ncp-web: avoid quotes in fields

Signed-off-by: nachoparker <nacho@ownyourbits.com>

changelog.md

@@ -1,5 +1,7 @@
 
-[v1.13.0](https://github.com/nextcloud/nextcloudpi/commit/4572d74) (2019-06-01) upgrade to NC15.0.8
+[v1.13.1](https://github.com/nextcloud/nextcloudpi/commit/18172be) (2019-06-01) ncp-web: avoid quotes in fields
+
+[v1.13.0](https://github.com/nextcloud/nextcloudpi/commit/86f14ae) (2019-06-01) upgrade to NC15.0.8
 
 [v1.12.10](https://github.com/nextcloud/nextcloudpi/commit/5924131) (2019-06-01) fail2ban: fix missing ufw filter
 

etc/library.sh

@@ -62,7 +62,7 @@ function configure_app()
 
         for (( i = 0 ; i < len ; i++ )); do
           # check for invalid characters
-          grep -q '[\\&#;`|*?~<>^()[{}$&[:space:]]' <<< "${ret_vals[$i]}" && { echo "Invalid characters in field ${vars[$i]}"; return 1; }
+          grep -q '[\\&#;'"'"'`|*?~<>^"()[{}$&[:space:]]' <<< "${ret_vals[$i]}" && { echo "Invalid characters in field ${vars[$i]}"; return 1; }
 
           cfg="$(jq ".params[$i].value = \"${ret_vals[$i]}\"" <<<"$cfg")"
         done

ncp-web/ncp-launcher.php

@@ -66,7 +66,7 @@ if ( $_POST['action'] == "launch" && $_POST['config'] )
 
       // sanitize
       $val = trim(escapeshellarg($new_params[$id]),"'");
-      preg_match( '/ /' , $val , $matches )
+      preg_match( '/[\'" ]/' , $val , $matches )
         and exit( '{ "output": "Invalid parameters" , "token": "' . getCSRFToken() . '" }' );
 
       // save