From 2c40955c2d485d34b99459c239e4d65813d945db Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@silverstripe.com>
Date: Tue, 19 Feb 2019 11:09:31 +0700
Subject: [PATCH] FIX StringTagField now works with SS-2018-021/CVE-2019-5715
 by serialising arrays before write

---
 code/StringTagField.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/code/StringTagField.php b/code/StringTagField.php
index 16f502a..3e4d0b1 100644
--- a/code/StringTagField.php
+++ b/code/StringTagField.php
@@ -205,9 +205,19 @@ class StringTagField extends DropdownField {
 
 		$name = $this->getName();
 
-		$record->$name = join(',', $this->Value());
-		$record->write();
-	}
+        $record->$name = $this->dataValue();
+        $record->write();
+    }
+
+    /**
+     * Ensure that arrays are imploded before being saved
+     *
+     * @return mixed|string
+     */
+    public function dataValue()
+    {
+        return implode(',', $this->value);
+    }
 
 	/**
 	 * Returns a JSON string of tags, for lazy loading.