mirror of
https://github.com/silverstripe/silverstripe-tagfield
synced 2024-06-13 08:24:53 +02:00
Merge pull request #137 from creative-commoners/pulls/2.0/scalars
FIX StringTagField now works with SS-2018-021/CVE-2019-5715 by serialising arrays before write
This commit is contained in:
commit
dac02faa66
|
@ -258,10 +258,20 @@ class StringTagField extends DropdownField
|
||||||
|
|
||||||
$name = $this->getName();
|
$name = $this->getName();
|
||||||
|
|
||||||
$record->$name = join(',', $this->Value());
|
$record->$name = $this->dataValue();
|
||||||
$record->write();
|
$record->write();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Ensure that arrays are imploded before being saved
|
||||||
|
*
|
||||||
|
* @return mixed|string
|
||||||
|
*/
|
||||||
|
public function dataValue()
|
||||||
|
{
|
||||||
|
return implode(',', $this->value);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a JSON string of tags, for lazy loading.
|
* Returns a JSON string of tags, for lazy loading.
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in New Issue
Block a user