database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-25141 JSON_TABLE: SELECT into outfile bypasses file privilege check.

Browse Source 
access rights checking fixed.
This commit is contained in:
Alexey Botchkov
2021-03-17 18:28:31 +04:00
parent abdc39b0a7
commit 047eb2258d
4 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sql/sql_parse.cc
View File

@ -7104,9 +7104,6 @@ check_table_access(THD *thd, privilege_t requirements, TABLE_LIST *tables,
if (table_ref->is_anonymous_derived_table())
continue;
if (table_ref->table_function)
continue;
if (table_ref->sequence)
{
/* We want to have either SELECT or INSERT rights to sequences depending
@ -7116,7 +7113,9 @@ check_table_access(THD *thd, privilege_t requirements, TABLE_LIST *tables,
INSERT_ACL : SELECT_ACL);
}
if (check_access(thd, want_access, table_ref->get_db_name(),
if (check_access(thd, want_access,
table_ref->table_function ? any_db :
table_ref->get_db_name(),
&table_ref->grant.privilege,
&table_ref->grant.m_internal,
0, no_errors))