Problems with PHP files in wp-content – htaccess? permissions?

I’ve been having issues recently that seem to have a common thread – problems with paths to various files in my install. Most of these issues erupted when I upgraded to 2.8.1 and changed my .htaccess file to add "AddHandler application/x-httpd-php5 .php" as the very top line. Apparently the default install at Psek (an Incsub partner) is PHP 4. I read a post on these forums that suggested making this particular change to .htaccess in order to ensure I was running under PHP 5. Aside from that, the .htaccess file is whatever the default WPMU install is.

The most recent path related problem involves a couple of plugins that add buttons to the TinyMCE editor which display "pop-up" windows for editing – in particular the cforms II plugin. When I click the button to add a form, I get a themed 404 in the pop-up. This is also happening with another plugin that is used to add video to a post.

If I type the URL to any PHP in the Plugins folder directly in a browser (e.g., http://mydomain.com/wp-content/plugins/cforms/abspath.php OR http://mydomain.com/wp-content/plugins/test.php ), I get the 404 as well. I tried putting a simple image file into the plugin folders (e.g., wp-content/plugins/cforms/test.jpg) and was able to access that directly via the browser. I was also able to access an HTML file (e.g., http://mydomain.com/wp-content/plugins/cforms/abspath.php) as well as a .txt file. However, any PHP file in the Plugins folder I try to access directly throws a 404. I tried setting permissions for the folder and all files to 755 and even 777 to see if it was a permissions issue – still the 404.

FWIW, I noticed that this inability to directly access PHP files within the wp-content directory is not exclusive to the Plugins folder – the issue happens with ANY PHP file within the wp-contents directory – no matter where in the tree it happens to be.

I have another WPMU install on a different server – PHP 5 running WPMU 2.8.1 – where this problem is not happening. And I can directly access any PHP files in the wp-content directory without a 404.

My suspicion is that something may be screwy with my .htaccess file. Ideas? Below is my .htaccess file:

AddHandler application/x-httpd-php5 .php

RewriteEngine On

RewriteBase /

#uploaded files

RewriteRule ^(.*/)?files/$ index.php [L]

RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*

RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]

RewriteRule ^(.*/)?avatar/(.*) wp-content/avatar.php?file=$2 [L]

RewriteRule ^(.*/)?sitemap.xml wp-content/sitemap.php [L]

# add a trailing slash to /wp-admin

RewriteCond %{REQUEST_URI} ^.*/wp-admin$

RewriteRule ^(.+)$ $1/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]

RewriteCond %{REQUEST_FILENAME} -d

RewriteRule . – [L]

RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]

RewriteRule ^([_0-9a-zA-Z-]+/)?(.*.php)$ $2 [L]

RewriteRule . index.php [L]

<IfModule mod_security.c>

<Files async-upload.php>

SecFilterEngine Off

SecFilterScanPOST Off

</Files>

</IfModule>