Index: branches/5.1.x/tools/.htaccess
===================================================================
diff -u -N -r12127 -r12657
--- branches/5.1.x/tools/.htaccess	(.../.htaccess)	(revision 12127)
+++ branches/5.1.x/tools/.htaccess	(.../.htaccess)	(revision 12657)
@@ -1,16 +1,49 @@
-# Uncomment line below if FollowSymLinks option is not enabled by default in server configuration
-#Options +FollowSymLinks
+### File security
+# Exclude direct access to tpl, tpl.xml, inc.php, sql extensions
+#
+<Files ~ "\.(tpl|tpl.xml|inc.php|sql)$">
+  order allow,deny
+  deny from all
+</Files>
+
+# Exclude direct access
+<Files ~ "(config.php|debug.php)">
+  order allow,deny
+  deny from all
+</Files>
+
+## Enable mod-rewrite
 RewriteEngine On
 
-#RewriteBase /
+###### Rewrite rules to block common hacks
+## If you experience problems comment out the operations listed below
+## Block out any script trying to base64_encode crap to send via URL
+RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
+## Block out any script that includes a <script> tag in URL
+RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
+## Block out any script trying to set a PHP GLOBALS variable via URL
+RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
+## Block out any script trying to modify a _REQUEST variable via URL
+RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
+## Send all blocked request to homepage with 403 Forbidden error!
+RewriteRule ^(.*)$ index.php [F,L]
+
+## Uncomment line below if FollowSymLinks option is not enabled
+## by default in server configuration
+#
+# Options +FollowSymLinks
+
+## Uncomment following line if your webserver's URL
+## is not directly related to physical file paths.
+## Update Your In-Portal Directory (just / for root)
+#
+# RewriteBase /
+
+## In-Portal SEF URLs
+#
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME}/ !-f
 RewriteCond %{REQUEST_FILENAME}/index.php !-f
 RewriteCond %{REQUEST_FILENAME}/index.html !-f
 RewriteCond %{REQUEST_URI} !\.(gif|jpg|png|js|css|ico|swf)$ [NC]
-RewriteRule ^(.*) index.php?rewrite=on&_mod_rw_url_=$1 [QSA]
-
-<Files ~ "\.(tpl|tpl.xml|inc.php|sql|lang|txt)$">
-  order allow,deny
-  deny from all
-</Files>
\ No newline at end of file
+RewriteRule ^(.*) index.php?rewrite=on&_mod_rw_url_=$1 [QSA]
\ No newline at end of file
