dont allow mass filling with table names

taylorotwell · taylorotwell · commit 260dc0a2d75c · 2020-08-06T09:54:27.000-05:00
diff --git a/Eloquent/Concerns/GuardsAttributes.php b/Eloquent/Concerns/GuardsAttributes.php
@@ -152,6 +152,7 @@ public function isFillable($key)
         }
 
         return empty($this->getFillable()) &&
+            strpos($key, '.') === false &&
             ! Str::startsWith($key, '_');
     }
 
diff --git a/Eloquent/Model.php b/Eloquent/Model.php
@@ -376,15 +376,6 @@ public function qualifyColumn($column)
      */
     protected function removeTableFromKey($key)
     {
-        if (strpos($key, '.') !== false) {
-            if (! empty($this->getGuarded()) &&
-                $this->getGuarded() !== ['*']) {
-                throw new LogicException('Mass assignment of Eloquent attributes including table names is unsafe when guarding attributes.');
-            }
-
-            return last(explode('.', $key));
-        }
-
         return $key;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -152,6 +152,7 @@ public function isFillable($key)`
`152`	`152`	`}`
`153`	`153`
`154`	`154`	`return empty($this->getFillable()) &&`
	`155`	`+ strpos($key, '.') === false &&`
`155`	`156`	`! Str::startsWith($key, '_');`
`156`	`157`	`}`
`157`	`158`