diff options
| author | Nils Adermann <naderman@naderman.de> | 2011-09-18 23:24:13 +0200 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2011-09-18 23:24:13 +0200 |
| commit | 2731e5a456a6d3da0b8926f63b2a4d440bfe439e (patch) | |
| tree | 6ea3439496aacea16b5197bf16d26f1c716e5232 /phpBB/includes | |
| parent | bf5d453479ed572692209b7acf71f3e9c0e97cc7 (diff) | |
| parent | 94fead702a450dbbd25b58d68d132a9e476bae44 (diff) | |
| download | forums-2731e5a456a6d3da0b8926f63b2a4d440bfe439e.tar forums-2731e5a456a6d3da0b8926f63b2a4d440bfe439e.tar.gz forums-2731e5a456a6d3da0b8926f63b2a4d440bfe439e.tar.bz2 forums-2731e5a456a6d3da0b8926f63b2a4d440bfe439e.tar.xz forums-2731e5a456a6d3da0b8926f63b2a4d440bfe439e.zip | |
Merge branch 'develop-olympus' into develop
* develop-olympus:
[ticket/10369] Replace root path with "[ROOT]" as per IRC.
[ticket/10369] Add warning about paths outside of phpBB root not being filtered
[ticket/10369] Rename filter_errfile() to filter_root_path().
[ticket/10369] DRY code to remove phpbb path from errfile.
[ticket/10369] Always include errfile and errline in format_errors().
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/error_collector.php | 12 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 28 |
2 files changed, 32 insertions, 8 deletions
diff --git a/phpBB/includes/error_collector.php b/phpBB/includes/error_collector.php index 55834f354c..3c0a89a1f3 100644 --- a/phpBB/includes/error_collector.php +++ b/phpBB/includes/error_collector.php @@ -49,13 +49,15 @@ class phpbb_error_collector { $text .= "<br />\n"; } + list($errno, $msg_text, $errfile, $errline) = $error; - $text .= "Errno $errno: $msg_text"; - if (defined('DEBUG_EXTRA') || defined('IN_INSTALL')) - { - $text .= " at $errfile line $errline"; - } + + // Prevent leakage of local path to phpBB install + $errfile = phpbb_filter_root_path($errfile); + + $text .= "Errno $errno: $msg_text at $errfile line $errline"; } + return $text; } } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 0d0b431cc2..a20e896126 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3759,9 +3759,8 @@ function msg_handler($errno, $msg_text, $errfile, $errline) if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false) { - // remove complete path to installation, with the risk of changing backslashes meant to be there - $errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile); - $msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text); + $errfile = phpbb_filter_root_path($errfile); + $msg_text = phpbb_filter_root_path($msg_text); $error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice'; echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n"; @@ -3940,6 +3939,29 @@ function msg_handler($errno, $msg_text, $errfile, $errline) } /** +* Removes absolute path to phpBB root directory from error messages +* and converts backslashes to forward slashes. +* +* @param string $errfile Absolute file path +* (e.g. /var/www/phpbb3/phpBB/includes/functions.php) +* Please note that if $errfile is outside of the phpBB root, +* the root path will not be found and can not be filtered. +* @return string Relative file path +* (e.g. /includes/functions.php) +*/ +function phpbb_filter_root_path($errfile) +{ + static $root_path; + + if (empty($root_path)) + { + $root_path = phpbb_realpath(dirname(__FILE__) . '/../'); + } + + return str_replace(array($root_path, '\\'), array('[ROOT]', '/'), $errfile); +} + +/** * Queries the session table to get information about online guests * @param int $item_id Limits the search to the item with this id * @param string $item The name of the item which is stored in the session table as session_{$item}_id |