X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;f=.htaccess;h=173e9bf5c54bc131a5e4375663b993c65c43ad1a;hb=a4f644413e4164883a7272bfecddba6d08bae3be;hp=e2570ae6415222ab6bdd61507c00fe968d2b69a1;hpb=34d182fda5293ad42fc1157535080ba5a5d6d47f;p=wfpl-cms.git

diff --git a/.htaccess b/.htaccess
index e2570ae..173e9bf 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,15 +1,33 @@
-# php_value post_max_size 205M
-# php_value upload_max_filesize 200M
+php_value post_max_size 25M
+php_value upload_max_filesize 20M
 php_flag register_globals off
 php_flag magic_quotes_gpc off
-Options -MultiViews
 DirectorySlash Off
+DirectoryIndex disabled
 AddDefaultCharset UTF-8
+AddCharset UTF-8 .css
 RewriteEngine  on
-RewriteRule    ^[^/.]*$  /run.php [L]
-RewriteRule    ^style_[0-9]*.less$  /style.less [L]
+RewriteRule    ^[^/.]*$  /wfpl_main.php [L]
+# Close loophole in security restriction/exception below
+RewriteRule    ^.*/.*wfpl_main.php$  /wfpl_main.php [L]
 
 <FilesMatch "\.(css|jpg|png)$">
 	ExpiresActive On
 	ExpiresDefault A31536000
 </FilesMatch>
+
+# SECURITY: don't execute code on the server (exception below)
+SetHandler none
+SetHandler default-handler
+# this option is needed for RewriteRule to work:
+Options SymlinksIfOwnerMatch
+php_flag engine off
+RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
+# Exception: allow access to wfpl_main.php
+#
+# this allows access to any files named "wfpl_main.php" anywhere, so there's a
+# rewrite rule above to use teh top-level one, no matter which was requested.
+<Files "wfpl_main.php">
+	php_flag engine on
+	SetHandler application/x-httpd-php
+</Files>