Closed uesley closed 4 years ago
PRs welcome 👍
I might take a closer look but probably on Sunday.
Thanks!
Same issue here. i have to downgrade to laravel/framework v6.18.32
with composer require laravel/framework:6.18.32
But be patient this release has the vulnerability wich is fixed with the v6.18.35 and actual not working with this package
laravel/framework (v6.18.32)
----------------------------
* [CVE-NONE-0001][]: Guard bypass in Eloquent models
[CVE-NONE-0001]: https://blog.laravel.com/security-release-laravel-61834-7232
I had the same problem here.
I fixed the version.
Edit: I noticed what I posted below gets mentioned on the PR. Leaving it in as-is, but it is known.
To continue where @Jannnnnn left off, the exact fix that causes this error, is mentioned on the 6.18.35 / 7.25.0 release announcement.
Today's patch fixes this and other potential unexpected behaviors by comparing the column that is being updated with an actual list of database columns that exist on the database table.
Since this involves a security fix that fixes some protected JSON assignments (like foo->bar
whilst foo
is guarded), it's good to cross-check this against code known to exploit stuff like this. Maybe mocking such a request in a unit test.
An easy fix is also suggested:
As a personal recommendation, I recommend always using
$fillable
instead of$guarded
Description:
Recently, was merged https://github.com/laravel/framework/pull/33777. Since then, I'm getting an error when I try to use the create method with a model that has $guarded attribute
Steps to reproduce
Expected behaviour
It should create a object with property 'foo' in database
Actual behaviour
PHP Error: Call to a member function compileColumnListing() on null in /home/project/vendor/laravel/framework/src/Illuminate/Database/Schema/Builder.php on line 136