X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl-cms.git;a=blobdiff_plain;f=.htaccess;h=03351d2d8ee733cf7ac5bdc76b4b88ff2028f8be;hp=e8dd622dc77d323b93310ae10928eef33c6d0f82;hb=3ed0f0b53ff1b3ea3e30292bf39eb6e30935e9eb;hpb=1195b7a8887492a6565ff2937be11d541c8646bb

diff --git a/.htaccess b/.htaccess
index e8dd622..03351d2 100644
--- a/.htaccess
+++ b/.htaccess
@@ -2,14 +2,40 @@ php_value post_max_size 25M
 php_value upload_max_filesize 20M
 php_flag register_globals off
 php_flag magic_quotes_gpc off
-Options -MultiViews
 DirectorySlash Off
 DirectoryIndex disabled
 AddDefaultCharset UTF-8
+AddCharset UTF-8 .css
 RewriteEngine  on
-RewriteRule    ^[^/.]*$  /run.php [L]
+RewriteRule ^[^/.]*$ /wfpl_main.php [L]
 
 <FilesMatch "\.(css|jpg|png)$">
 	ExpiresActive On
 	ExpiresDefault A31536000
 </FilesMatch>
+
+# SECURITY: don't execute code on the server (exception below)
+SetHandler none
+SetHandler default-handler
+# this option is needed for RewriteRule to work:
+Options SymlinksIfOwnerMatch
+php_flag engine off
+RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
+# code execution exception: allow only /wfpl_main.php
+# <Files> matches regardless of directory/path, so rewrite php in subdirs
+RewriteRule ^(wfpl_main\.php|paypal_ipn\.php|cms_images_autoresize\.php)$  - [L]
+RewriteRule .*\.php$ - [L,R=404]
+<Files "wfpl_main.php">
+	php_flag engine on
+	SetHandler application/x-httpd-php
+</Files>
+<Files "paypal_ipn.php">
+	php_flag engine on
+	SetHandler application/x-httpd-php
+</Files>
+<Files "cms_images_autoresize.php">
+	php_flag engine on
+	SetHandler application/x-httpd-php
+</Files>
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^cms_images/[0-9a-f]+w[0-9]+\.[pj][np]g$ /cms_images_autoresize.php