Hi All,
I noticed that my model class becomes tainted, after referencing to a
different table in find_by_sql + using a transaction. Both, the User
model and the Profile model will become tainted, however all other
tables will stay untainted.
if either condition 1 or condition 2 is commented out, the model will
not be tainted. After the model is being tainted, all derived objects
will be tainted to, thus the last call will fail with an SecurityError
(cause the safe level will be turned to 4 on call if the method is
being tainted)
Please, anybody, tell me why this happens???!!!
module
ModelBecomesTaintedOnTransaction_Why__ShortUncommentedTestVersion
def self.test
class << ActiveRecord::Base
alias find_by_sql__WRAPPED find_by_sql
def find_by_sql(*args, &block)
result = find_by_sql__WRAPPED *args, &block
result[0].profile if result[0].class.to_s=="User" # condition 1
return result
end
end
User.module_eval "def pedit; self.class.transaction(self){}; end" #
condition 2
User.find(:first).method(:pedit).call # first call can be done in any
way(thus direct, with send or with call), condition 3
User.find(:first).method(:pedit).call # second call must be with
"call", condition 4
end
end
Thanks in advance
Mars
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Hi All,
I noticed that my model class becomes tainted, after referencing to a
different table in find_by_sql + using a transaction. Both, the User
model and the Profile model will become tainted, however all other
tables will stay untainted.
if either condition 1 or condition 2 is commented out, the model will
not be tainted. After the model is being tainted, all derived objects
will be tainted to, thus the last call will fail with an SecurityError
(cause the safe level will be turned to 4 on call if the method is
being tainted)
Please, anybody, tell me why this happens???!!!
module
ModelBecomesTaintedOnTransaction_Why__ShortUncommentedTestVersion
def self.test
class << ActiveRecord::Base
alias find_by_sql__WRAPPED find_by_sql
def find_by_sql(*args, &block)
result = find_by_sql__WRAPPED *args,
&block
result[0].profile if
result[0].class.to_s=="User" # condition 1
return result
end
end
User.module_eval "def pedit;
self.class.transaction(self){}; end" #
condition 2
User.find(:first).method(:pedit).call # first call can be
done in any
way(thus direct, with send or with call), condition 3
User.find(:first).method(:pedit).call # second call must
be with
"call", condition 4
end
end
Thanks in advance
-mars
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---