dont allow mass filling with table names

illuminate · Aug 6, 2020 · 260dc0a · 260dc0a
1 parent 56e6134
commit 260dc0a
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 9 deletions.
diff --git a/Eloquent/Concerns/GuardsAttributes.php b/Eloquent/Concerns/GuardsAttributes.php
@@ -152,6 +152,7 @@ public function isFillable($key)
         }
 
         return empty($this->getFillable()) &&
+            strpos($key, '.') === false &&
             ! Str::startsWith($key, '_');
     }
 

diff --git a/Eloquent/Model.php b/Eloquent/Model.php
@@ -376,15 +376,6 @@ public function qualifyColumn($column)
      */
     protected function removeTableFromKey($key)
     {
-        if (strpos($key, '.') !== false) {
-            if (! empty($this->getGuarded()) &&
-                $this->getGuarded() !== ['*']) {
-                throw new LogicException('Mass assignment of Eloquent attributes including table names is unsafe when guarding attributes.');
-            }
-
-            return last(explode('.', $key));
-        }
-
         return $key;
     }