From 20becd7430c48c7c33b9b02ce1c547c7776644d9 Mon Sep 17 00:00:00 2001
From: Sven Westerlaken <44165190+svenV88@users.noreply.github.com>
Date: Tue, 11 Dec 2018 14:48:56 +0100
Subject: [PATCH 1/3] Update faulty import of TagField component

---
 client/src/boot/registerComponents.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/src/boot/registerComponents.js b/client/src/boot/registerComponents.js
index cf56f76..29108fa 100644
--- a/client/src/boot/registerComponents.js
+++ b/client/src/boot/registerComponents.js
@@ -1,5 +1,5 @@
 import Injector from 'lib/Injector';
-import TagField from 'components/TagField';
+import TagField from '../components/TagField';
 
 export default () => {
   Injector.component.registerMany({

From 7b7dc3e58e77ff6baea8e989fdf3f7540146db3e Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@silverstripe.com>
Date: Tue, 12 Feb 2019 18:46:48 +0700
Subject: [PATCH 2/3] Add missing react-addons-test-utils dependency

---
 package.json | 1 +
 yarn.lock    | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 4f2db4b..33e7ede 100644
--- a/package.json
+++ b/package.json
@@ -65,6 +65,7 @@
     "enzyme-adapter-react-15.4": "^1.0.5",
     "html-loader": "^0.5.1",
     "jest-cli": "^19.0.2",
+    "react-addons-test-utils": "15.3.1",
     "webpack": "^2"
   },
   "dependencies": {
diff --git a/yarn.lock b/yarn.lock
index 4dbc320..5da0bea 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2095,7 +2095,6 @@ date-now@^0.1.4:
 debounce-promise@^3.1.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/debounce-promise/-/debounce-promise-3.1.0.tgz#25035f4b45017bd51a7bef8b3bd9f6401dc47423"
-  integrity sha1-JQNfS0UBe9Uae++LO9n2QB3EdCM=
 
 debug@3.1.0, debug@^3.1.0:
   version "3.1.0"
@@ -6644,6 +6643,10 @@ rc@^1.0.1, rc@^1.1.6, rc@^1.2.7:
     minimist "^1.2.0"
     strip-json-comments "~2.0.1"
 
+react-addons-test-utils@15.3.1:
+  version "15.3.1"
+  resolved "https://registry.yarnpkg.com/react-addons-test-utils/-/react-addons-test-utils-15.3.1.tgz#b3b64e15d7d85f6d190020dca641218684b1124d"
+
 react-dom@15.3.1:
   version "15.3.1"
   resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-15.3.1.tgz#6d42cd2b64c8c5e0b693f3ffaec301e6e627e24e"

From daf71e2fabee9dabeccbd4573a73d0c362d69659 Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@silverstripe.com>
Date: Tue, 19 Feb 2019 11:01:58 +0700
Subject: [PATCH 3/3] FIX StringTagField now works with
 SS-2018-021/CVE-2019-5715 by serialising arrays before write

---
 src/StringTagField.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/StringTagField.php b/src/StringTagField.php
index 06dd1b1..00cbbfb 100644
--- a/src/StringTagField.php
+++ b/src/StringTagField.php
@@ -269,10 +269,20 @@ class StringTagField extends DropdownField
 
         $name = $this->getName();
 
-        $record->$name = implode(',', $this->Value());
+        $record->$name = $this->dataValue();
         $record->write();
     }
 
+    /**
+     * Ensure that arrays are imploded before being saved
+     *
+     * @return mixed|string
+     */
+    public function dataValue()
+    {
+        return implode(',', $this->value);
+    }
+
     /**
      * Returns a JSON string of tags, for lazy loading.
      *