Thanks, reported to dev list

¥

Ok. But what should we put in /media/.htaccess to download requested .php files?

AddType application/??? .php :?:

This appears to work :

AddHandler application/octet-stream .php

¥

Thanks !

And one more question :)
How to navigate this rule to specific folder, in our case /media ?

You should just need to upload it to your media folder, the rest of your blog won't be affected

¥

It works.
And now .php file prints on the screen.

But when I put this string in root .htaccess, browser tried to download the file

Anyway, thank you. This is better than nothing. :)

This was the reply on the dev list

Default Group permissions for Administrators:
Files: Edit ALL including protected.

Have you tried changing the extension as a non-admin user?

¥

User can only change the ext when he granted appropriate permissions (modify protected files).
Shortly, when you can rename - you can change ext.

That lost me a tad :

1) can a user change extensions , to non-protected extensions, without the permissions to modify protected files ?
2) can a user change the extension, to a protected extension, without the permissions to modify protected files ?
3) Will the world one day run out of beer and make me very unhappy?

Please note : I could probably answer all these by playing in admin but I haven't had a chance to try yet :p

¥

1 - yes
2 - no
3 - never

That's good enough for me for now then ;)

¥

You can still do it in 2.4 version :(

sam2kb, this is NOT A BUG!

The ADMINS are GRANTED the PERMISSION to edit PHP files, especially (but not only) within skins!

Maybe it's better to block this option in demo mode, or just put .htaccess file in media by default?