--- mantisbt-1.2.4\core\custom_field_api.php	2010-12-14 21:26:32.000000000 +0100
+++ mantis4\core\custom_field_api.php	2010-12-29 14:26:31.928750000 +0100
@@ -403,11 +403,12 @@
 
 	$t_custom_field_table = db_get_table( 'mantis_custom_field_table' );
 	$query = "INSERT INTO $t_custom_field_table
-					( name, possible_values )
+					( name, possible_values, default_value, valid_regexp )
 				  VALUES
-					( " . db_param() . ',' . db_param() . ')';
+					( " . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ')';
+
+	db_query_bound( $query, Array( $c_name, '', '', '' ) );
 
-	db_query_bound( $query, Array( $c_name, '' ) );
 
 	return db_insert_id( $t_custom_field_table );
 }
@@ -1420,6 +1421,8 @@
 		}
 	}
 
+	$t_custom_field_value = string_attribute( $t_custom_field_value );
+
 	global $g_custom_field_type_definition;
 	if( isset( $g_custom_field_type_definition[$p_field_def['type']]['#function_print_input'] ) ) {
 		call_user_func( $g_custom_field_type_definition[$p_field_def['type']]['#function_print_input'], $p_field_def, $t_custom_field_value );