10 +32,7 @@ require_once("services.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
 
-if (empty($config['unbound']) || !is_array($config['unbound'])) {
-    $config['unbound'] = array();
-}
-$a_unboundcfg =& $config['unbound'];
+$a_unboundcfg = &config_read_array('unbound');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     $pconfig = array();
diff --git a/src/www/services_unbound_acls.php b/src/www/services_unbound_acls.php
index 2d9cb0f28..1973b43ee 100644
--- a/src/www/services_unbound_acls.php
+++ b/src/www/services_unbound_acls.php
@@ -32,10 +32,7 @@ require_once("system.inc");
 require_once("services.inc");
 require_once("interfaces.inc");
 
-if (empty($config['unbound']['acls']) || !is_array($config['unbound']['acls'])) {
-    $config['unbound']['acls'] = array();
-}
-$a_acls = &$config['unbound']['acls'];
+$a_acls = &config_read_array('unbound', 'acls');
 
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/services_unbound_domainoverride_edit.php b/src/www/services_unbound_domainoverride_edit.php
index d4b993cf9..f503f5652 100644
--- a/src/www/services_unbound_domainoverride_edit.php
+++ b/src/www/services_unbound_domainoverride_edit.php
@@ -32,12 +32,7 @@ require_once("guiconfig.inc");
 require_once("services.inc");
 require_once("interfaces.inc");
 
-if (empty($config['unbound']['domainoverrides']) || !is_array($config['unbound']['domainoverrides'])) {
-    $config['unbound']['domainoverrides'] = array();
-}
-
-$a_domainOverrides = &$config['unbound']['domainoverrides'];
-
+$a_domainOverrides = &config_read_array('unbound', 'domainoverrides');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (isset($_GET['id']) && !empty($a_domainOverrides[$_GET['id']])) {
diff --git a/src/www/services_unbound_host_edit.php b/src/www/services_unbound_host_edit.php
index 2b0f75c08..02d04ff31 100644
--- a/src/www/services_unbound_host_edit.php
+++ b/src/www/services_unbound_host_edit.php
@@ -38,10 +38,7 @@ function hostcmp($a, $b)
     return strcasecmp($a['host'], $b['host']);
 }
 
-if (empty($config['unbound']['hosts']) || !is_array($config['unbound']['hosts'])) {
-    $config['unbound']['hosts'] = array();
-}
-$a_hosts = &$config['unbound']['hosts'];
+$a_hosts = &config_read_array('unbound', 'hosts');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (isset($_GET['id']) && !empty($a_hosts[$_GET['id']])) {
diff --git a/src/www/services_unbound_overrides.php b/src/www/services_unbound_overrides.php
index dac9b2791..7e01e0010 100644
--- a/src/www/services_unbound_overrides.php
+++ b/src/www/services_unbound_overrides.php
@@ -33,14 +33,7 @@ require_once("services.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
 
-if (empty($config['unbound']) || !is_array($config['unbound'])) {
-    $config['unbound'] = array();
-}
-
-if (empty($config['unbound']['hosts']) || !is_array($config['unbound']['hosts'])) {
-    $config['unbound']['hosts'] = array();
-}
-$a_hosts =& $config['unbound']['hosts'];
+$a_hosts = &config_read_array('unbound', 'hosts');
 /* Backwards compatibility for records created before introducing RR types. */
 foreach ($a_hosts as $i => $hostent) {
     if (!isset($hostent['rr'])) {
@@ -69,7 +62,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             exit;
         }
     } elseif (!empty($pconfig['act']) && $pconfig['act'] == 'doverride') {
-        $a_domainOverrides = &$config['unbound']['domainoverrides'];
+        $a_domainOverrides = &config_read_array('unbound', 'domainoverrides');
         if (isset($pconfig['id']) && !empty($a_domainOverrides[$pconfig['id']])) {
             unset($a_domainOverrides[$pconfig['id']]);
             write_config();
diff --git a/src/www/status_gateway_groups.php b/src/www/status_gateway_groups.php
index 431345545..8b6fb38cb 100644
--- a/src/www/status_gateway_groups.php
+++ b/src/www/status_gateway_groups.php
@@ -31,11 +31,7 @@ require_once("guiconfig.inc");
 require_once("services.inc");
 
