Bug #41354: Access control is bypassed when all columns

of a view are selected by * wildcard Backported a part of the fix for 36086 to 5.0 mysql-test/r/view_grant.result: Bug #41354: test case mysql-test/t/view_grant.test: Bug #41354: test case sql/sql_acl.cc: Bug #41354: return table error when no access and * sql/sql_base.cc: Bug #41354: backported the check in bug 36086 to 5.0
author: Georgi Kodinov <kgeorge@mysql.com> 2009-02-26 19:00:44 +0200
committer: Georgi Kodinov <kgeorge@mysql.com> 2009-02-26 19:00:44 +0200
commit: a9d707037ab527564bb84885e0af69a2bb793219 (patch)
tree: 732fdcce66b92b9258bafe5549407a06c5fd2274 /sql/sql_base.cc
parent: debb95ca22270797a9f5a9f488bdf8dc93b41a9e (diff)
download: mariadb-git-a9d707037ab527564bb84885e0af69a2bb793219.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sql_base.cc b/sql/sql_base.cc
index 881c6a421e8..781bbc0a553 100644
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -5479,7 +5479,7 @@ insert_fields(THD *thd, Name_resolution_context *context, const char *db_name,
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
     /* Ensure that we have access rights to all fields to be inserted. */
-    if (!((table && (table->grant.privilege & SELECT_ACL) ||
+    if (!((table && !tables->view && (table->grant.privilege & SELECT_ACL) ||
            tables->view && (tables->grant.privilege & SELECT_ACL))) &&
         !any_privileges)
     {
author	Georgi Kodinov <kgeorge@mysql.com>	2009-02-26 19:00:44 +0200
committer	Georgi Kodinov <kgeorge@mysql.com>	2009-02-26 19:00:44 +0200
commit	a9d707037ab527564bb84885e0af69a2bb793219 (patch)
tree	732fdcce66b92b9258bafe5549407a06c5fd2274 /sql/sql_base.cc
parent	debb95ca22270797a9f5a9f488bdf8dc93b41a9e (diff)
download	mariadb-git-a9d707037ab527564bb84885e0af69a2bb793219.tar.gz