Because forking IS the process on GitHub. People and teams with no write access to the main repo can fork it and submit a pull request.

In my experience.

In general, corps only fork a repo when they want end users to use their repo.

In the case of development by corp's developers, they just generally fork it themselves and submit PRs from their accounts.

so I can see the confusion.

I wrote the site on an afternoon a couple of years ago and haven't had time or energy to update it.

If anyone is interested, please grab the code :) There is nothing server side other than the 'ls' command, which is nothing else than a directory listing in php (no system command at all is run on the server). All other commands are just basic Javascript.

It was never my intent to implement a terminal. The site does not execute any system commands at all on the server side. Pretty much, all commands are 'custom' or invented, to show stuff about me and stuff I've worked on (a long, long time ago). Nothing else.

Nice. The code was already checking for '..' on the path, but the condition was erroneous. Fixed now.

You might be better off getting the canonical path and then checking against a whitelist. E.g. `strpos(realpath($command_path), '/var/www/html/') === 0`.