From 6f81cfd479c79685c6a5a8b190045027ec775aef Mon Sep 17 00:00:00 2001
From: Adam Olley <adam.olley@openlms.net>
Date: Sun, 10 Mar 2024 00:32:31 +1030
Subject: [PATCH 1/2] MDL-81182 factor_email: Correct path for config.php
 require

Without this, the path is incorrect and can, in some circumstances (if
config.php is a symlink for one) - result in PHP requiring the config
file twice.
---
 admin/tool/mfa/factor/email/email.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin/tool/mfa/factor/email/email.php b/admin/tool/mfa/factor/email/email.php
index 7c4f0e64835..2a961a6fc38 100644
--- a/admin/tool/mfa/factor/email/email.php
+++ b/admin/tool/mfa/factor/email/email.php
@@ -24,7 +24,7 @@
  */
 // Ignore coding standards for login check, this page does not require login.
 // @codingStandardsIgnoreStart
-require_once(__DIR__ . '../../../../../../config.php');
+require_once(__DIR__ . '/../../../../../config.php');
 $instanceid = required_param('instance', PARAM_INT);
 $pass = optional_param('pass', '0', PARAM_INT);
 $secret = optional_param('secret', 0, PARAM_INT);

From 5e87af83966cde3489c5663eb369501fed11e83f Mon Sep 17 00:00:00 2001
From: Adam Olley <adam.olley@openlms.net>
Date: Sun, 10 Mar 2024 01:04:51 +1030
Subject: [PATCH 2/2] MDL-81182 factor_sms: Correct path for config.php require

Without this, the path is incorrect and can, in some circumstances (if
config.php is a symlink for one) - result in PHP requiring the config
file twice.
---
 admin/tool/mfa/factor/sms/editphonenumber.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin/tool/mfa/factor/sms/editphonenumber.php b/admin/tool/mfa/factor/sms/editphonenumber.php
index 1294f1ec9e4..1031996ac43 100644
--- a/admin/tool/mfa/factor/sms/editphonenumber.php
+++ b/admin/tool/mfa/factor/sms/editphonenumber.php
@@ -22,7 +22,7 @@
  * @license     http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 
-require_once(__DIR__ . '../../../../../../config.php');
+require_once(__DIR__ . '/../../../../../config.php');
 
 require_login(null, false);
 if (isguestuser()) {