mirror of
https://github.com/silverstripe/silverstripe-tagfield
synced 2024-06-26 14:39:27 +02:00
FIX StringTagField now works with SS-2018-021/CVE-2019-5715 by serialising arrays before write
This commit is contained in:
parent
058bc8c3d5
commit
3ff72be24c
|
@ -258,10 +258,20 @@ class StringTagField extends DropdownField
|
||||||
|
|
||||||
$name = $this->getName();
|
$name = $this->getName();
|
||||||
|
|
||||||
$record->$name = join(',', $this->Value());
|
$record->$name = $this->dataValue();
|
||||||
$record->write();
|
$record->write();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Ensure that arrays are imploded before being saved
|
||||||
|
*
|
||||||
|
* @return mixed|string
|
||||||
|
*/
|
||||||
|
public function dataValue()
|
||||||
|
{
|
||||||
|
return implode(',', $this->value);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a JSON string of tags, for lazy loading.
|
* Returns a JSON string of tags, for lazy loading.
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in New Issue
Block a user