Merge pull request #55 from glowingblue/gb-dev/safer-join-query

Specify wich table to select data from in join query

src/Jobs/SendNotificationWhenDiscussionIsReTagged.php

@@ -59,7 +59,9 @@ public function handle(NotificationSyncer $notifications)
             return;
         }
 
-        $notify = User::where('users.id', '!=', $this->actor->id)
+        // The `select(...)` part is not mandatory here, but makes the query safer. See #55.
+        $notify = User::select('users.*')
+            ->where('users.id', '!=', $this->actor->id)
             ->join('tag_user', 'tag_user.user_id', '=', 'users.id')
             ->whereIn('tag_user.tag_id', $tagIds->all())
             ->whereIn('tag_user.subscription', ['follow', 'lurk'])

src/Jobs/SendNotificationWhenDiscussionIsStarted.php

@@ -53,7 +53,9 @@ public function handle(NotificationSyncer $notifications)
             return;
         }
 
-        $notify = User::where('users.id', '!=', $this->discussion->user_id)
+        // The `select(...)` part is not mandatory here, but makes the query safer. See #55.
+        $notify = User::select('users.*')
+            ->where('users.id', '!=', $this->discussion->user_id)
             ->join('tag_user', 'tag_user.user_id', '=', 'users.id')
             ->whereIn('tag_user.tag_id', $tagIds->all())
             ->whereIn('tag_user.subscription', ['follow', 'lurk'])

src/Jobs/SendNotificationWhenReplyIsPosted.php

@@ -60,6 +60,8 @@ public function handle(NotificationSyncer $notifications)
         }
 
         $notify = $this->post->discussion->readers()
+            // The `select(...)` part is not mandatory here, but makes the query safer. See #55.
+            ->select('users.*')
             ->where('users.id', '!=', $this->post->user_id)
             ->join('tag_user', 'tag_user.user_id', '=', 'users.id')
             ->whereIn('tag_user.tag_id', $tagIds->all())