All notable changes to laravel-query-builder
will be documented in this file
- prepend table name to
WHERE
clause for ambiguous exact filters (#467)
- fix config key to disable
InvalidFilterQuery
exception
- make nested scope compatible with older Laravel (#542)
- add ability to filter by nested relationship scopes (#519)
- add config key to disable
InvalidFilterQuery
exception (#525)
- update what defines an ignored filter value (#533)
- add LengthAwarePaginator to QueryBuilder (#532)
- Revert changes from v3.2.1 to
AllowedFilter::filter()
- Fix filtering associative arrays (#488)
- AllowedFilter::filter() takes a
Illuminate\Database\Eloquent\Builder
instead of a QueryBuilder instance
- add support for Laravel 8
- add individual array delimiters for includes, filters, appends and sorts
- ensure relations queried using the exact filter are actual relations on the model
New major version. Please read the UPGRADING guide before upgrading.
Spatie\QueryBuilder\QueryBuilder
class no longer extends Laravel'sIlluminate\Database\Eloquent\Builder
- fix scope filters that are added via macros (e.g.
onlyTrashed
) (#469)
- make service provider deferrable (#381)
- add support for Laravel 7
- small fix for lumen (#436)
- small fix for lumen in service provider
- add support for model binding in scope filter parameters (#415)
- fix alias for multiple allowed includes (#414)
- add
FiltersTrashed
for filtering soft-deleted models - add
FiltersCallback
for filtering using a callback
- fix dealing with empty or
null
includes (#395) - fix passing an associative array of scope filter values (#387)
- add
defaultDirection
- add support for a custom filter delimiter (#369)
- resolve
QueryBuilderRequest
from service container
- fix issue when passing camel-cased includes (#336)
- add option to disable parsing relationship constraints when filtering related model properties in the exact and partial filters (#262)
- fix selecting fields from included relationships that are multiple levels deep (#317)
- add support for Laravel 6
- update doc block for
QueryBuilder::for()
- add missing typehint in
SortsField
- removed request macros
- sorts and field selects are not allowed by default and need to be explicitly allowed
- requesting an include suffixed with
Count
will add the related models' count using$query->withCount()
- custom sorts and filters now need to be passed as instances
- renamed
Spatie\QueryBuilder\Sort
toSpatie\QueryBuilder\AllowedSort
- renamed
Spatie\QueryBuilder\Included
toSpatie\QueryBuilder\AllowedInclude
- renamed
Spatie\QueryBuilder\Filter
toSpatie\QueryBuilder\AllowedFilter
Filter
,Include
andSort
interfaces no longer need to return theBuilder
instanceallowedFields
should be called beforeallowedIncludes
- filters can now have default values
- includes will be converted to camelcase before being parsed
- bugfix: correctly parse sorts in
chunk
ed query (#299) - bugfix: don't parse empty values in arrays for partial filters (#285)
- bugfix:
orderByRaw
is no longer being rejected as a sorting option (#258) - bugfix:
addSelect
is no longer being replaced by the?fields
parameter (#260) - bugfix: take leading dash into account when remembering generated sort columns (#272)
- bugfix:
allowedIncludes
no longer adds duplicate includes for nested includes (#251)
- bugfix: remove duplicate parsing of (default) sort clauses
- bugfix: replace missing
sort()
method onQueryBuilderRequest
- bugfix: don't escape
allowedSort
s and their aliases - bugfix: don't escape
allowedField
s
- security fixes
- security fixes
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- moved features to traits
- started using
QueryBuilderRequest
to read data from the current request - deprecated request macros (
Request::filters()
,Request::includes()
, etc...) - raised minimum supported Laravel version to 5.6.34
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add support for multiple default sorts (#214)
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add support for Laravel 5.5 and up (again)
- add support for PHP 7.1 and up (again)
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- fix default sort not parsing correctly (#178)
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- drop support for Laravel 5.7 and lower
- drop support for PHP 7.1 and lower
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add aliased sorts (#164)
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add support for Laravel 5.8
- use Str:: and Arr:: instead of helper methods
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- fix detection of false-positives for ignored values (#154)
- fix broken morphTo includes (#130)
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- allow ignoring specific filter values using
$filter->ignore()
- allow filtering related model attributes
allowedFilters('related-model.name')
- fix for filtering by relation model properties
- add custom sort classes
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- allow differently named columns
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- fix exception when using filters with nested arrays (#117)
- fix overwritten fields when using
allowedIncludes
with many-to-many relationships (#118)
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- fix exception when using
allowedFields()
but selecting none
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add
allowedFields
method - fix & cleanup
Request::fields()
macro - fix fields option (
SELECT * FROM table
instead ofSELECT table.* FROM table
)
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- fix parsing empty filters from url
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- improve compatibility with Lumen
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add support for Laravel 5.7
- add framework/laravel as a dependency
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- improve compatibility with Lumen by only publishing the config file in console mode
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add support for instantiated custom filter classes
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- fix for using reserved SQL words as attributes in Postgres
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- make sure filtering on string with special characters just works
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- fix for using reserved SQL words as attributes
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- resolved #14
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- prevent double sorting statments
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- improvements around field selection
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add
Filter::scope()
for querying scopes - explicitly defining parent includes in nested queries is no longer required
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add
allowedAppends()
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add ability to customize query parameter names
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add support for selecting specific columns using
?fields[table]=field_name
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- allow arrays in filters
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add support for Laravel 5.6
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- fix: initializing scopes, macro's, the onDelete callback and eager loads from base query on QueryBuilder
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- use specific exceptions for every invalid query
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- allow multiple sorts
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- allow
allowedIncludes
,allowedFilters
andallowedSorts
to accept arrays
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- remove auto registering facade from composer.json
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add support for global scopes and soft deletes
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- bugfix: revert #11 (escaping
_
and%
in LIKE queries)
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- escape
_
and%
in LIKE queries
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- add ability to set a default sort attribute
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- bugfix: using
allowedSorts
together with an empty sort query parameter no longer throws an exception
DO NOT USE: THIS VERSION ALLOWS SQL INJECTION ATTACKS
- initial release! 🎉