Max execution time reached on heavy article edit

[ethernidee]

Steps to reproduce the issue

Create article with contents from attached UTF-8 ddos.txt
Try to edit and save it.
Try different PHP max_execution_time from 10 to 60.

Expected result

Fast saving.

Actual result

White screen with max execution time reached.

System information (as much as possible)

Joomla 3.7.0, JCE Editor Free.

Additional comments

1. The last executed script is always libraries/vendor/joomla/string/src/phputf8/mbstring/core.php. Lines 41 or 94.
   The caller is libraries/joomla/filter/input.php.

2. Restoring the 'libraries/joomla/filter/input.php', 'libraries/joomla/filter/output.php' to version < 3.7.0 fixes the issue.

[brianteeman]

Nothing attached

[mbabker]

That file hasn't changed in 3 years, restoring that file could not "fix" anything.

[ethernidee]

Sorry, guys, fixed the description of issue.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15628.}

[jsubri]

I confirm the issue, IHAC reporting the same. I was not able to reproduce yet but I believe this is tinymce specific. Initially the user reported that html formatting was not visible in tinymce (just plain text), to workaround the situation I moved the user specific usergroup to "set0" in the tinymce plug-in. The user is part of a sub-set of the Managers with less less priv (mostly restricted to Users, Articles, Categories, Modules and 1-2 core components + one well ranked 3rd party component).
But he is still hitting the time out in libraries/vendor/joomla/string/src/phputf8/mbstring/core.php on line 94
Was working like a charm in 3.6.5. Average articles in French are about 300 characters, so probably not "size" related.

[jsubri]

On SunOS scmos 5.11 11.1 i86pc
Database Version 5.6.12
Database Collation utf8_general_ci
Database Connection Collation utf8mb4_general_ci
PHP Version 5.5.28
Web Server Apache/2.4.16 (Unix) PHP/5.5.28
WebServer to PHP Interface apache2handler
Joomla! Version Joomla! 3.7.0 Stable [ Amani ] 25-April-2017 15:36 GMT
Joomla! Platform Version Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT

[jsubri]

ok to privately email you the file to your github profile email address?

[brianteeman]

there is no private information in that file

[ethernidee]

Denial of service (HTTP 500 due to max execution time) occurs on server side.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15628.}

[jsubri]

just replaced couple of identifiable info by xxxx..
https://gist.github.com/jsubri/6fa87546086e89725e484ba39f373ff3

[brianteeman]

(@jsubri can you create a new issue with the names of the parts you replaced as there shouldnt be any that are identififiable in that file and if there are then its a bug)

[jsubri]

Brian, my manual change was just about the template names (my bad, I should not have created the templates with such naming), otherwise the file is unmodified. I'm suspecting the user to enter a strange sequence of characters coming along with a cut&paste likely from word. If I can access to the .doc I'll try to nailed down the sequence and post again.

[joomla-cms-bot]

Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/15628

[ghost]

closed in favor of #15673

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15628.}