Hi All,

I noticed that my model class becomes tainted, after referencing to a different table in find_by_sql + using a transaction. Both, the User model and the Profile model will become tainted, however all other tables will stay untainted.

if either condition 1 or condition 2 is commented out, the model will not be tainted. After the model is being tainted, all derived objects will be tainted to, thus the last call will fail with an SecurityError (cause the safe level will be turned to 4 on call if the method is being tainted)

Please, anybody, tell me why this happens???!!!

module ModelBecomesTaintedOnTransaction_Why__ShortUncommentedTestVersion   def self.test     class << ActiveRecord::Base       alias find_by_sql__WRAPPED find_by_sql

      def find_by_sql(*args, &block)         result = find_by_sql__WRAPPED *args, &block         result[0].profile if result[0].class.to_s=="User" # condition 1         return result       end     end

    User.module_eval "def pedit; self.class.transaction(self){}; end" # condition 2

    User.find(:first).method(:pedit).call # first call can be done in any way(thus direct, with send or with call), condition 3     User.find(:first).method(:pedit).call # second call must be with "call", condition 4   end end

Thanks in advance