Is A Data Object Supposed To Allow The Setting Of Arbitrary Fields?

[TheFerrettDeveloper]

class DataExample extends Data
{
    public function __construct(
        public readonly int $id,
    ) {
    }
}

$DataExample = DataExample::validateAndCreate(['id' => $productId]);

$DataExample->asfdasfd = 'Should this be allowed to be set?';

//string(33) "Should this be allowed to be set?"
var_dump($DataExample->asfdasfd);

Maybe I'm misunderstanding the way Spatie-Data's supposed to work, but I would have expected setting a field that's not an object property would throw some kind of error - or at the very least, not allow to access it. (Admittedly, this doesn't return the new field when you toArray() or dump the object as a whole, and it has the same behavior if you put asfdasfd into the validateAndCreate() array - though it doesn't throw an error for having asfdasfd, it just silently discards.)

Is there a way to prevent unauthorized fields from being set in case someone makes a typo, et al? Or is this expected Spatie-Data behavior?

[rubenvanassche]

That's valid behavior because PHP allows it for every object. In PHP 9 this behavior is removed. For now you could overwrite the __set and __get methods to throw exceptions. Not something I'm going to add in the package since we try to stick to PHP default behaviour.