diff options
| author | unknown <dlenev@brandersnatch.localdomain> | 2004-10-20 16:04:43 +0400 |
|---|---|---|
| committer | unknown <dlenev@brandersnatch.localdomain> | 2004-10-20 16:04:43 +0400 |
| commit | b88150c96edf457099922a7e0a11831160bc5a67 (patch) | |
| tree | cc5a947dac611d8db606dd3485b05f87a26b8bcd /sql/sql_prepare.cc | |
| parent | f125849dd1fa2b7eaca3aea5f84d7d79fb201ec2 (diff) | |
| download | mariadb-git-b88150c96edf457099922a7e0a11831160bc5a67.tar.gz | |
Fix for bug #6173 "One can circumvent missing UPDATE privilege if
he has SELECT and INSERT privileges for table with primary key"
Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has
ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck()
function (this also fixes a bug) and some other code.
mysql-test/r/grant2.result:
Added test for bug #6173 "One can circumvent missing UPDATE privilege if
he has SELECT and INSERT privileges for table with primary key"
mysql-test/t/grant2.test:
Added test for bug #6173 "One can circumvent missing UPDATE privilege if
he has SELECT and INSERT privileges for table with primary key"
sql/mysql_priv.h:
insert_precheck() don't need "update" parameter any longer since
now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE
KEY UPDATE clause.
sql/sql_parse.cc:
insert_precheck() don't need "update" parameter any longer since
now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE
KEY UPDATE clause, so it can determine whenever it is needed to
require UPDATE_ACL by itself. Also calling of mysql_insert() is
simplified.
sql/sql_prepare.cc:
insert_precheck() don't need "update" parameter any longer since
now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE
KEY UPDATE clause, so it can determine whenever it is needed to
require UPDATE_ACL by itself. Also calling of mysql_insert() is
simplified.
sql/sql_yacc.yy:
It is better to set Lex->duplicates= DUP_UPDATE right in parser if we
have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later.
Diffstat (limited to 'sql/sql_prepare.cc')
| -rw-r--r-- | sql/sql_prepare.cc | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 27d98fdfeba..0392b4e5cd6 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -895,10 +895,9 @@ static int mysql_test_insert(Prepared_statement *stmt, int res= -1; TABLE_LIST *insert_table_list= (TABLE_LIST*) lex->select_lex.table_list.first; - my_bool update= (lex->value_list.elements ? UPDATE_ACL : 0); DBUG_ENTER("mysql_test_insert"); - if ((res= insert_precheck(thd, table_list, update))) + if ((res= insert_precheck(thd, table_list))) DBUG_RETURN(res); /* @@ -1388,8 +1387,7 @@ static int send_prepare_results(Prepared_statement *stmt, bool text_protocol) res= mysql_test_insert(stmt, tables, lex->field_list, lex->many_values, select_lex->item_list, lex->value_list, - (lex->value_list.elements ? - DUP_UPDATE : lex->duplicates)); + lex->duplicates); break; case SQLCOM_UPDATE: |