Fix/jsonapi nested eager loaded leak#60298
Closed
YoussefMansour9 wants to merge 2 commits into
Closed
Conversation
…el#60260) When using illuminate/database as a standalone package (without the full Laravel framework), the base_path() helper function is not available. Guard the call with function_exists() to prevent a fatal error.
…cluded Prevent unrequested nested eager-loaded relationships from appearing in the included section of JSON:API resource responses. - Thread sub-include paths through the compile chain so each sub-resource knows which relations were actually requested via the include query. - Rewrite compileIncludedNestedRelationshipsMap to check against the parsed include query instead of all loaded model relations. - Scope sub-resource resolution via a resolutionSparseIncluded property to prevent includePreviouslyLoadedRelationships from compiling unrequested eager-loaded relations. - Remove array_push in resolveIncludedResourceObjects since all intended nested entries are pre-populated during the initial compile. - Fix resolveResourceType Stringable return type (missing string cast exposed when generator is consumed). - Update chaperone test: inverse relations set by chaperone() are no longer automatically included unless explicitly in the include query. - Add test verifying that include=comments does not leak comments.commenter into included.
Member
|
Thanks for your pull request to Laravel! I appreciate you taking the time to submit this; however, it appears this contribution may have been primarily AI-generated without careful human review and consideration. We've found that AI-generated code often doesn't align well with Laravel's conventions, architectural decisions, and the specific context of what we're trying to accomplish with the framework. Quality contributions require thoughtful human insight into the codebase. If you're interested in contributing to Laravel, I'd encourage you to familiarize yourself with the existing codebase, engage with the community, and submit PRs that reflect your own understanding and careful consideration of the problem you're solving. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Prevent unrequested nested eager-loaded relationships from appearing in the
includedsection of JSON:API resource responses.Fixes #60126
Bug: When a resource is loaded with nested eager-loading like
Post::with('comments.commenter')->find($id)and onlyinclude=commentsis requested, thecommenterrelation leaks intoincluded. This happens becausecompileIncludedNestedRelationshipsMappre-populates ALL loaded model relations, andarray_pushinresolveIncludedResourceObjectspropagates them regardless of the include query.Changes:
includequery.compileIncludedNestedRelationshipsMapto check against the parsed include query instead of all loaded model relations.resolutionSparseIncludedproperty to preventincludePreviouslyLoadedRelationshipsfrom compiling unrequested eager-loaded relations.array_pushinresolveIncludedResourceObjectssince all intended nested entries are pre-populated during the initial compile.resolveResourceTypeStringable return type.chaperone()are no longer automatically included unless explicitly in theincludequery.include=commentsdoes not leakcomments.commenterintoincluded.