• Martin Hansson's avatar
    Bug#35600: Security breach via view, I_S table and prepared · c0cfce21
    Martin Hansson authored
    statement/stored procedure
    
    View privileges are properly checked after the fix for bug no 
    36086, so the method TABLE_LIST::get_db_name() must be used 
    instead of field TABLE_LIST::db, as this only works for tables.
    Bug appears when accessing views in prepared statements.
    
    mysql-test/r/view_grant.result:
      Bug#35600: Extended existing test case.
    mysql-test/t/view_grant.test:
      Bug#35600: Extended existing test result.
    sql/sql_parse.cc:
      Bug#35600: Using method to retrieve database name instead of
      field.
    c0cfce21
view_grant.test 34.4 KB