I think it’s an edition where the installer was patched to handle the French mysql error messages for the French "Free" hosting service. Davidm knows more about it.
-
- 711 Posts
It is right, Sottwell.
Free is a french hoster which hosts website for free. The space drive is big (1Go I think). There are some limitations and most of the CMS (or other php site build) don’t work naturally with Free. So it is necessary to patch this application.
Sorry for my english. I'm french... My dictionary is near me, but it's only a dictionary !
-
- 15 Posts
Thank you very much for your responses.
I confirm, Free is a host and it offer 1 Go like web space.
Sorry for my english
-
- 7,075 Posts
Quote from: sottwell at Apr 21, 2006, 08:40 PMI think it’s an edition where the installer was patched to handle the French mysql error messages for the French "Free" hosting service. Davidm knows more about it.
You can find the Free Edition thread
here. Of course, it’s in french, but you’ll see there that this version has been downloaded almost 600 times....
Actually the problem with MySQL error message happened with all french host set up to display error message in French (with is now solved with the mysql Errno fix) ... Free was another problem which you helped me fix, Susan :
chmod "locked" by hosting at 700 and 644 : possible to run MODx ?
You might not remember but you helped me fix
all the includes path, a pretty daunting task which I never updated for 0.9.1
Would it be fair to guess that patching MODx 0.9.0 document.parser.class is perfectly safe ?
Didn’t check but was there a change here between 0.9.0 and 0.9.1 ?
.: COO - Commerce Guys - Community Driven Innovation :.
MODx est l'outil id
-
- 7,075 Posts
Thanks for the tip Timon, I had forgotten about this...
I’ll post something to have MODx 0.9.0 "Free Edition" users patch their installs.
And I’ll patch the package so that new downloads are covered
.: COO - Commerce Guys - Community Driven Innovation :.
MODx est l'outil id
Quote from: davidm at Apr 21, 2006, 09:51 PM
Would it be fair to guess that patching MODx 0.9.0 document.parser.class is perfectly safe ?
Didn’t check but was there a change here between 0.9.0 and 0.9.1 ?
It’s not that difficult to patch any version. The pre-.9 versions use a slightly different function, but the switch is much the same, and it’s not at all hard to add the validity checks. I did it a bit differently; instead of the cryptic NaN message I just throw the would-be hacker back to the home page. I would feel better about if if the security gurus would verify that this will solve the problem.
FOR PRE-0.9x INSTALLS ONLY!!!! DO NOT APPLY THIS PATCH TO A 0.9X INSTALLATION!!!
function getDocumentIdentifier($method) {
// function to test the query and find the retrieval method
switch($method) {
case "alias" :
return mysql_escape_string($_REQUEST['q']);
break;
case "id" :
if(is_numeric($_REQUEST['id'])) {
return $_REQUEST['id'];
} else {
return $this->config['site_start'];
}
break;
case "none" :
return $this->config['site_start'];
break;
default :
return $this->config['site_start'];
}
}
Quote from: netnoise at Apr 22, 2006, 09:31 AM
Even if it sounds paranoic it’s important to use
return intval($_REQUEST['id']);
So that should be
case "alias" :
return intval($_REQUEST['q']);
break;