Bug #41354: Access control is bypassed when all columns

of a view are selected by * wildcard Backported a part of the fix for 36086 to 5.0
2025-07-29 05:21:33 +03:00 · 2009-02-26 19:00:44 +02:00
parent ce78a8bd50
commit b337ac28d0
4 changed files with 89 additions and 7 deletions
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@ -5479,7 +5479,7 @@ insert_fields(THD *thd, Name_resolution_context *context, const char *db_name,

 #ifndef NO_EMBEDDED_ACCESS_CHECKS
    /* Ensure that we have access rights to all fields to be inserted. */
-    if (!((table && (table->grant.privilege & SELECT_ACL) ||
+    if (!((table && !tables->view && (table->grant.privilege & SELECT_ACL) ||
           tables->view && (tables->grant.privilege & SELECT_ACL))) &&
        !any_privileges)
    {