1.2.1456. __DIR__ Then Slash

__DIR__ must be concatenated with a string starting with /.

The magic constant __DIR__ holds the name of the current directory <https://www.php.net/`directory>`_, without final /. When it is used to build path, then the following path fragment must start with /. Otherwise, two directories names will be merged together.

<?php

// __DIR__ = /a/b/c
// $filePath = /a/b/c/g.php

// /a/b/c/d/e/f.txt : correct path
echo __DIR__.'/d/e/f.txt';
echo dirname($filePath).'/d/e/f.txt';

// /a/b/cd/e/f.txt : most probably incorrect path
echo __DIR__.'d/e/f.txt';
echo dirname($filePath).'d/e/f.txt';

?>

1.2.1456.1. Suggestions

  • Add a check on __DIR__, as it may be ‘/’ when run at the root of the server

  • Add a ‘/’ at the beginning of the path after __DIR__.

  • Add a call to realpath() or file_exists(), before accessing the file.

1.2.1456.2. Specs

Short name

Structures/DirThenSlash

Rulesets

All, Analyze, CE, CI-checks, Changed Behavior

Exakat since

0.10.3

PHP Version

All

Severity

Major

Time To Fix

Instant (5 mins)

Precision

Very high

Examples

Traq

Available in

Entreprise Edition, Community Edition, Exakat Cloud