[Vtigercrm-developers] vtiger CRM 5.4.0 - Security Patch Released in Live
Adam Heinz
amh at metricwise.net
Wed Mar 27 13:49:58 GMT 2013
I'll report more as I learn more, but this security patch has totally
tanked performance for me. All page loads now take multiple seconds! I
just got back a 320MB cachegrind file for a simple DetailView page!
HTMLPurifier appears to be 80%+ of my CPU now.
On Tue, Mar 26, 2013 at 11:21 AM, Adam Heinz <amh at metricwise.net> wrote:
> I found the password issue in Trac:
> http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6325
>
>
>
> On Tue, Mar 26, 2013 at 11:04 AM, Adam Heinz <amh at metricwise.net> wrote:
>
>> I'm still working through the patch, but I think I see a bad hunk. At
>> modules/Users/Authenticate.php:33, I
>> see vtlib_purify($_REQUEST['user_password']) being added back in. I think
>> I remember this specifically causing problems for passwords with special
>> characters in them.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20130327/ce8de9fd/attachment.html>
More information about the vtigercrm-developers
mailing list