tonyair
/
silverstripe-tagfield
mirror of https://github.com/silverstripe/silverstripe-tagfield
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FIX StringTagField now works with SS-2018-021/CVE-2019-5715 by serialising arrays before write

This commit is contained in:
Robbie Averill 2019-02-19 11:01:58 +07:00
parent 7b7dc3e58e
commit daf71e2fab
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/StringTagField.php
View File

@ -269,10 +269,20 @@ class StringTagField extends DropdownField
$name = $this->getName();
$record->$name = implode(',', $this->Value());
$record->$name = $this->dataValue();
$record->write();
}
/**
* Ensure that arrays are imploded before being saved
*
* @return mixed|string
*/
public function dataValue()
{
return implode(',', $this->value);
}
/**
* Returns a JSON string of tags, for lazy loading.
*