Fix regression that discloses file path in some errors

This was introduced as part of refactoring error handler and it happens
with some errors even when show_detailed_errors is set to OFF.

Fixes #23925

api/soap/mc_api.php

@@ -162,6 +162,10 @@ static function faultServerError( $p_fault_string ) {
 	 */
 	static function faultFromException( Exception $p_exception ) {
 		$t_code = $p_exception->getCode();
+		$t_message = $p_exception->getMessage();
+
+		# Make sure the file path is not disclosed via exception details
+		$t_message = str_replace( config_get_global( 'absolute_path' ), '.../', $t_message );
 
 		switch( $t_code ) {
 			case ERROR_NO_FILE_SPECIFIED:
@@ -227,7 +231,7 @@ static function faultFromException( Exception $p_exception ) {
 			case ERROR_COLUMNS_INVALID:
 			case ERROR_API_TOKEN_NAME_NOT_UNIQUE:
 			case ERROR_INVALID_FIELD_VALUE:
-				return ApiObjectFactory::faultBadRequest( $p_exception->getMessage() );
+				return ApiObjectFactory::faultBadRequest( $t_message );
 
 			case ERROR_BUG_NOT_FOUND:
 			case ERROR_FILE_NOT_FOUND:
@@ -249,7 +253,7 @@ static function faultFromException( Exception $p_exception ) {
 			case ERROR_FILTER_NOT_FOUND:
 			case ERROR_TAG_NOT_FOUND:
 			case ERROR_TOKEN_NOT_FOUND:
-				return ApiObjectFactory::faultNotFound( $p_exception->getMessage() );
+				return ApiObjectFactory::faultNotFound( $t_message );
 
 			case ERROR_ACCESS_DENIED:
 			case ERROR_PROTECTED_ACCOUNT:
@@ -267,18 +271,18 @@ static function faultFromException( Exception $p_exception ) {
 			case ERROR_LOST_PASSWORD_NOT_ENABLED:
 			case ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED:
 			case ERROR_FORM_TOKEN_INVALID:
-				return ApiObjectFactory::faultForbidden( $p_exception->getMessage() );
+				return ApiObjectFactory::faultForbidden( $t_message );
 
 			case ERROR_SPAM_SUSPECTED:
-				return ApiObjectFactory::faultTooManyRequests( $p_exception->getMessage() );
+				return ApiObjectFactory::faultTooManyRequests( $t_message );
 
 			case ERROR_CONFIG_OPT_INVALID:
 			case ERROR_FILE_INVALID_UPLOAD_PATH:
 				# TODO: These are configuration or db state errors.
-				return ApiObjectFactory::faultServerError( $p_exception->getMessage() );
+				return ApiObjectFactory::faultServerError( $t_message );
 
 			default:
-				return ApiObjectFactory::faultServerError( $p_exception->getMessage() );
+				return ApiObjectFactory::faultServerError( $t_message );
 		}
 	}
 
@@ -1134,6 +1138,9 @@ function mc_error_handler( $p_type, $p_error, $p_file, $p_line, array $p_context
 
 	$t_error_stack = error_get_stack_trace();
 
+	# Make sure the file path is not disclosed via exception details
+	$t_error_description = str_replace( config_get_global( 'absolute_path' ), '.../', $t_error_description );
+
 	error_log( '[mantisconnect.php] Error Type: ' . $t_error_type . ',' . "\n" . 'Error Description: ' . $t_error_description . "\n" . 'Stack Trace:' . "\n" . $t_error_stack );
 
 	throw new SoapFault( 'Server', 'Error Type: ' . $t_error_type . ',' . "\n" . 'Error Description: ' . $t_error_description );

core/error_api.php

@@ -247,11 +247,16 @@ function error_handler( $p_type, $p_error, $p_file, $p_line, array $p_context )
 
 	$t_error_description = nl2br( $t_error_description );
 
+	# Make sure the file path is not disclosed via exception details
+	$t_error_description = str_replace( config_get_global( 'absolute_path' ), '.../', $t_error_description );
+
+	$t_show_detailed_errors = config_get_global( 'show_detailed_errors' ) == ON;
+
 	if( php_sapi_name() == 'cli' ) {
 		if( DISPLAY_ERROR_NONE != $t_method ) {
 			echo $t_error_type . ': ' . $t_error_description . "\n";
 
-			if( ON == config_get_global( 'show_detailed_errors' ) ) {
+			if( $t_show_detailed_errors ) {
 				echo "\n";
 				error_print_stack_trace();
 			}
@@ -334,7 +339,7 @@ function error_handler( $p_type, $p_error, $p_file, $p_line, array $p_context )
 				}
 				echo '</div>';
 
-				if( ON == config_get_global( 'show_detailed_errors' ) ) {
+				if( $t_show_detailed_errors ) {
 					echo '<p>';
 					error_print_details( $p_file, $p_line, $p_context );
 					echo '</p>';