From a4f72cbb408bdb4172a3925535b4f37ece8f63c3 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Sun, 12 Feb 2017 16:33:00 +0100
Subject: [PATCH] do not show full path of file on php-error; fixes #1720

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 lib/functions/froxlor/function.phpErrHandler.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/functions/froxlor/function.phpErrHandler.php b/lib/functions/froxlor/function.phpErrHandler.php
index 862230a2..90664e63 100644
--- a/lib/functions/froxlor/function.phpErrHandler.php
+++ b/lib/functions/froxlor/function.phpErrHandler.php
@@ -25,6 +25,8 @@ function phpErrHandler($errno, $errstr, $errfile, $errline, $errcontext) {
 		if (empty($theme)) {
 			$theme = "Sparkle";
 		}
+		// prevent possible file-path-disclosure
+		$errfile = str_replace(FROXLOR_INSTALL_DIR, "", $errfile);
 		// if we're not on the shell, output a nicer error-message
 		$err_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$theme.'/misc/phperrornice.tpl');
 		// replace values