what does .htaccess with line AddHandler php5-script .php do?
It tells php to handle any file with .php in the filename, even if it's not at the end. A file named smile.php.gif will be interpereted as a php file, which is bad if you are going to be using an upload script. This is because Apache allows multiple extensions in any order, so gif.php.jpg is the same as gif.jpg.php. I have heard the best way to select the handler is with FilesMatch. Of course if your web host has this in their httpd.conf you would have to 'remove' it using your htaccess before using the FilesMatch if you don't have access to httpd.conf.
This just instructs PHP to handle files ending in .php
by passing them to the PHP5 interpreter. Without this configuration in place, the web server may serve the files to the end-user's web browser as raw PHP code, rather than executing the code. That raises the dangerous possibility of exposing database login credentials or, or other secrets.
Using the same mechanism, you could configure the web server to parse files with other extensions besides .php
as PHP scripts and hand them to the PHP interpreter. This is occasionally done to mask PHP scripts by naming them with .html
extensions, for example.
# Interpret both .php & .html as PHP:
AddHandler php5-script .php .html