Currently in some _log files, we leak the full path to the impacted files.

Example in php-errors.log:

[2024-04-09 17:33:34] glpiphplog.WARNING:   *** PHP User Warning (512): Unable to bind to LDAP server `veve.geg.efe.:389` anonymously
error: Can't contact LDAP server (-1) in /home/francois/www/glpi-core/10bf/htdocs/src/AuthLDAP.php at line 3194
  Backtrace :
  src/AuthLDAP.php:3194                              trigger_error()
  src/AuthLDAP.php:1666                              AuthLDAP::connectToServer()
  front/authldap.form.php:67                         AuthLDAP::testLDAPConnection()
  public/index.php:82                                require()

In certain security contexts (at our customers, in the cloud, etc.), given that we can consult/download these files directly in the GLPI 11 interface, we should only see the end of the path to the file (example: "src/AuthLDAP.php").

And yes, this information can also be found in the "System" tab of the general configuration of GLPI, customers/partners have already asked us for patches to hide this information: perhaps take advantage of this to add a variable like (simple example to think about) if installation mode "CLOUD", do not display the system information.

The full paths are also available, in debug mode, when an exception occurs, but they should not.