• Alexander Nozdrin's avatar
    Patch for Bug#57952 (privilege change is not taken into account by EXECUTE). · 1bd81f6b
    Alexander Nozdrin authored
    The user-visible problem was that changes to column-level privileges,
    happened in between of PREPARE and EXECUTE of a prepared statement, were
    neglected. I.e. a prepared statement could be executed with the
    column-level privileges as of PREPARE-time. The problem existed for
    column-level privileges only.
    
    A similar problem existed for stored programs: the changes between
    executions didn't have an effect.
    
    Technically the thing is that table references are cached in
    Prepared_statement::prepare() call. In subsequent
    Prepared_statement::execute() calls those cached values are used.
    There are two functions to get a field by name: find_field_in_table() and
    find_field_in_table_ref(). On prepare-phase find_field_in_table_ref() is
    called, on execute-phase -- find_field_in_table() because the table is
    cached. find_field_in_table() does not check column-level privileges and
    expects the caller to do that. The problem was that this check was
    forgotten.
    
    The fix is to check them there as it happens in find_field_in_table_ref().
    1bd81f6b
sql_base.cc 198 KB