How to prevent direct url access to .thtml theme files

From JReviews Documentation
Revision as of 14:31, 1 February 2011 by Jreviews (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The theme files used by JReviews are able to process php code because they are included by php files themselves. However, they are not .php files and it is possible to access them directly by entering their location in the url. This would allow someone to see the source of the theme files. Even though this is not a security risk since the files don't have any sensitive information, if you want to prevent direct access to these files you can add the following line to your .htaccess file:

# Parse .thtml files as .php
AddType application/x-httpd-php .thtml


This forces the server to parse .thtml files as .php, and blocks direct access to them.