• unknown's avatar
    Bug#24404: strange bug with view+permission+prepared statement. · 0541dcad
    unknown authored
    The problem was that if a prepared statement accessed a view, the
    access to the tables listed in the query after that view was done in
    the security context of the view.
    
    The bug was in the assigning of the security context to the tables
    belonging to a view: we traversed the list of all query tables
    instead.  It didn't show up in the normal (non-prepared) statements
    because of the different order of the steps of checking privileges
    and descending into a view for normal and prepared statements.
    
    The solution is to traverse the list and stop once the last table
    belonging to the view was processed.
    
    
    mysql-test/r/view_grant.result:
      Add result for bug#24404: strange bug with view+permission+prepared
      statement.
    mysql-test/t/view_grant.test:
      Add test case for bug#24404: strange bug with view+permission+prepared
      statement.
    sql/sql_view.cc:
      Remove dead line.
      When setting security context, we should traverse the list of tables
      belonging to a given view, not all query tables.  We achieve that by
      stopping at the first table past view_tables_tail.
    0541dcad
view_grant.result 31.1 KB