<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Hi Adam,<br>
    <br>
    We had the same issue.<br>
    We find a solution with this ticket :
    <a class="moz-txt-link-freetext" href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6674">http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6674</a><br>
    the idea is to use a static variable into the vtlib_purify()
    function.<br>
    <br>
    Performances are normal since we apply this patch.<br>
    <br>
    Regards,<br>
    Boris<br>
    ABOnline solutions<br>
    <br>
    <br>
    <div class="moz-cite-prefix">Le 27/03/2013 14:49, Adam Heinz a
      écrit :<br>
    </div>
    <blockquote
cite="mid:CAKBdvM9D5hus+=eHoCegj6P=qWnJWq9GQzcL_fAWfe4=5Trrtg@mail.gmail.com"
      type="cite">
      <div dir="ltr">I'll report more as I learn more, but this security
        patch has totally tanked performance for me.  All page loads now
        take multiple seconds!  I just got back a 320MB cachegrind file
        for a simple DetailView page!  HTMLPurifier appears to be 80%+
        of my CPU now.</div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Tue, Mar 26, 2013 at 11:21 AM, Adam
          Heinz <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:amh@metricwise.net" target="_blank">amh@metricwise.net</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">
              <div>I found the password issue in Trac:</div>
              <a moz-do-not-send="true"
                href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6325"
                target="_blank">http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6325</a>
              <div class="im"><br>
                <div class="gmail_extra">
                  <br>
                  <br>
                  <div class="gmail_quote">
                    On Tue, Mar 26, 2013 at 11:04 AM, Adam Heinz <span
                      dir="ltr"><<a moz-do-not-send="true"
                        href="mailto:amh@metricwise.net" target="_blank">amh@metricwise.net</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0px
                      0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                      <div dir="ltr">I'm still working through the
                        patch, but I think I see a bad hunk.  At
                        modules/Users/Authenticate.php:33, I
                        see vtlib_purify($_REQUEST['user_password'])
                        being added back in.  I think I remember this
                        specifically causing problems for passwords with
                        special characters in them.</div>
                    </blockquote>
                  </div>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
<a class="moz-txt-link-freetext" href="http://www.vtiger.com/">http://www.vtiger.com/</a></pre>
    </blockquote>
  </body>
</html>