From 2ec258a14d59eb00ae7e997926f7dadd35282518 Mon Sep 17 00:00:00 2001
From: samuelgfeller <contact@samuel-gfeller.ch>
Date: Thu, 19 Dec 2024 18:14:37 +0100
Subject: [PATCH] Secured access to path outside directory

---
 config/settings.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/settings.php b/config/settings.php
index 8cbec55f..5d362b6a 100644
--- a/config/settings.php
+++ b/config/settings.php
@@ -10,8 +10,8 @@
 $settings = require __DIR__ . '/defaults.php';
 
 // Load secret configuration
-if (file_exists(__DIR__ . '/../../env.php')) {
-    require __DIR__ . '/../../env.php'; // Take env outside project dir if existing
+if (file_exists(dirname(__DIR__, 2) . '/env.php')) {
+    require dirname(__DIR__, 2) . '/env.php'; // Take env outside project dir if existing
 } elseif (file_exists(__DIR__ . '/env/env.php')) {
     require __DIR__ . '/env/env.php';
 }