[Vtigercrm-developers] vtiger CRM 5.4.0 - Security Patch Released in Live
Boris CLEMENT
b.clement at abo-s.com
Wed Mar 27 14:00:32 GMT 2013
Hi Adam,
We had the same issue.
We find a solution with this ticket :
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6674
the idea is to use a static variable into the vtlib_purify() function.
Performances are normal since we apply this patch.
Regards,
Boris
ABOnline solutions
Le 27/03/2013 14:49, Adam Heinz a écrit :
> I'll report more as I learn more, but this security patch has totally
> tanked performance for me. All page loads now take multiple seconds!
> I just got back a 320MB cachegrind file for a simple DetailView page!
> HTMLPurifier appears to be 80%+ of my CPU now.
>
>
> On Tue, Mar 26, 2013 at 11:21 AM, Adam Heinz <amh at metricwise.net
> <mailto:amh at metricwise.net>> wrote:
>
> I found the password issue in Trac:
> http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6325
>
>
>
> On Tue, Mar 26, 2013 at 11:04 AM, Adam Heinz <amh at metricwise.net
> <mailto:amh at metricwise.net>> wrote:
>
> I'm still working through the patch, but I think I see a bad
> hunk. At modules/Users/Authenticate.php:33, I
> see vtlib_purify($_REQUEST['user_password']) being added back
> in. I think I remember this specifically causing problems for
> passwords with special characters in them.
>
>
>
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20130327/2badaf4e/attachment-0001.html>
More information about the vtigercrm-developers
mailing list