• Martin Hansson's avatar
    Bug#35600: Security breach via view, I_S table and prepared · 0abc0ead
    Martin Hansson authored
    statement/stored procedure
    
    View privileges are properly checked after the fix for bug no 
    36086, so the method TABLE_LIST::get_db_name() must be used 
    instead of field TABLE_LIST::db, as this only works for tables.
    Bug appears when accessing views in prepared statements.
    0abc0ead
sql_parse.cc 224 KB