Fix for bug #6173 "One can circumvent missing UPDATE privilege if

he has SELECT and INSERT privileges for table with primary key" Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck() function (this also fixes a bug) and some other code.
2025-07-30 16:24:05 +03:00 · 2004-10-20 16:04:43 +04:00
parent 1354b1bd5d
commit 75d816627c
6 changed files with 85 additions and 18 deletions
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@ -2682,12 +2682,11 @@ unsent_create_error:
  case SQLCOM_REPLACE:
  case SQLCOM_INSERT:
  {
-    my_bool update= (lex->value_list.elements ? UPDATE_ACL : 0);
-    if ((res= insert_precheck(thd, tables, update)))
+    if ((res= insert_precheck(thd, tables)))
      break;
    res = mysql_insert(thd,tables,lex->field_list,lex->many_values,
                       select_lex->item_list, lex->value_list,
-                       (update ? DUP_UPDATE : lex->duplicates));
+                       lex->duplicates);
    if (thd->net.report_error)
      res= -1;
    break;
@ -5366,13 +5365,14 @@ int delete_precheck(THD *thd, TABLE_LIST *tables)
    -1  error (message is not sent to user)
 */

-int insert_precheck(THD *thd, TABLE_LIST *tables, bool update)
+int insert_precheck(THD *thd, TABLE_LIST *tables)
 {
  LEX *lex= thd->lex;
  DBUG_ENTER("insert_precheck");

-  ulong privilege= (lex->duplicates == DUP_REPLACE ?
-		    INSERT_ACL | DELETE_ACL : INSERT_ACL | update);
+  ulong privilege= INSERT_ACL |
+                   (lex->duplicates == DUP_REPLACE ? DELETE_ACL : 0) |
+                   (lex->duplicates == DUP_UPDATE ? UPDATE_ACL : 0);

  if (check_one_table_access(thd, privilege, tables))
    DBUG_RETURN(1);