mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-28 04:30:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove project path in twig label error messages to prevent information leakage

Browse source
This commit is contained in:
Jan Böhmer 2024-08-23 22:28:29 +02:00
parent 77671550a7
commit 5231dbd6e7
4 changed files with 66 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/Exceptions/TwigModeException.php
View file

@ -46,8 +46,23 @@ use Twig\Error\Error;
class TwigModeException extends RuntimeException
{
private const PROJECT_PATH = __DIR__ . '/../../';
public function __construct(?Error $previous = null)
{
parent::__construct($previous->getMessage(), 0, $previous);
}
/**
* Returns the message of this exception, where it is tried to remove any sensitive information (like filepaths).
* @return string
*/
public function getSafeMessage(): string
{
//Resolve project root path
$projectPath = realpath(self::PROJECT_PATH);
//Remove occurrences of the project path from the message
return str_replace($projectPath, '[Part-DB Root Folder]', $this->getMessage());
}
}