Merge pull request #138 from creative-commoners/pulls/1.0/scalars

FIX StringTagField now works with SS-2018-021/CVE-2019-5715 by serialising arrays before write

code/StringTagField.php

@@ -205,9 +205,19 @@ class StringTagField extends DropdownField {
 
 		$name = $this->getName();
 
-		$record->$name = join(',', $this->Value());
-		$record->write();
-	}
+        $record->$name = $this->dataValue();
+        $record->write();
+    }
+
+    /**
+     * Ensure that arrays are imploded before being saved
+     *
+     * @return mixed|string
+     */
+    public function dataValue()
+    {
+        return implode(',', $this->value);
+    }
 
 	/**
 	 * Returns a JSON string of tags, for lazy loading.