Michael Hasenstein
2008-Aug-25 20:09 UTC
acts_as_state_machine: SecurityError calling insecure method
(also posted on rails forum: http://railsforum.com/viewtopic.php?id=21744, then I discovered this lilst and there are many more people...) Hi, since yesterday I suddenly recieve lots of such messages in my logfiles - and everything in the user model that uses that plugin fails! My deployed Rails code hasn''t changeed in 5 days, and those errors started to appear only a day ago. I''m at a loss to explain it! What could it mean? Thanks!!! PS: I checked my logs. No one was logged in (this is not meant to be a "hacker detection", it just means neither I nor my co-workers deployed or changed anything), no updates of anything were installed (the rails app or system packages). I got the first error a day ago, so I can pinpoint the time pretty well. I just did a fresh deploy (using capistrano), tried and did not get an error in those places that had them. Very, very, very strange - problem is, I don''t really know what that error even means. Not even after seeing the place in the ruby source code where it''s raised (while searching the web for this error message). Also, there seem to be precious little other webpages/messages to find when searching for this error (at least none that seem relevant, and the only one that DID look similar didn''t have responses). -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
JCBC
2008-Sep-05 20:31 UTC
Re: acts_as_state_machine: SecurityError calling insecure method
I ran into a similar problem with acts_as_state_machine. All of a sudden, running a transition action resulted in a SecurityError exception with the message "calling an insecure method: <name of the transition action>". I changed the definition of run_transition_action in the acts_as_state_machine.rb file to be: def run_transition_action(action) Symbol === action ? self.method(action).untaint.call : action.call(self) end and it seems to solve the immediate problem for now. JCBC On Aug 25, 4:09 pm, Michael Hasenstein <rails-mailing-l...@andreas- s.net> wrote:> (also posted on rails forum:http://railsforum.com/viewtopic.php?id=21744, then I discovered this > lilst and there are many more people...) > > Hi, since yesterday I suddenly recieve lots of such messages in my > logfiles - and everything in the user model that uses that plugin fails! > > My deployed Rails code hasn''t changeed in 5 days, and those errors > started to appear only a day ago. I''m at a loss to explain it! > > What could it mean? Thanks!!! > > PS: I checked my logs. No one was logged in (this is not meant to be a > "hacker detection", it just means neither I nor my co-workers deployed > or changed anything), no updates of anything were installed (the rails > app or system packages). I got the first error a day ago, so I can > pinpoint the time pretty well. I just did a fresh deploy (using > capistrano), tried and did not get an error in those places that had > them. Very, very, very strange - problem is, I don''t really know what > that error even means. Not even after seeing the place in the ruby > source code where it''s raised (while searching the web for this error > message). Also, there seem to be precious little other webpages/messages > to find when searching for this error (at least none that seem relevant, > and the only one that DID look similar didn''t have responses). > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---