Disable all CGI (php, perl, …) for a directory using .htaccess

Question

I have a directory where users can upload files.

To avoid security issues (e.g. somebody uploading a malicious php script), I currently change the files\' extension

Answer 1

My Godaddy setup wont allow me to edit the httpd.conf files, and the php_flag command doesn't work due to how they've implemented php for me.

I was able to use this in my .htaccess file:

SetHandler default-handler
AddType text/plain php

I put this in the directory above where my FTP user is allowed to access, which forces all PHP files in that directory, as well as all sub-directories to show php as plain text.

This will work for other file types as well. All you need to do is add another line with whatever extension of file you want to be forced to display in plain text. AddType text/plain cgi for example