From f3597926c42455b90de986b7166ddf7953c7378f Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 6 Feb 2020 10:05:13 +0100
Subject: [PATCH] Fix missing escape returned by ci

---
 htdocs/comm/action/class/actioncomm.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php
index 4ec99b6dbb3..5a9c5277ccd 100644
--- a/htdocs/comm/action/class/actioncomm.class.php
+++ b/htdocs/comm/action/class/actioncomm.class.php
@@ -485,7 +485,7 @@ class ActionComm extends CommonObject
         $sql .= ((isset($this->durationp) && $this->durationp >= 0 && $this->durationp != '') ? "'".$this->db->escape($this->durationp)."'" : "null").", "; // deprecated
         $sql .= (isset($this->type_id) ? $this->type_id : "null").",";
         $sql .= ($code ? ("'".$code."'") : "null").", ";
-		$sql .= ($this->ref_ext ? ("'".$this->ref_ext."'") : "null").", ";
+        $sql .= ($this->ref_ext ? ("'".$this->db->idate($this->ref_ext)."'") : "null").", ";
         $sql .= ((isset($this->socid) && $this->socid > 0) ? $this->socid : "null").", ";
         $sql .= ((isset($this->fk_project) && $this->fk_project > 0) ? $this->fk_project : "null").", ";
         $sql .= " '".$this->db->escape($this->note_private ? $this->note_private : $this->note)."', ";