[Koha-devel] Huge performance issue cause by bug 13618 (XSS)

Thu Feb 11 04:01:15 CET 2016

I have been slow to push anything much since I pushed that big one to give
a little time.  I can revert that patch set which is still an option

On Wednesday, February 10, 2016, Marcel de Rooy <M.de.Rooy at rijksmuseum.nl>
wrote:

> Too bad, especially since we already have performance issues..
> I would go for option 1 part a = revert. (It is one of the last pushes, I
> think.)
> And some further research on 2,3 or 4 ? :)
>
> ________________________________________
> Van: koha-devel-bounces at lists.koha-community.org <javascript:;> [
> koha-devel-bounces at lists.koha-community.org <javascript:;>] namens
> Jonathan Druart [jonathan.druart at bugs.koha-community.org <javascript:;>]
> Verzonden: woensdag 10 februari 2016 15:49
> Aan: koha-devel at lists.koha-community.org <javascript:;>
> Onderwerp: [Koha-devel] Huge performance issue cause by bug 13618 (XSS)
>
> Hi devs,
>
> I have a very bad news...
> Working on bug 15715, I have found that the patchset introduced by bug
> 13618 (Prevent XSS in the Staff Client and the OPAC) causes a very
> important performance issue.
>
> Indeed, for each variable displayed in the template, a
> Template::Stash::AutoEscaping->get method is called.
>
> To try and understand the problem, I have put the following snippet in
> the mainpage.pl script:
> +my @loop;
> +for my $i ( 0 .. 10000 ) {
> +    push @loop, {
> +        foo => 'my foo',
> +        bar => 'my bar',
> +    };
> +}
> +$template->param( loop => \@loop );
>
> and then, in the template
> +[% FOR l IN loop %]
> +    [% l.foo %] [% l.bar %]
> +    <br/>
> +[% END %]
>
> It will display 10k foo and 10k bar
> There are indeed 20k (+ delta) calls to the
> Template::Stash::AutoEscaping method, as expected.
> But the load of the page increases from 2sec to 10sec (no plack,
> measured with Firebug > network tab)
>
> On catalogue/search.pl, 1800 calls, from 6sec to 6.5s
>
> On authorities/
> authorities.pl?breedingid=186&authtypecode=CORPO_NAME&authid=0
> (From bug 15715), 64k calls (!!!) from ~10sec to ~4min
>
> On cataloguing/addbiblio.pl?biblionumber=1, 13k calls, from 3sec to 9sec
>
> Do not take these measures too strictly, but they give an idea of the
> issue...
>
> So I don't see a lot of methods to fix that:
> 1/ Revert and abandon 13618
> 2/ Understand how it's possible to have 60k calls to display a form
> and try to improve these areas
> 3/ Profile Template::Stash::AutoEscaping to know if we cannot optimise
> what it does
> 4/ Any brilliant ideas?
>
> Jonathan
>
> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15715
> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org <javascript:;>
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org <javascript:;>
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
>

-- 
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20160210/39c181f1/attachment.html>