 // request report data
-if (!isset($config['gateways']['gateway_group']) || !is_array($config['gateways']['gateway_group'])) {
-    $a_gateway_groups = array();
-} else {
-    $a_gateway_groups = &$config['gateways']['gateway_group'];
-}
+$a_gateway_groups = &config_read_array('gateways', 'gateway_group');
 $gateways_status = return_gateways_status(true);
 $a_gateways = return_gateways_array();
 
diff --git a/src/www/system_advanced_sysctl.php b/src/www/system_advanced_sysctl.php
index be62780a9..145af5e61 100644
--- a/src/www/system_advanced_sysctl.php
+++ b/src/www/system_advanced_sysctl.php
@@ -32,10 +32,7 @@
 require_once("guiconfig.inc");
 require_once("system.inc");
 
-if (!isset($config['sysctl']['item']) || !is_array($config['sysctl']['item'])) {
-    $config['sysctl']['item'] = array();
-}
-$a_tunable = &$config['sysctl']['item'];
+$a_tunable = &config_read_array('sysctl', 'item');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (isset($_GET['id']) && isset($a_tunable[$_GET['id']])) {
diff --git a/src/www/system_camanager.php b/src/www/system_camanager.php
index 909420429..b83705553 100644
--- a/src/www/system_camanager.php
+++ b/src/www/system_camanager.php
@@ -131,19 +131,9 @@ function ca_inter_create(&$ca, $keylen, $lifetime, $dn, $caref, $digest_alg = 's
 
 $ca_keylens = array( "512", "1024", "2048", "4096", "8192");
 $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
-
-if (!is_array($config['cert'])) {
-    $config['cert'] = array();
-}
-if (!isset($config['crl']) || !is_array($config['crl'])) {
-    $config['crl'] = array();
-}
-
-if (!isset($config['ca']) || !is_array($config['ca'])) {
-    $config['ca'] = array();
-}
-
-$a_ca =& $config['ca'];
+$a_ca = &config_read_array('ca');
+$a_cert = &config_read_array('cert');
+$a_crl = &config_read_array('crl');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (isset($a_ca[$_GET['id']])) {
@@ -237,7 +227,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             header(url_safe('Location: /system_camanager.php'));
             exit;
         }
-        $a_cert =& $config['cert'];
         $index = count($a_cert) - 1;
         for (; $index >=0; $index--) {
             if (isset($a_cert[$index]['caref']) && isset($a_ca[$id]['refid']) && $a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
@@ -245,7 +234,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             }
         }
 
-        $a_crl =& $config['crl'];
         $index = count($a_crl) - 1;
         for (; $index >=0; $index--) {
             if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
@@ -739,7 +727,7 @@ $main_buttons = array(
 
               $certcount = 0;
 
-              foreach ($config['cert'] as $cert) {
+              foreach ($a_cert as $cert) {
                   if ($cert['caref'] == $ca['refid']) {
                       $certcount++;
                   }
diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php
index 69167eadd..cc2f5f086 100644
--- a/src/www/system_certmanager.php
+++ b/src/www/system_certmanager.php
@@ -91,18 +91,9 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
 
 
 // config reference pointers
-if (!isset($config['system']['user']) || !is_array($config['system']['user'])) {
-    $config['system']['user'] = array();
-}
-$a_user =& $config['system']['user'];
-if (!isset($config['ca']) || !is_array($config['ca'])) {
-    $config['ca'] = array();
-}
-$a_ca =& $config['ca'];
-if (!is_array($config['cert'])) {
-    $config['cert'] = array();
-}
-$a_cert =& $config['cert'];
+$a_user = &config_read_array('system', 'user');
+$a_ca = &config_read_array('ca');
+$a_cert = &config_read_array('cert');
 
