Bug#16681 information_schema shows forbidden VIEW details

show view definition to users that have the needed privilleges
2025-12-24 11:21:21 +03:00 · 2006-05-23 12:45:25 +05:00
parent 4a673444f7
commit 457aea43fc
3 changed files with 57 additions and 3 deletions
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -3076,11 +3076,33 @@ static int get_schema_views_record(THD *thd, struct st_table_list *tables,

  if (tables->view)
  {
+    Security_context *sctx= thd->security_ctx;
+    ulong grant= SHOW_VIEW_ACL;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+    char *save_table_name= tables->table_name;
+    if (!my_strcasecmp(system_charset_info, tables->definer.user.str,
+                       sctx->priv_user) &&
+        !my_strcasecmp(system_charset_info, tables->definer.host.str,
+                       sctx->priv_host))
+      grant= SHOW_VIEW_ACL;
+    else
+    {
+      tables->table_name= tables->view_name.str;
+      if (check_access(thd, SHOW_VIEW_ACL , base_name,
+                       &tables->grant.privilege, 0, 1,
+                       test(tables->schema_table)))
+        grant= get_table_grant(thd, tables);
+      else
+        grant= tables->grant.privilege;
+    }
+    tables->table_name= save_table_name;
+#endif
+
    restore_record(table, s->default_values);
    table->field[1]->store(tables->view_db.str, tables->view_db.length, cs);
-    table->field[2]->store(tables->view_name.str, tables->view_name.length,
-                           cs);
-    table->field[3]->store(tables->query.str, tables->query.length, cs);
+    table->field[2]->store(tables->view_name.str, tables->view_name.length, cs);
+    if (grant & SHOW_VIEW_ACL)
+      table->field[3]->store(tables->query.str, tables->query.length, cs);

    if (tables->with_check != VIEW_CHECK_NONE)
    {