[9.x] Add Eloquent mode to prevent prevently silently discarding fills for attributes not in $fillable (#43893)

* Update Model.php

* Rework to not use container

* Update Model.php

* Style

* Update comment

* formatting

Co-authored-by: Taylor Otwell <[email protected]>

Author: ralphjsmit

src/Illuminate/Database/Eloquent/Model.php

@@ -174,6 +174,13 @@ abstract class Model implements Arrayable, ArrayAccess, CanBeEscapedWhenCastToSt
      */
     protected static $lazyLoadingViolationCallback;
 
+    /**
+     * Indicates if an exception should be thrown instead of silently discarding non-fillable attributes.
+     *
+     * @var bool
+     */
+    protected static $modelsShouldPreventSilentlyDiscardingAttributes = false;
+
     /**
      * Indicates if broadcasting is currently enabled.
      *
@@ -392,6 +399,17 @@ public static function handleLazyLoadingViolationUsing(?callable $callback)
         static::$lazyLoadingViolationCallback = $callback;
     }
 
+    /**
+     * Prevent non-fillable attributes from being silently discarded.
+     *
+     * @param  bool  $value
+     * @return void
+     */
+    public static function preventSilentlyDiscardingAttributes($value = true)
+    {
+        static::$modelsShouldPreventSilentlyDiscardingAttributes = $value;
+    }
+
     /**
      * Execute a callback without broadcasting any model events for all model types.
      *
@@ -429,7 +447,7 @@ public function fill(array $attributes)
             // the model, and all others will just get ignored for security reasons.
             if ($this->isFillable($key)) {
                 $this->setAttribute($key, $value);
-            } elseif ($totallyGuarded) {
+            } elseif ($totallyGuarded || static::preventsSilentlyDiscardingAttributes()) {
                 throw new MassAssignmentException(sprintf(
                     'Add [%s] to fillable property to allow mass assignment on [%s].',
                     $key, get_class($this)
@@ -2061,6 +2079,16 @@ public static function preventsLazyLoading()
         return static::$modelsShouldPreventLazyLoading;
     }
 
+    /**
+     * Determine if discarding guarded attribute fills is disabled.
+     *
+     * @return bool
+     */
+    public static function preventsSilentlyDiscardingAttributes()
+    {
+        return static::$modelsShouldPreventSilentlyDiscardingAttributes;
+    }
+
     /**
      * Get the broadcast channel route definition that is associated with the given entity.
      *

tests/Database/DatabaseEloquentModelTest.php

@@ -1280,6 +1280,15 @@ public function testGuarded()
         $model->guard(['name', 'age']);
         $model->fill(['Foo' => 'bar']);
         $this->assertFalse(isset($model->Foo));
+
+        $handledMassAssignmentExceptions = 0;
+
+        Model::preventSilentlyDiscardingAttributes();
+
+        $this->expectException(MassAssignmentException::class);
+        $model = new EloquentModelStub;
+        $model->guard(['name', 'age']);
+        $model->fill(['Foo' => 'bar']);
     }
 
     public function testFillableOverridesGuarded()