<div dir="ltr">Much better! Thanks Boris!</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Mar 27, 2013 at 10:00 AM, Boris CLEMENT <span dir="ltr"><<a href="mailto:b.clement@abo-s.com" target="_blank">b.clement@abo-s.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    Hi Adam,<br>
    <br>
    We had the same issue.<br>
    We find a solution with this ticket :
    <a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6674" target="_blank">http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6674</a><br>
    the idea is to use a static variable into the vtlib_purify()
    function.<br>
    <br>
    Performances are normal since we apply this patch.<br>
    <br>
    Regards,<br>
    Boris<br>
    ABOnline solutions<br>
    <br>
    <br>
    <div>Le 27/03/2013 14:49, Adam Heinz a
      écrit :<br>
    </div>
    <blockquote type="cite"><div><div class="h5">
      <div dir="ltr">I'll report more as I learn more, but this security
        patch has totally tanked performance for me.  All page loads now
        take multiple seconds!  I just got back a 320MB cachegrind file
        for a simple DetailView page!  HTMLPurifier appears to be 80%+
        of my CPU now.</div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Tue, Mar 26, 2013 at 11:21 AM, Adam
          Heinz <span dir="ltr"><<a href="mailto:amh@metricwise.net" target="_blank">amh@metricwise.net</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">
              <div>I found the password issue in Trac:</div>
              <a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6325" target="_blank">http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6325</a>
              <div><br>
                <div class="gmail_extra">
                  <br>
                  <br>
                  <div class="gmail_quote">
                    On Tue, Mar 26, 2013 at 11:04 AM, Adam Heinz <span dir="ltr"><<a href="mailto:amh@metricwise.net" target="_blank">amh@metricwise.net</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                      <div dir="ltr">I'm still working through the
                        patch, but I think I see a bad hunk.  At
                        modules/Users/Authenticate.php:33, I
                        see vtlib_purify($_REQUEST['user_password'])
                        being added back in.  I think I remember this
                        specifically causing problems for passwords with
                        special characters in them.</div>
                    </blockquote>
                  </div>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      </div></div><pre>_______________________________________________
<a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a></pre>
    </blockquote>
  </div>

<br>_______________________________________________<br>
<a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a><br></blockquote></div><br></div>