[Vtigercrm-developers] vtiger CRM 5.4.0 - Security Patch Released in Live
Adam Heinz
amh at metricwise.net
Wed Mar 27 14:42:12 GMT 2013
Much better! Thanks Boris!
On Wed, Mar 27, 2013 at 10:00 AM, Boris CLEMENT <b.clement at abo-s.com> wrote:
> Hi Adam,
>
> We had the same issue.
> We find a solution with this ticket :
> http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6674
> the idea is to use a static variable into the vtlib_purify() function.
>
> Performances are normal since we apply this patch.
>
> Regards,
> Boris
> ABOnline solutions
>
>
> Le 27/03/2013 14:49, Adam Heinz a écrit :
>
> I'll report more as I learn more, but this security patch has totally
> tanked performance for me. All page loads now take multiple seconds! I
> just got back a 320MB cachegrind file for a simple DetailView page!
> HTMLPurifier appears to be 80%+ of my CPU now.
>
>
> On Tue, Mar 26, 2013 at 11:21 AM, Adam Heinz <amh at metricwise.net> wrote:
>
>> I found the password issue in Trac:
>> http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6325
>>
>>
>>
>> On Tue, Mar 26, 2013 at 11:04 AM, Adam Heinz <amh at metricwise.net> wrote:
>>
>>> I'm still working through the patch, but I think I see a bad hunk. At
>>> modules/Users/Authenticate.php:33, I
>>> see vtlib_purify($_REQUEST['user_password']) being added back in. I think
>>> I remember this specifically causing problems for passwords with special
>>> characters in them.
>>>
>>
>
>
> _______________________________________________http://www.vtiger.com/
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20130327/47a98387/attachment.html>
More information about the vtigercrm-developers
mailing list