Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[9.x] Add Eloquent mode to prevent silently discarding fills for attributes not in $fillable #43893

Merged
merged 6 commits into from
Sep 1, 2022
Merged

[9.x] Add Eloquent mode to prevent silently discarding fills for attributes not in $fillable #43893

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
d95c1c8
Update Model.php
ralphjsmit Aug 27, 2022
b74b436
Rework to not use container
ralphjsmit Aug 27, 2022
a85515b
Update Model.php
ralphjsmit Aug 27, 2022
aacb735
Style
ralphjsmit Aug 27, 2022
3d74845
Update comment
ralphjsmit Aug 27, 2022
8470643
formatting
taylorotwell Sep 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 29 additions & 1 deletion src/Illuminate/Database/Eloquent/Model.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,13 @@ abstract class Model implements Arrayable, ArrayAccess, CanBeEscapedWhenCastToSt
*/
protected static $lazyLoadingViolationCallback;

/**
* Indicates if an exception should be thrown instead of silently discarding non-fillable attributes.
*
* @var bool
*/
protected static $modelsShouldPreventSilentlyDiscardingAttributes = false;

/**
* Indicates if broadcasting is currently enabled.
*
Expand Down Expand Up @@ -392,6 +399,17 @@ public static function handleLazyLoadingViolationUsing(?callable $callback)
static::$lazyLoadingViolationCallback = $callback;
}

/**
* Prevent non-fillable attributes from being silently discarded.
*
* @param bool $value
* @return void
*/
public static function preventSilentlyDiscardingAttributes($value = true)
{
static::$modelsShouldPreventSilentlyDiscardingAttributes = $value;
}

/**
* Execute a callback without broadcasting any model events for all model types.
*
Expand Down Expand Up @@ -429,7 +447,7 @@ public function fill(array $attributes)
// the model, and all others will just get ignored for security reasons.
if ($this->isFillable($key)) {
$this->setAttribute($key, $value);
} elseif ($totallyGuarded) {
} elseif ($totallyGuarded || static::preventsSilentlyDiscardingAttributes()) {
throw new MassAssignmentException(sprintf(
'Add [%s] to fillable property to allow mass assignment on [%s].',
$key, get_class($this)
Expand Down Expand Up @@ -2061,6 +2079,16 @@ public static function preventsLazyLoading()
return static::$modelsShouldPreventLazyLoading;
}

/**
* Determine if discarding guarded attribute fills is disabled.
*
* @return bool
*/
public static function preventsSilentlyDiscardingAttributes()
{
return static::$modelsShouldPreventSilentlyDiscardingAttributes;
}

/**
* Get the broadcast channel route definition that is associated with the given entity.
*
Expand Down
9 changes: 9 additions & 0 deletions tests/Database/DatabaseEloquentModelTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1280,6 +1280,15 @@ public function testGuarded()
$model->guard(['name', 'age']);
$model->fill(['Foo' => 'bar']);
$this->assertFalse(isset($model->Foo));

$handledMassAssignmentExceptions = 0;

Model::preventSilentlyDiscardingAttributes();

$this->expectException(MassAssignmentException::class);
$model = new EloquentModelStub;
$model->guard(['name', 'age']);
$model->fill(['Foo' => 'bar']);
}

public function testFillableOverridesGuarded()
Expand Down