var/www/pages/index.php : comments
This commit is contained in:
codeberg.org
parent
43df6cdf2a
commit
0df931d3ee
|
|
@ -29,6 +29,7 @@ if ($request_url === "/") {
|
|||
");
|
||||
}
|
||||
|
||||
# Restrict allowed characters in request URI:
|
||||
if (preg_match("/^\/[a-zA-Z0-9_ +\-\/\.]+\$/", $request_url) != 1) {
|
||||
send_response(404, "invalid request URL");
|
||||
}
|
||||
|
|
@ -39,10 +40,12 @@ array_shift($parts); # remove empty first
|
|||
$owner = strtolower(array_shift($parts));
|
||||
$git_root = realpath("$git_prefix/$owner/pages.git");
|
||||
|
||||
# Ensure that only files within the user's pages repository are accessed:
|
||||
if (substr($git_root, 0, strlen($git_prefix)) !== $git_prefix) {
|
||||
send_response(404, "this user/organization does not have codeberg pages");
|
||||
}
|
||||
|
||||
# If URL ends on "/", last entry in array is empty. Remove it:
|
||||
if (end($parts) === "") {
|
||||
array_pop($parts);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue