Bug #21080: ALTER VIEW makes user restate SQL SECURITY mode, and ALGORITHM

When executing ALTER TABLE all the attributes of the view were overwritten. This is contrary to the user's expectations. So some of the view attributes are preserved now : namely security and algorithm. This means that if they are not specified in ALTER VIEW their values are preserved from CREATE VIEW instead of being defaulted.
2025-01-16 12:02:42 +01:00 · 2006-07-31 17:33:37 +03:00 · 2006-07-31 17:33:37 +03:00 · 8944564fd8
commit 8944564fd8
parent 9e9fb3e4e4
6 changed files with 88 additions and 4 deletions
--- a/mysql-test/r/view.result
+++ b/mysql-test/r/view.result
@ -2807,3 +2807,14 @@ yadda
 yad
 DROP VIEW v1;
 DROP TABLE t1;
+CREATE TABLE t1 (x INT, y INT);
+CREATE ALGORITHM=TEMPTABLE SQL SECURITY INVOKER VIEW v1 AS SELECT x FROM t1;
+SHOW CREATE VIEW v1;
+View	Create View
+v1	CREATE ALGORITHM=TEMPTABLE DEFINER=`root`@`localhost` SQL SECURITY INVOKER VIEW `v1` AS select `t1`.`x` AS `x` from `t1`
+ALTER VIEW v1 AS SELECT x, y FROM t1;
+SHOW CREATE VIEW v1;
+View	Create View
+v1	CREATE ALGORITHM=TEMPTABLE DEFINER=`root`@`localhost` SQL SECURITY INVOKER VIEW `v1` AS select `t1`.`x` AS `x`,`t1`.`y` AS `y` from `t1`
+DROP VIEW v1;
+DROP TABLE t1;
--- a/mysql-test/t/view.test
+++ b/mysql-test/t/view.test
@ -2667,3 +2667,16 @@ SELECT * FROM v1;
 DROP VIEW v1;

 DROP TABLE t1;
+
+#
+#Bug #21080: ALTER VIEW makes user restate SQL SECURITY mode, and ALGORITHM
+#
+CREATE TABLE t1 (x INT, y INT);
+CREATE ALGORITHM=TEMPTABLE SQL SECURITY INVOKER VIEW v1 AS SELECT x FROM t1;
+SHOW CREATE VIEW v1;
+
+ALTER VIEW v1 AS SELECT x, y FROM t1;
+SHOW CREATE VIEW v1;
+
+DROP VIEW v1;
+DROP TABLE t1;
--- a/sql/sql_lex.h
+++ b/sql/sql_lex.h
@ -978,7 +978,7 @@ typedef struct st_lex : public Query_tables_list
  /*
    view created to be run from definer (standard behaviour)
  */
-  bool create_view_suid;
+  uint8 create_view_suid;
  /* Characterstics of trigger being created */
  st_trg_chistics trg_chistics;
  /*
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@ -155,6 +155,54 @@ err:
  DBUG_RETURN(TRUE);
 }

+/*
+  Fill defined view parts
+
+  SYNOPSIS
+    fill_defined_view_parts()
+      thd                current thread.
+      view               view to operate on
+
+  DESCRIPTION
+    This function will initialize the parts of the view 
+    definition that are not specified in ALTER VIEW
+    to their values from CREATE VIEW.
+    The view must be opened to get its definition.
+    We use a copy of the view when opening because we want 
+    to preserve the original view instance.
+
+  RETURN VALUE
+    TRUE                 can't open table
+    FALSE                success
+*/
+static bool
+fill_defined_view_parts (THD *thd, TABLE_LIST *view)
+{
+  LEX *lex= thd->lex;
+  bool not_used;
+  TABLE_LIST decoy;
+
+  memcpy (&decoy, view, sizeof (TABLE_LIST));
+  if (!open_table(thd, &decoy, thd->mem_root, &not_used, 0) &&
+      !decoy.view)
+  {
+    return TRUE;
+  }
+  if (!lex->definer)
+  {
+    view->definer.host= decoy.definer.host;
+    view->definer.user= decoy.definer.user;
+    lex->definer= &view->definer;
+  }
+  if (lex->create_view_algorithm == VIEW_ALGORITHM_UNDEFINED)
+    lex->create_view_algorithm= decoy.algorithm;
+  if (lex->create_view_suid == VIEW_SUID_DEFAULT)
+    lex->create_view_suid= decoy.view_suid ? 
+      VIEW_SUID_DEFINER : VIEW_SUID_INVOKER;
+
+  return FALSE;
+}
+

 /*
  Creating/altering VIEW procedure
@ -207,7 +255,15 @@ bool mysql_create_view(THD *thd,
  }

  if (mode != VIEW_CREATE_NEW)
+  {
+    if (mode == VIEW_ALTER &&
+        fill_defined_view_parts(thd, view))
+    {
+      res= TRUE;
+      goto err;
+    }
    sp_cache_invalidate();
+  }

  if (!lex->definer)
  {
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@ -8997,11 +8997,11 @@ view_algorithm_opt:

 view_suid:
 	/* empty */
-	{ Lex->create_view_suid= TRUE; }
+	{ Lex->create_view_suid= VIEW_SUID_DEFAULT; }
 	| SQL_SYM SECURITY_SYM DEFINER_SYM
-	{ Lex->create_view_suid= TRUE; }
+	{ Lex->create_view_suid= VIEW_SUID_DEFINER; }
 	| SQL_SYM SECURITY_SYM INVOKER_SYM
-	{ Lex->create_view_suid= FALSE; }
+	{ Lex->create_view_suid= VIEW_SUID_INVOKER; }
 	;

 view_tail:
--- a/sql/table.h
+++ b/sql/table.h
@ -360,6 +360,10 @@ typedef struct st_schema_table
 #define VIEW_ALGORITHM_TMPTABLE         1
 #define VIEW_ALGORITHM_MERGE            2

+#define VIEW_SUID_INVOKER               0
+#define VIEW_SUID_DEFINER               1
+#define VIEW_SUID_DEFAULT               2
+
 /* view WITH CHECK OPTION parameter options */
 #define VIEW_CHECK_NONE       0
 #define VIEW_CHECK_LOCAL      1