Improve comments

diff --git a/gatekeeper.pl b/gatekeeper.pl
index b966081474bebf062841842d16fbaef46d1a3efc..a268629cc26223a1d9fdd7f14eb145d1af7eb726 100755 (executable)
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -454,10 +454,11 @@ require File::Spec::Unix; # ensure that File::Spec::Unix is loaded
 #  and contain only those characters, plus hyphen, dot, and tilde
 #  note that an acceptable filename may not begin with dot, so ".." is out
 my $RE_filename_here = qr/[[:alnum:]_+][-.[:alnum:]_+~]*/;
-# regex matching an acceptable relative filename
+# regex matching an acceptable relative filename in POSIX syntax
 #  all components must be acceptable filenames
 #  empty components are not allowed
 #  a trailing slash is not allowed
+#  a leading slash is not allowed
 my $RE_filename_relative = qr[$RE_filename_here(?:/$RE_filename_here)*];
 
 # limit on the length of a filename that will be processed
@@ -931,7 +932,7 @@ sub scan_incoming {
   ftp_syslog('info', "Trashcanned files removed")
     if unlink @trash;
   @trash = (); # and empty the array to be safe, since it contained
-                # potentially arbitrary _untainted_ filenames
+               # potentially arbitrary _untainted_ filenames
 
   # No possible files found, so return before we call lsof
   return () unless %possible;
@@ -1002,7 +1003,7 @@ sub scan_incoming {
       foreach my $file (@$triplet) {
        # If the file exists in the scratchpad, but not in the incoming
        # directory, we may have already moved it to the scratchpad
-       # directory as part of another packet.  Submit both packets for
+       # directory as part of another packet.  We submit both packets for
        # processing; it is near-certain that one of them is fake and will
        # be rejected after failing authentication.
        unless ((-e File::Spec->catfile($scratchpad, $file)