From 0df931d3ee8fe9225094217ee32ed3a559e05166 Mon Sep 17 00:00:00 2001
From: "codeberg.org" <codeberg@codeberg.org>
Date: Mon, 4 May 2020 22:24:56 +0200
Subject: [PATCH] var/www/pages/index.php : comments

---
 var/www/pages/index.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/var/www/pages/index.php b/var/www/pages/index.php
index 8bb5c33..87b7bd3 100644
--- a/var/www/pages/index.php
+++ b/var/www/pages/index.php
@@ -29,6 +29,7 @@ if ($request_url === "/") {
 ");
 }
 
+# Restrict allowed characters in request URI:
 if (preg_match("/^\/[a-zA-Z0-9_ +\-\/\.]+\$/", $request_url) != 1) {
     send_response(404, "invalid request URL");
 }
@@ -39,10 +40,12 @@ array_shift($parts); # remove empty first
 $owner = strtolower(array_shift($parts));
 $git_root = realpath("$git_prefix/$owner/pages.git");
 
+# Ensure that only files within the user's pages repository are accessed:
 if (substr($git_root, 0, strlen($git_prefix)) !== $git_prefix) {
     send_response(404, "this user/organization does not have codeberg pages");
 }
 
+# If URL ends on "/", last entry in array is empty. Remove it:
 if (end($parts) === "") {
     array_pop($parts);
 }