If you're using parent-child model route bindings, check out `scopeBindings()`! It'll ensure any child models are loaded from the parent scope, preventing sneaky authorisation bypassing through mismatched relations.
https://securinglaravel.com/p/security-tip-scoping-bindings#Laravel#PHP
↧
Article 0
↧