From 324343ae9ec6c6f2b400ae67eab0a0bbf062f14f Mon Sep 17 00:00:00 2001
From: Vitaliy Filippov <vitalif@yourcmc.ru>
Date: Sun, 2 Nov 2014 02:04:07 +0300
Subject: [PATCH] Do not disclose information, communicate using file

---
 testagent.cgi |  8 ++++++--
 testserver.pl | 22 +++++++++++++++-------
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/testagent.cgi b/testagent.cgi
index 96df8da8a..4ceeea7bc 100755
--- a/testagent.cgi
+++ b/testagent.cgi
@@ -11,16 +11,20 @@
 #
 # Contributor(s): Joel Peshkin <bugreport@peshkin.net>
 
-# This script is used by servertest.pl to confirm that cgi scripts
+# This script is used by testserver.pl to confirm that cgi scripts
 # are being run instead of shown. This script does not rely on database access
 # or correct params.
 
 use strict;
 use POSIX;
+use File::Basename;
 
 print "HTTP/1.1 200 OK\n";
 print "Content-Type: text/plain\n\n";
+print "OK\n";
 my ($group) = POSIX::getgrgid(POSIX::getegid());
 $group ||= '';
-print "OK " . $::ENV{SERVER_SOFTWARE} . " group=$group\n";
+open FD, ">".dirname($0)."/data/testserver_report";
+print FD $::ENV{SERVER_SOFTWARE} . "\n$group\n";
+close FD;
 exit;
diff --git a/testserver.pl b/testserver.pl
index d1e182d00..d9481bb54 100755
--- a/testserver.pl
+++ b/testserver.pl
@@ -22,9 +22,10 @@ use lib qw(. lib);
 use Bugzilla;
 use Bugzilla::Constants;
 
+use File::Basename;
 use Socket;
 
-my $datadir = bz_locations()->{'datadir'};
+my $datadir = bz_locations()->{datadir};
 
 eval "require LWP; require LWP::UserAgent;";
 my $lwp = $@ ? 0 : 1;
@@ -54,10 +55,18 @@ Check your web server configuration and try again.\n";
 
 # Try to execute a cgi script
 my $response = fetch($ARGV[0] . "/testagent.cgi");
-if ($response =~ /^OK (.*?)\s*group=(\S*)\s*$/)
+if ($response =~ /^OK/)
 {
-    print "TEST-OK Webserver is executing CGIs via $1.\n";
-    my ($realgroup) = $2;
+    my ($server_software, $realgroup) = ('?', '');
+    if (open FD, dirname($0).'/data/testserver_report')
+    {
+        $server_software = <FD>;
+        $realgroup = <FD>;
+        close FD;
+        unlink(dirname($0).'/data/testserver_report');
+    }
+    chomp $_ for $server_software, $realgroup;
+    print "TEST-OK Webserver is executing CGIs via $server_software.\n";
     if (!$realgroup)
     {
         if (!ON_WINDOWS)
@@ -109,7 +118,7 @@ else
 }
 
 # Make sure that the web server is honoring .htaccess files
-my $localconfig = bz_locations()->{'localconfig'};
+my $localconfig = bz_locations()->{localconfig};
 $localconfig =~ s~^\./~~;
 $url = $ARGV[0] . "/$localconfig";
 $response = fetch($url);
@@ -140,8 +149,7 @@ if ($@ eq '')
         $gdlib =~ s/\n$//;
         if (!$gdlib)
         {
-            print "TEST-WARNING Failed to run gdlib-config; can't compare " .
-                  "GD versions.\n";
+            print "TEST-WARNING Failed to run gdlib-config; can't compare GD versions.\n";
         }
         else
         {