X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl-cms.git;a=blobdiff_plain;f=.htaccess;h=3847e70629da989ae165b81e032a44a0b4d5928a;hp=c496a282feb1c293579655da7846a53b69519ddf;hb=3b9b94e5e746542e8bacec485df87a265e7daeda;hpb=7eee99585040417e2be07833570d11ccd7e66c44

diff --git a/.htaccess b/.htaccess
index c496a28..3847e70 100644
--- a/.htaccess
+++ b/.htaccess
@@ -7,9 +7,7 @@ DirectoryIndex disabled
 AddDefaultCharset UTF-8
 AddCharset UTF-8 .css
 RewriteEngine  on
-RewriteRule    ^[^/.]*$  /wfpl_main.php [L]
-# Close loophole in security restriction/exception below
-RewriteRule    ^.*/.*wfpl_main.php$  /wfpl_main.php [L]
+RewriteRule ^[^/.]*$ /wfpl_main.php [L]
 
 <FilesMatch "\.(css|jpg|png)$">
 	ExpiresActive On
@@ -23,10 +21,9 @@ SetHandler default-handler
 Options SymlinksIfOwnerMatch
 php_flag engine off
 RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
-# Exception: allow access to wfpl_main.php
-#
-# this allows access to any files named "wfpl_main.php" anywhere, so there's a
-# rewrite rule above to use the top-level one, no matter which was requested.
+# code execution exception: allow only /wfpl_main.php
+# <Files> matches regardless of directory/path, so rewrite php in subdirs
+RewriteRule ^.*/.*\.php$ - [L,R=404]
 <Files "wfpl_main.php">
 	php_flag engine on
 	SetHandler application/x-httpd-php