FIX StringTagField now works with SS-2018-021/CVE-2019-5715 by serial…

…ising arrays before write
silverstripe · Feb 19, 2019 · 3ff72be · 3ff72be
1 parent 058bc8c
commit 3ff72be
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/src/StringTagField.php b/src/StringTagField.php
@@ -258,10 +258,20 @@ public function saveInto(DataObjectInterface $record)
 
         $name = $this->getName();
 
-        $record->$name = join(',', $this->Value());
+        $record->$name = $this->dataValue();
         $record->write();
     }
 
+    /**
+     * Ensure that arrays are imploded before being saved
+     *
+     * @return mixed|string
+     */
+    public function dataValue()
+    {
+        return implode(',', $this->value);
+    }
+
     /**
      * Returns a JSON string of tags, for lazy loading.
      *