 
 // handle user GET/POST data
diff --git a/src/www/system_crlmanager.php b/src/www/system_crlmanager.php
index 33869ca17..c8326c6d2 100644
--- a/src/www/system_crlmanager.php
+++ b/src/www/system_crlmanager.php
@@ -58,16 +58,9 @@ function cert_unrevoke($cert, & $crl) {
 global $openssl_crl_status;
 
 // prepare config types
-if (!isset($config['ca']) || !is_array($config['ca'])) {
-    $config['ca'] = array();
-}
-if (!isset($config['cert']) || !is_array($config['cert'])) {
-    $config['cert'] = array();
-}
-if (!isset($config['crl']) || !is_array($config['crl'])) {
-    $config['crl'] = array();
-}
-$a_crl =& $config['crl'];
+$a_crl = &config_read_array('crl');
+$a_cert = &config_read_array('cert');
+$a_ca = &config_read_array('ca');
 
 
 $thiscrl = false;
@@ -363,7 +356,7 @@ include("head.inc");
                 <td>
                   <select name='caref' id='caref' class="selectpicker">
 <?php
-                  foreach ($config['ca'] as $ca):?>
+                  foreach ($a_ca as $ca):?>
                     <option value="<?=$ca['refid'];?>" <?=$pconfig['caref'] == $ca['refid'] ? "selected=\"selected\"" : "";?>>
                       <?=htmlentities($ca['descr']);?>
                     </option>
@@ -512,7 +505,7 @@ include("head.inc");
                 endforeach;
               endif;
               $ca_certs = array();
-              foreach ($config['cert'] as $cert) {
+              foreach ($a_cert as $cert) {
                   if (isset($cert['caref']) && isset($thiscrl['caref'])  && $cert['caref'] == $thiscrl['caref']) {
                       $ca_certs[] = $cert;
                   }
@@ -590,7 +583,7 @@ include("head.inc");
                     $ca_crl_map[$crl['caref']][] = $crl['refid'];
                 }
 
-                foreach ($config['ca'] as $ca) :?>
+                foreach ($a_ca as $ca) :?>
                 <tr>
                   <td colspan="4"> <?=htmlspecialchars($ca['descr']);?></td>
                   <td>
diff --git a/src/www/system_gateway_groups.php b/src/www/system_gateway_groups.php
index f7426ebaa..d8887298e 100644
--- a/src/www/system_gateway_groups.php
+++ b/src/www/system_gateway_groups.php
@@ -33,11 +33,7 @@ require_once("system.inc");
 require_once("services.inc");
 require_once("rrd.inc");
 
-if (!isset($config['gateways']['gateway_group']) || !is_array($config['gateways']['gateway_group'])) {
-    $a_gateway_groups = array();
-} else {
-    $a_gateway_groups = &$config['gateways']['gateway_group'];
-}
+$a_gateway_groups = &config_read_array('gateways', 'gateway_group');
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (isset($_POST['act']) && $_POST['act'] == "del" ) {
diff --git a/src/www/system_gateway_groups_edit.php b/src/www/system_gateway_groups_edit.php
index 550fbeb1d..81b96f10b 100644
--- a/src/www/system_gateway_groups_edit.php
+++ b/src/www/system_gateway_groups_edit.php
@@ -31,14 +31,7 @@ require_once("guiconfig.inc");
 require_once("services.inc");
 require_once("interfaces.inc");
 
