tonyair
/
silverstripe-tagfield
mirror of https://github.com/silverstripe/silverstripe-tagfield
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #137 from creative-commoners/pulls/2.0/scalars 

FIX StringTagField now works with SS-2018-021/CVE-2019-5715 by serialising arrays before write
This commit is contained in:
Guy Marriott 2019-02-19 17:14:23 +13:00 committed by GitHub
parent 058bc8c3d5 3ff72be24c
commit dac02faa66
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/StringTagField.php
View File

@ -258,10 +258,20 @@ class StringTagField extends DropdownField
$name = $this->getName();
$record->$name = join(',', $this->Value());
$record->$name = $this->dataValue();
$record->write();
}
/**
* Ensure that arrays are imploded before being saved
*
* @return mixed|string
*/
public function dataValue()
{
return implode(',', $this->value);
}
/**
* Returns a JSON string of tags, for lazy loading.
*