PHP - stop displaying the full path in errors

Question

PHP - stop displaying the full path in errors

I can say that PHP does NOT display the full file path with an error in error messages, warnings or notifications. I know that I can disable errors; But to avoid risk.

For example: My script returns an error, which is displayed as follows:

Fatal error: Call to undefined function shell_exec1() in /home/[user]/public_html/index.php on line 1

I want to display it as

Fatal error: Call to undefined function shell_exec1() in ~/index.php on line 1

Thus, it will be safer to display error messages without exposing the full file path to the bad guys.

Is it possible? How?

+3

security php error-handling

aceph Feb 07 '14 at 19:36

source share

2 answers

, . basename(), .

http://php.net/manual/ru/function.basename.php

0

stakantin 19 . '16 19:59

Dan power · Accepted Answer · 2014-02-10T09:03:10+0000

Just write your own error handler. see http://www.php.net/manual/en/function.set-error-handler.php

function myErrorHandler($errno, $errstr, $errfile, $errline) {
    if (!(error_reporting() & $errno)) {
        // This error code is not included in error_reporting
        return;
    }

    switch ($errno) {
        case E_USER_ERROR:
        echo "<b>My ERROR</b> [$errno] $errstr<br />\n";
        echo "  Fatal error on line $errline in file $errfile";
        echo ", PHP " . PHP_VERSION . " (" . PHP_OS . ")<br />\n";
        echo "Aborting...<br />\n";
        exit(1);
        break;

    case E_USER_WARNING:
        echo "<b>My WARNING</b> [$errno] $errstr<br />\n";
        break;

    case E_USER_NOTICE:
        echo "<b>My NOTICE</b> [$errno] $errstr<br />\n";
        break;

    default:
        echo "Unknown error type: [$errno] $errstr<br />\n";
        break;
    }

    /* Don't execute PHP internal error handler */
    return true;
}

set_error_handler("myErrorHandler");

PHP - stop displaying the full path in errors

More articles: