X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=.htaccess;h=03351d2d8ee733cf7ac5bdc76b4b88ff2028f8be;hb=fba14eeafe223f8e4dafb39359556bb48c3d7d5f;hp=c2a856829fde5aa7c84af8e6e7316a6cd3a3484c;hpb=059569fef59006c2ab9af689c582fc3e9b0d7e6e;p=wfpl-cms.git
diff --git a/.htaccess b/.htaccess
index c2a8568..03351d2 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,15 +1,41 @@
-# php_value post_max_size 205M
-# php_value upload_max_filesize 200M
+php_value post_max_size 25M
+php_value upload_max_filesize 20M
php_flag register_globals off
php_flag magic_quotes_gpc off
-Options -MultiViews
DirectorySlash Off
+DirectoryIndex disabled
AddDefaultCharset UTF-8
+AddCharset UTF-8 .css
RewriteEngine on
-RewriteRule ^[^/.]*$ /run.php [L]
-RewriteRule ^style_[0-9]*.css$ /style.css [L]
+RewriteRule ^[^/.]*$ /wfpl_main.php [L]
ExpiresActive On
ExpiresDefault A31536000
+
+# SECURITY: don't execute code on the server (exception below)
+SetHandler none
+SetHandler default-handler
+# this option is needed for RewriteRule to work:
+Options SymlinksIfOwnerMatch
+php_flag engine off
+RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
+# code execution exception: allow only /wfpl_main.php
+# matches regardless of directory/path, so rewrite php in subdirs
+RewriteRule ^(wfpl_main\.php|paypal_ipn\.php|cms_images_autoresize\.php)$ - [L]
+RewriteRule .*\.php$ - [L,R=404]
+
+ php_flag engine on
+ SetHandler application/x-httpd-php
+
+
+ php_flag engine on
+ SetHandler application/x-httpd-php
+
+
+ php_flag engine on
+ SetHandler application/x-httpd-php
+
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^cms_images/[0-9a-f]+w[0-9]+\.[pj][np]g$ /cms_images_autoresize.php