RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]

# Block access to sensitive directories
RedirectMatch 403 ^/(config|includes|templates)/

# Disable PHP execution in uploads
<IfModule mod_rewrite.c>
    RewriteRule ^uploads/.*\.php$ - [F,L]
</IfModule>

# CORS headers for uploads (required for canvas editor)
<IfModule mod_headers.c>
    <FilesMatch "\.(jpg|jpeg|png|gif|webp|bmp|svg)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</IfModule>
