mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-04-27 02:35:29 +02:00
Code Issues Projects Releases Packages Wiki Activity

MDEV-7025 ANALYZE SELECT/INSERT/UPDATE/DELETE from a view does not check access permissions on the view

Browse source 
Added access checking for the ANALYZE statement command.
This commit is contained in:
Vicențiu Ciorbaru 2015-03-04 12:20:10 +02:00
commit 0ed57e34c7
7 changed files with 125 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

7
sql/sql_view.cc
View file

@ -1292,11 +1292,12 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
Security_context *security_ctx= 0;
/*
Check rights to run commands (EXPLAIN SELECT & SHOW CREATE) which show
underlying tables.
Check rights to run commands (ANALYZE SELECT, EXPLAIN SELECT &
SHOW CREATE) which show underlying tables.
Skip this step if we are opening view for prelocking only.
*/
if (!table->prelocking_placeholder && (old_lex->describe))
if (!table->prelocking_placeholder && (old_lex->describe ||
old_lex->analyze_stmt))
{
/*
The user we run EXPLAIN as (either the connected user who issued