Be careful if you're not scoping your route model bindings

Be careful if you're not scoping your route model bindings

I've caught myself writing this security bug many times in controllers, making the assumption that Laravel will retrieve child route bound models by the parent model by default. Be careful if you're not scoping your route model bindings!

We're writing a book, you can get it for free here.