From 80cf467c472325d87c572c6e80b9eb9b31fc6813 Mon Sep 17 00:00:00 2001
From: Maxime Kohlhaas <mko@atm-consulting.fr>
Date: Thu, 2 May 2013 12:14:29 +0200
Subject: [PATCH] Fix : extrafields were save without escape

---
 htdocs/core/class/commonobject.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index 7aac8234b5f..b5dee2a3c76 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -2165,7 +2165,7 @@ abstract class CommonObject
             	{
 	                if ($this->array_options[$key] != '')
 	                {
-	                    $sql.=",'".$this->array_options[$key]."'";
+	                    $sql.=",'".$this->db->escape($this->array_options[$key])."'";
 	                }
 	                else
 	                {