-if (!is_array($config['gateways'])) {
-    $config['gateways'] = array();
-}
-
-if (!is_array($config['gateways']['gateway_group'])) {
-    $config['gateways']['gateway_group'] = array();
-}
-$a_gateway_groups = &$config['gateways']['gateway_group'];
+$a_gateway_groups = &config_read_array('gateways', 'gateway_group');
 $a_gateways = return_gateways_array();
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/system_gateways.php b/src/www/system_gateways.php
index ea1f73326..6579b4760 100644
--- a/src/www/system_gateways.php
+++ b/src/www/system_gateways.php
@@ -156,7 +156,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         if (!is_array($config['gateways']['gateway_item'])) {
             $config['gateways']['gateway_item'] = array();
         }
-        $a_gateway_item = &$config['gateways']['gateway_item'];
+        $a_gateway_item = &config_read_array('gateways', 'gateway_item');
 
         if (isset($a_gateway_item[$realid]['disabled'])) {
             unset($a_gateway_item[$realid]['disabled']);
diff --git a/src/www/system_gateways_edit.php b/src/www/system_gateways_edit.php
index e71dd88f6..91e88a6df 100644
--- a/src/www/system_gateways_edit.php
+++ b/src/www/system_gateways_edit.php
@@ -334,7 +334,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             $realid = $a_gateways[$id]['attribute'];
         }
 
-        $a_gateway_item = &$config['gateways']['gateway_item'];
+        $a_gateway_item = &config_read_array('gateways', 'gateway_item');
         $reloadif = "";
         $gateway = array();
 
diff --git a/src/www/system_groupmanager.php b/src/www/system_groupmanager.php
index 569a87898..c13440b30 100644
--- a/src/www/system_groupmanager.php
+++ b/src/www/system_groupmanager.php
@@ -31,10 +31,7 @@
 
 require_once("guiconfig.inc");
 
-if (!isset($config['system']['group'])) {
-    $config['system']['group'] = array();
-}
-$a_group = &$config['system']['group'];
+$a_group = &config_read_array('system', 'group');
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (isset($a_group[$_GET['groupid']])) {
@@ -136,7 +133,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
 
             /* Refresh users in this group since their privileges may have changed. */
             if (is_array($group['member'])) {
-                $a_user = &$config['system']['user'];
+                $a_user = &config_read_array('system', 'user');
                 foreach ($a_user as & $user) {
                     if (in_array($user['uid'], $group['member'])) {
                         local_user_set($user);
diff --git a/src/www/system_hasync.php b/src/www/system_hasync.php
index 995008de7..ea448a68a 100644
--- a/src/www/system_hasync.php
+++ b/src/www/system_hasync.php
@@ -30,10 +30,7 @@
 require_once("guiconfig.inc");
 require_once("interfaces.inc");
 
-if (!isset($config['hasync']) || !is_array($config['hasync'])) {
-    $config['hasync'] = array();
-}
-$a_hasync = &$config['hasync'];
+$a_hasync = &config_read_array('hasync');
 
 $checkbox_names = array(
     'pfsyncenabled',
diff --git a/src/www/system_routes.php b/src/www/system_routes.php
index ca0c13aa0..a666a70c6 100644
--- a/src/www/system_routes.php
+++ b/src/www/system_routes.php
@@ -66,11 +66,7 @@ function delete_static_route($id)
     unset($targets);
 }
 
-if (!isset($config['staticroutes']['route']) || !is_array($config['staticroutes']['route'])) {
-    $a_routes = array();
-} else {
-    $a_routes = &$config['staticroutes']['route'];
-}
+$a_routes = &config_read_array('staticroutes', 'route');
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $pconfig = $_POST;
diff --git a/src/www/system_routes_edit.php b/src/www/system_routes_edit.php
index 85b4ace29..ca005478f 100644
--- a/src/www/system_routes_edit.php
+++ b/src/www/system_routes_edit.php
@@ -32,15 +32,7 @@ require_once("guiconfig.inc");
 require_once("filter.inc");
 require_once("interfaces.inc");
 
-if (!isset($config['staticroutes']) || !is_array($config['staticroutes'])) {
-    $config['staticroutes'] = array();
-}
-
-if (!isset($config['staticroutes']['route']) || !is_array($config['staticroutes']['route'])) {
-    $config['staticroutes']['route'] = array();
-}
-
-$a_routes = &$config['staticroutes']['route'];
+$a_routes =  &config_read_array('staticroutes', 'route');
 $a_gateways = return_gateways_array(true, true);
 
