Hi All, I noticed that my model class becomes tainted, after referencing to a different table in find_by_sql + using a transaction. Both, the User model and the Profile model will become tainted, however all other tables will stay untainted. if either condition 1 or condition 2 is commented out, the model will not be tainted. After the model is being tainted, all derived objects will be tainted to, thus the last call will fail with an SecurityError (cause the safe level will be turned to 4 on call if the method is being tainted) Please, anybody, tell me why this happens???!!! module ModelBecomesTaintedOnTransaction_Why__ShortUncommentedTestVersion def self.test class << ActiveRecord::Base alias find_by_sql__WRAPPED find_by_sql def find_by_sql(*args, &block) result = find_by_sql__WRAPPED *args, &block result[0].profile if result[0].class.to_s=="User" # condition 1 return result end end User.module_eval "def pedit; self.class.transaction(self){}; end" # condition 2 User.find(:first).method(:pedit).call # first call can be done in any way(thus direct, with send or with call), condition 3 User.find(:first).method(:pedit).call # second call must be with "call", condition 4 end end Thanks in advance Mars --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi All, I noticed that my model class becomes tainted, after referencing to a different table in find_by_sql + using a transaction. Both, the User model and the Profile model will become tainted, however all other tables will stay untainted. if either condition 1 or condition 2 is commented out, the model will not be tainted. After the model is being tainted, all derived objects will be tainted to, thus the last call will fail with an SecurityError (cause the safe level will be turned to 4 on call if the method is being tainted) Please, anybody, tell me why this happens???!!! module ModelBecomesTaintedOnTransaction_Why__ShortUncommentedTestVersion def self.test class << ActiveRecord::Base alias find_by_sql__WRAPPED find_by_sql def find_by_sql(*args, &block) result = find_by_sql__WRAPPED *args, &block result[0].profile if result[0].class.to_s=="User" # condition 1 return result end end User.module_eval "def pedit; self.class.transaction(self){}; end" # condition 2 User.find(:first).method(:pedit).call # first call can be done in any way(thus direct, with send or with call), condition 3 User.find(:first).method(:pedit).call # second call must be with "call", condition 4 end end Thanks in advance -mars -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---