0

am in the process to recover a web site which allows upload via admin panel to only allow the index.php script in the public folder. What has been bothering me is that i use ckeditor+pgrfilemanager which are in public folder and contains php files which are needed.

based on suggestion of very knowledgeable people in SO i was sent a reference to this .htaccess snippet:

RewiteEngine On
RewriteCond %{REQUEST_METHOD} ^PUT$ [OR]
RewriteCond %{REQUEST_METHOD} ^MOVE$
RewriteRule ^/public/(.*)\.php /public/$1.nophp

my question is how will this affects php files in the children folder of public ?

Another issue is that i'm really not sure how my final .htaccess for the ZF project you look like.currently reading the .htaccess manual as am not really familiar with it so not sure about my changes

here is what i would like to put up 

SetEnv APPLICATION_ENV production
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
RewriteCond %{REQUEST_METHOD} ^PUT$ [OR]
RewriteCond %{REQUEST_METHOD} ^MOVE$
RewriteRule ^/public/(.*)\.php /public/$1.nophp
AddHandler cgi-script .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi .js .sh .jsp .asp
Options -ExecCGI

I would be glad if i could learn from people with experience. Thank you

Improve this question

1 Answer 1

Reset to default
1

If there are real children folders in public then the root .htaccess file will not affect files in there. Apache finds the folder that is lowest and looks there for directives.

The different components in your .htaccess file look OK, but they are out of order. Something like this would be better:

SetEnv APPLICATION_ENV production
AddHandler cgi-script .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi .js .sh .jsp .asp
Options -ExecCGI

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]

RewriteCond %{REQUEST_METHOD} ^PUT$ [OR]
RewriteCond %{REQUEST_METHOD} ^MOVE$
RewriteRule ^/public/(.*)\.php /public/$1.nophp [L]

RewriteRule ^.*$ index.php [NC,L]
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hello Sorry for the late comment. I've been assigned to another project. but the one who took over has never applied this because it was giving Options ExecCGI is off with error code 500 on the page. I commented the Options -ExecCGI section but i was able to run another php script aside index.php. Please note that the .htaccess file is a sibling of index.php in the public folder. Thanks

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.