• evgen@moonbone.local's avatar
    Bug#27878: Unchecked privileges on a view referring to a table from another · 34f47812
    evgen@moonbone.local authored
    database.
    
    If a user has a right to update anything in the current database then the 
    access was granted and further checks of access rights for underlying tables
    wasn't done correctly. The check is done before a view is opened and thus no
    check of access rights for underlying tables can be carried out.
    This allows a user to update through a view a table from another database for
    which he hasn't enough rights.
    
    Now the mysql_update() and the mysql_test_update() functions are forces
    re-checking of access rights after a view is opened.
    34f47812
grant.test 34.4 KB