database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

stop evaluation constant functions in WHERE (BUG#4663)

Browse Source 
correct value of CURRENT_USER() in SP with "security definer" (BUG#7291)


BitKeeper/etc/config:
  switch off open logging
mysql-test/r/sp-security.result:
  correct value from current_user() in function run from "security definer"
mysql-test/r/view.result:
  evaluation constant functions in WHERE (BUG#4663)
mysql-test/t/sp-security.test:
  correct value from current_user() in function run from "security definer"
mysql-test/t/view.test:
  evaluation constant functions in WHERE (BUG#4663)
sql/item.cc:
  Item_static_string_func creation if it is need
sql/item.h:
  support of Item_static_string_func creation
sql/item_cmpfunc.cc:
  do not evaluate items during view creation
sql/item_create.cc:
  create Item_func_user
sql/item_strfunc.cc:
  Item_func_sysconst in case of converting value still have to correctly print itself
  => use Item_static_string_func instead of Item_string
      Item_func_user return USER() or CURRENT_USER()
sql/item_strfunc.h:
  support of correct charset conversion procedure in Item_func_sysconst
sql/sql_class.h:
  new method
sql/sql_yacc.yy:
  Item_func_user now support both USER() and CURRENT_USER(), so we have to pass parametr what it is
This commit is contained in:
unknown
2005-07-16 00:01:44 +03:00
parent 5ae3967c87
commit e84229b010
13 changed files with 197 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
mysql-test/r/sp-security.result
View File

@ -194,3 +194,27 @@ use test;
drop database sptest;
delete from mysql.user where user='usera' or user='userb' or user='userc';
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
use test;
select current_user();
current_user()
root@localhost
select user();
user()
root@localhost
create procedure bug7291_0 () sql security invoker select current_user(), user();
create procedure bug7291_1 () sql security definer call bug7291_0();
create procedure bug7291_2 () sql security invoker call bug7291_0();
grant execute on procedure bug7291_0 to user1@localhost;
grant execute on procedure bug7291_1 to user1@localhost;
grant execute on procedure bug7291_2 to user1@localhost;
call bug7291_2();
current_user() user()
user1@localhost user1@localhost
call bug7291_1();
current_user() user()
root@localhost user1@localhost
drop procedure bug7291_1;
drop procedure bug7291_2;
drop procedure bug7291_0;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
drop user user1@localhost;