EPESI 1.8.2.2 shows errors on Activities Tab(>1000 records)

pmmvt

Type: E_ERROR (1)
Message: Maximum execution time of 30 seconds exceeded
File: /.../vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/DOMLex.php
Line=68
error backtrace:
[PHP core called function]
function called: check_for_fatal()

nnader

We apologize for the inconveniences. I have tried loading activities tab with around 3000 records and did not get a maximum execution time exceeded error. However, we will try to reproduce this error. In the mean time please try to change your max_execution_time to something around 100 in php ini and let me know if the issue still occurs.

nnader

You can also replace line 1667 in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php

    Utils_SafeHtml_SafeHtml::setSafeHtml(new Utils_SafeHtml_HtmlPurifier);
    $r[$desc['id']] = Utils_SafeHtml_SafeHtml::outputSafeHtml($row['f_' . $desc['id']]);

with

    $r[$desc['id']] =$row['f_' . $desc['id']];

what this code does is check fields for xss attacks, specifically injeted into notes. So replacing this line reintroduced the vulnerability, but will tempoarily fix your error.

nnader

I see why this is happening. It is because activities are using pure gb so it is iterating through all the records. I will try to release a new revision to fix this issue as soon as possible. I think the best solution will be to limit html purification for notes only since that is the only place we can inject javascript.

Epesi ENS | Epesi Academy | epesi.cloud PaaS | GitHub

Help Me! | Download from SourceForge