Merge pull request #5062 from bafbes/abb-18

fix:missing quote in query in commonobject updatefield function

htdocs/core/class/commonobject.class.php

@@ -4297,7 +4297,7 @@ abstract class CommonObject
             }
             
             $this->db->begin();
-            $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element."_extrafields SET $key=".$this->array_options["options_$key"];
+            $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element."_extrafields SET $key='".$this->db->escape($this->array_options["options_$key"])."'";
             $sql .= " WHERE fk_object = ".$this->id;
             $resql = $this->db->query($sql);
             if (! $resql)