-
unknown authored
database. If a user has a right to update anything in the current database then the access was granted and further checks of access rights for underlying tables wasn't done correctly. The check is done before a view is opened and thus no check of access rights for underlying tables can be carried out. This allows a user to update through a view a table from another database for which he hasn't enough rights. Now the mysql_update() and the mysql_test_update() functions are forces re-checking of access rights after a view is opened. mysql-test/t/grant.test: Added a test case for the bug#27878: Unchecked privileges on a view referring to a table from another database. mysql-test/r/grant.result: Added a test case for the bug#27878: Unchecked privileges on a view referring to a table from another database. sql/sql_update.cc: Bug#27878: Unchecked privileges on a view referring to a table from another database. Now the mysql_update() function forces re-checking of access rights after the view is opened. sql/sql_prepare.cc: Bug#27878: Unchecked privileges on a view referring to a table from another database. Now the mysql_test_update() function forces re-checking of access rights after the view is opened.
1fab38c5