From 0fc7258493741a048e704db2f47494bf87eb6d29 Mon Sep 17 00:00:00 2001
From: Frank Hochmuth <frank.pcn@gmail.com>
Date: Thu, 14 Dec 2023 20:45:54 +0100
Subject: [PATCH] Protects the .htacces file from external access

- Only the FlatPress admin and server admin should be able to access the .htacces file
---
 fp-plugins/prettyurls/plugin.prettyurls.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/fp-plugins/prettyurls/plugin.prettyurls.php b/fp-plugins/prettyurls/plugin.prettyurls.php
index 91de04a..14151c0 100644
--- a/fp-plugins/prettyurls/plugin.prettyurls.php
+++ b/fp-plugins/prettyurls/plugin.prettyurls.php
@@ -627,12 +627,17 @@ if (class_exists('AdminPanelAction')) {
 				$txt = '
 				
 				# Thanks again WP :)
-				
+
+				AddType application/x-httpd-php .php .htm .html
 				Options -Indexes
 				
 				<IfModule mod_rewrite.c>
 				RewriteEngine On
 				RewriteBase ' . $blogroot . '
+
+				# Protects the .htacces file from external access, status code 403 "Forbidden" is output
+				RewriteRule ^\.htaccess$ - [F]
+
 				RewriteCond %{REQUEST_FILENAME} !-f
 				RewriteCond %{REQUEST_FILENAME} !-d
 				RewriteRule . ' . $blogroot . 'index.php [L]
@@ -672,4 +677,4 @@ if (class_exists('AdminPanelAction')) {
 	admin_addpanelaction('plugin', 'prettyurls', true);
 }
 
-?>
\ No newline at end of file
+?>