From a2fc4843e38fcf12cacd526f1227cc0b30488bb5 Mon Sep 17 00:00:00 2001 From: unknown Date: Sun, 2 Jul 2006 14:35:45 +0400 Subject: Bug#20570: CURRENT_USER() in a VIEW with SQL SECURITY DEFINER returns invoker name The bug was fixed similar to how context switch is handled in Item_func_sp::execute_impl(): we store pointer to current Name_resolution_context in Item_func_current_user class, and use its Security_context in Item_func_current_user::fix_fields(). mysql-test/r/view_grant.result: Add result for bug#20570. mysql-test/t/view_grant.test: Add test case for bug#20570. sql/item_create.cc: Remove create_func_current_user(), as it is not used for automatic function creation. sql/item_create.h: Remove prototype for create_func_current_user(). sql/item_strfunc.cc: Add implementations for Item_func_user::init(), Item_func_user::fix_fields() and Item_func_current_user::fix_fields() methods. The latter uses Security_context from current Name_resolution_context, if one is defined. sql/item_strfunc.h: Move implementation of CURRENT_USER() out of Item_func_user to to new Item_func_current_user class. For both classes calculate user name in fix_fields() method. For Item_func_current_user add context field to store Name_resolution_context in effect. sql/sql_yacc.yy: Pass current Name_resolution_context to Item_func_current_user. --- sql/item_create.h | 1 - 1 file changed, 1 deletion(-) (limited to 'sql/item_create.h') diff --git a/sql/item_create.h b/sql/item_create.h index 35db9be3c89..cf61f90f91d 100644 --- a/sql/item_create.h +++ b/sql/item_create.h @@ -73,7 +73,6 @@ Item *create_func_period_add(Item* a, Item *b); Item *create_func_period_diff(Item* a, Item *b); Item *create_func_pi(void); Item *create_func_pow(Item* a, Item *b); -Item *create_func_current_user(void); Item *create_func_radians(Item *a); Item *create_func_release_lock(Item* a); Item *create_func_repeat(Item* a, Item *b); -- cgit v1.2.1