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
diff --git a/src/www/system_usermanager.php b/src/www/system_usermanager.php
index 52d102150..07bc57b83 100644
--- a/src/www/system_usermanager.php
+++ b/src/www/system_usermanager.php
@@ -76,10 +76,7 @@ function get_user_privdesc(& $user)
 }
 
 // link user section
-if (!isset($config['system']['user']) || !is_array($config['system']['user'])) {
-    $config['system']['user'] = array();
-}
-$a_user = &$config['system']['user'];
+$a_user = &config_read_array('system', 'user');
 
 // reset errors and action
 $input_errors = array();
diff --git a/src/www/system_usermanager_addprivs.php b/src/www/system_usermanager_addprivs.php
index 19f4530f8..0790564ae 100644
--- a/src/www/system_usermanager_addprivs.php
+++ b/src/www/system_usermanager_addprivs.php
@@ -57,24 +57,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         exit;
     }
     if ($input_type == "group") {
-        if (!isset($config['system']['group'][$id]['priv']) || !is_array($config['system']['group'][$id]['priv'])) {
-            $a_privs = array();
-        } else {
-            $a_privs = & $config['system']['group'][$id]['priv'];
-        }
+        $a_privs = &config_read_array('system', 'group', $id, 'priv');
     } else {
-        if (!isset($config['system']['user'][$id]['priv']) || !is_array($config['system']['user'][$id]['priv'])) {
-            $a_privs = array();
-        } else {
-            $a_privs = $config['system']['user'][$id]['priv'];
-        }
+        $a_privs = &config_read_array('system', 'user', $id, 'priv');
     }
 } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $pconfig = $_POST;
     if (isset($pconfig['input_type']) && isset($pconfig['id'])) {
         if ($pconfig['input_type'] == 'user' && isset($config['system']['user'][$pconfig['id']]['name'])) {
             $userid = $_POST['id'];
-            $a_user = & $config['system']['user'][$userid];
+            $a_user = &config_read_array('system', 'user', $userid);
             $a_user['priv'] = is_array($pconfig['sysprivs']) ? $pconfig['sysprivs'] : array();
             $a_user['priv'] = sort_user_privs($a_user['priv']);
             local_user_set($a_user);
@@ -85,7 +77,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             exit;
         } elseif ($_POST['input_type'] == 'group' && isset($config['system']['group'][$pconfig['id']]['name'])) {
             $groupid = $_POST['id'];
-            $a_group = & $config['system']['group'][$groupid];
+            $a_group = &config_read_array('system', 'group', $groupid);
             $a_group['priv'] = is_array($pconfig['sysprivs']) ? $pconfig['sysprivs'] : array();
             $a_group['priv'] = sort_user_privs($a_group['priv']);
             if (is_array($a_group['member'])) {
diff --git a/src/www/vpn_ipsec.php b/src/www/vpn_ipsec.php
index 0befdfd9e..91017eac6 100644
--- a/src/www/vpn_ipsec.php
+++ b/src/www/vpn_ipsec.php
@@ -64,19 +64,9 @@ function ipsec_idinfo_to_text(& $idinfo) {
     }
 }
 
-if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
-    $config['ipsec'] = array();
-}
-if (!isset($config['ipsec']['phase1'])) {
-    $config['ipsec']['phase1'] = array();
-}
-if (!isset($config['ipsec']['phase2'])) {
-    $config['ipsec']['phase2'] = array();
-}
-
+$a_phase1 = &config_read_array('ipsec', 'phase1');
+$a_phase2 = &config_read_array('ipsec', 'phase2');
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $a_phase1 = &$config['ipsec']['phase1'];
-    $a_phase2 = &$config['ipsec']['phase2'];
     if (isset($_POST['apply'])) {
         ipsec_configure_do();
         filter_configure();
@@ -190,9 +180,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 }
 
