This might be a stupid simple task or not possible. And its hard to know what to search for. Posting the question here.
Context
I got a Wordpress plugin to handle media, and the plugin configurates to serving files from:
ROOT/wp-content/uploads/protected/
In the /protected/ folder, there is (an empty index.html) and a .htaccess file:
RewriteCond %{REQUEST_URI} ^.*uploads/protected/.*
RewriteRule ^(.*)$ http://whatever.com/wp-content/plugins/plugin-name-root/subfolder/access.php?file=$0 [QSA,L]
So, The .htaccess file has a rewriteRule to a PHP script resident in the plugin subfolder. The url in the browser finally looks like this:
h**p://whatever.com/wp-content/plugins/plugin-name-root/protect/access.php?file=some-document.pdf
The problem to solve
This url is way to long and I don wanna the plugin name either in the url. I would like this to be served by the access.php in the browser like (or whats possible):
h**p://whatever.com/access.php?file=some-document.pdf
or even better:
h**p://whatever.com/access/some-document.pdf
Note: I dont wanna access files with a new url, just deliver the final url pretty. We still output links on the webpage (requests) with the url like h**p://whatever.com/wp-content/uploads/protected/some-image-or-document.docx
The plugin protocol(s) handle the output, as it does with readfile() after validation. In this case the script in the very end executes:
readfile('../../../uploads/protected/some-document.pdf');
and the browser shows (as mentioned):
h**p://whatever.com/wp-content/plugins/plugin-name-root/protect/access.php?file=some-document.pdf
The script and all plugin cretaed protocols and script can be manipulated, thats ok, for this reason, as no updates are applied anyway.
However, We really dont wanna change the original wordpress ROOT .htaccess file to make redirects from there. We are hoping just to fake an address in the browser somehow. The media-files must also use the wordpress default uploads directory with /protected/ subfolder.
It is ok to Manipulate code from
a) the plugin core code or from the
b) .htaccess (created by the plugin) in the upload/protected/ folder or
c) create another "new" .htaccess file in the plugin access.php subfolder, or
d) send some headers before readfile() in the access.php script...
Thats the context!
Puh, anyone some thoughts to share to solve my objectives?