3 files changed, 67 insertions, 8 deletions
diff --git a/phpBB/includes/error_collector.php b/phpBB/includes/error_collector.php
index 55834f354c..3c0a89a1f3 100644
--- a/phpBB/includes/error_collector.php
+++ b/phpBB/includes/error_collector.php
@@ -49,13 +49,15 @@ class phpbb_error_collector
 			{
 				$text .= "<br />\n";
 			}
+
 			list($errno, $msg_text, $errfile, $errline) = $error;
-			$text .= "Errno $errno: $msg_text";
-			if (defined('DEBUG_EXTRA') || defined('IN_INSTALL'))
-			{
-				$text .= " at $errfile line $errline";
-			}
+
+			// Prevent leakage of local path to phpBB install
+			$errfile = phpbb_filter_root_path($errfile);
+
+			$text .= "Errno $errno: $msg_text at $errfile line $errline";
 		}
+
 		return $text;
 	}
 }
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 628f8ee123..e01bbe36d1 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -3816,9 +3816,8 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 
 			if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
 			{
-				// remove complete path to installation, with the risk of changing backslashes meant to be there
-				$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
-				$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
+				$errfile = phpbb_filter_root_path($errfile);
+				$msg_text = phpbb_filter_root_path($msg_text);
 				$error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice';
 				echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
 
@@ -3997,6 +3996,29 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 }
 
 /**
+* Removes absolute path to phpBB root directory from error messages
+* and converts backslashes to forward slashes.
+*
+* @param string $errfile	Absolute file path
+*							(e.g. /var/www/phpbb3/phpBB/includes/functions.php)
+*							Please note that if $errfile is outside of the phpBB root,
+*							the root path will not be found and can not be filtered.
+* @return string			Relative file path
+*							(e.g. /includes/functions.php)
+*/
+function phpbb_filter_root_path($errfile)
+{
+	static $root_path;
+
+	if (empty($root_path))
+	{
+		$root_path = phpbb_realpath(dirname(__FILE__) . '/../');
+	}
+
+	return str_replace(array($root_path, '\\'), array('[ROOT]', '/'), $errfile);
+}
+
+/**
 * Queries the session table to get information about online guests
 * @param int $item_id Limits the search to the item with this id
 * @param string $item The name of the item which is stored in the session table as session_{$item}_id
diff --git a/tests/error_collector_test.php b/tests/error_collector_test.php
new file mode 100644
index 0000000000..e1ac32f5ac
--- /dev/null
+++ b/tests/error_collector_test.php
@@ -0,0 +1,35 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+require_once dirname(__FILE__) . '/../phpBB/includes/functions.php';
+require_once dirname(__FILE__) . '/../phpBB/includes/error_collector.php';
+
+class phpbb_error_collector_test extends phpbb_test_case
+{
+	public function test_collection()
+	{
+		$collector = new phpbb_error_collector;
+		$collector->install();
+
+		// Cause a warning
+		1/0; $line = __LINE__;
+
+		$collector->uninstall();
+
+		list($errno, $msg_text, $errfile, $errline) = $collector->errors[0];
+		$error_contents = $collector->format_errors();
+
+		$this->assertEquals($errno, 2);
+
+		// Unfortunately $error_contents will contain the full path here,
+		// because the tests directory is outside of phpbb root path.
+		$this->assertStringStartsWith('Errno 2: Division by zero at ', $error_contents);
+		$this->assertStringEndsWith(" line $line", $error_contents);
+	}
+}