From 3ff72be24c7e3bfab595efa2c745984ae0e7fbbf Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@silverstripe.com>
Date: Tue, 19 Feb 2019 11:01:58 +0700
Subject: [PATCH] FIX StringTagField now works with SS-2018-021/CVE-2019-5715
 by serialising arrays before write

---
 src/StringTagField.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/StringTagField.php b/src/StringTagField.php
index edcbe65..eee2057 100644
--- a/src/StringTagField.php
+++ b/src/StringTagField.php
@@ -258,10 +258,20 @@ class StringTagField extends DropdownField
 
         $name = $this->getName();
 
-        $record->$name = join(',', $this->Value());
+        $record->$name = $this->dataValue();
         $record->write();
     }
 
+    /**
+     * Ensure that arrays are imploded before being saved
+     *
+     * @return mixed|string
+     */
+    public function dataValue()
+    {
+        return implode(',', $this->value);
+    }
+
     /**
      * Returns a JSON string of tags, for lazy loading.
      *