 // form data
-$pconfig = $config['ipsec'];
-$pconfig['enable'] = isset($config['ipsec']['enable']);
-legacy_html_escape_form_data($pconfig);
+legacy_html_escape_form_data($a_phase1);
+legacy_html_escape_form_data($a_phase2);
 
 $service_hook = 'ipsec';
 
@@ -344,7 +333,7 @@ $( document ).ready(function() {
                   <tbody>
 <?php
                   $i = 0;
-                  foreach ($pconfig['phase1'] as $ph1ent) :?>
+                  foreach ($a_phase1 as $ph1ent) :?>
                     <tr>
                       <td>
                         <input type="checkbox" name="p1entry[]" value="<?=$i;?>"/>
@@ -463,7 +452,7 @@ $( document ).ready(function() {
                       <td colspan="9">
 <?php
                         $phase2count=0;
-                        foreach ($pconfig['phase2'] as $ph2ent) {
+                        foreach ($a_phase2 as $ph2ent) {
                             if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
                                 continue;
                             }
@@ -492,7 +481,7 @@ $( document ).ready(function() {
                             <tbody>
 <?php
                             $j = 0;
-                            foreach ($pconfig['phase2'] as $ph2index => $ph2ent) :
+                            foreach ($a_phase2 as $ph2index => $ph2ent) :
                                 if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
                                     continue;
                                 }?>
@@ -650,7 +639,7 @@ $( document ).ready(function() {
                     </tr>
                     <tr>
                       <td colspan=9>
-                        <input name="enable" type="checkbox" id="enable" value="yes" <?=!empty($pconfig['enable']) ? "checked=\"checked\"":"";?>/>
+                        <input name="enable" type="checkbox" id="enable" value="yes" <?=!empty($config['ipsec']['enable']) ? "checked=\"checked\"":"";?>/>
                         <strong><?=gettext("Enable IPsec"); ?></strong>
                       </td>
                     </tr>
diff --git a/src/www/vpn_ipsec_phase1.php b/src/www/vpn_ipsec_phase1.php
index b0253b15d..0075e3ce8 100644
--- a/src/www/vpn_ipsec_phase1.php
+++ b/src/www/vpn_ipsec_phase1.php
@@ -43,10 +43,13 @@ require_once("interfaces.inc");
 function ipsec_ikeid_used($ikeid) {
     global $config;
 
-    foreach ($config['ipsec']['phase1'] as $ph1ent)
-        if( $ikeid == $ph1ent['ikeid'] ) {
-            return true;
+    if (!empty($config['ipsec']['phase1'])) {
+        foreach ($config['ipsec']['phase1'] as $ph1ent) {
+            if( $ikeid == $ph1ent['ikeid'] ) {
+                return true;
+            }
         }
+    }
     return false;
 }
 
@@ -59,19 +62,6 @@ function ipsec_ikeid_next() {
     return $ikeid;
 }
 
-
-if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
-    $config['ipsec'] = array();
-}
-
-if (!isset($config['ipsec']['phase1'])) {
-    $config['ipsec']['phase1'] = array();
-}
-
-if (!isset($config['ipsec']['phase2'])) {
-    $config['ipsec']['phase2'] = array();
-}
-
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     // fetch data
     if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
@@ -154,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         }
     }
 } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $a_phase1 = &$config['ipsec']['phase1'];
+    $a_phase1 = &config_read_array('ipsec', 'phase1');
     if (isset($_POST['p1index']) && is_numericint($_POST['p1index'])) {
         $p1index = $_POST['p1index'];
     }
@@ -245,7 +235,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         }
     }
 
-    if (count($config['ipsec']['phase2'])) {
+    if (!empty($config['ipsec']['phase2'])) {
         foreach ($config['ipsec']['phase2'] as $phase2) {
             if ($phase2['ikeid'] == $pconfig['ikeid']) {
                 if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {