ncp-web: avoid quotes in fieldsv1.13.1

Signed-off-by: nachoparker <nacho@ownyourbits.com>

3 files changed, 5 insertions, 3 deletions

diff --git a/changelog.md b/changelog.md
index bc04b630..6c384f7b 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,7 @@
 
-[v1.13.0](https://github.com/nextcloud/nextcloudpi/commit/4572d74) (2019-06-01) upgrade to NC15.0.8
+[v1.13.1](https://github.com/nextcloud/nextcloudpi/commit/18172be) (2019-06-01) ncp-web: avoid quotes in fields
+
+[v1.13.0](https://github.com/nextcloud/nextcloudpi/commit/86f14ae) (2019-06-01) upgrade to NC15.0.8
 
 [v1.12.10](https://github.com/nextcloud/nextcloudpi/commit/5924131) (2019-06-01) fail2ban: fix missing ufw filter
 
diff --git a/etc/library.sh b/etc/library.sh
index 1b41fe2c..7e124638 100644
--- a/etc/library.sh
+++ b/etc/library.sh
@@ -62,7 +62,7 @@ function configure_app()
 
         for (( i = 0 ; i < len ; i++ )); do
           # check for invalid characters
-          grep -q '[\\&#;`|*?~<>^()[{}$&[:space:]]' <<< "${ret_vals[$i]}" && { echo "Invalid characters in field ${vars[$i]}"; return 1; }
+          grep -q '[\\&#;'"'"'`|*?~<>^"()[{}$&[:space:]]' <<< "${ret_vals[$i]}" && { echo "Invalid characters in field ${vars[$i]}"; return 1; }
 
           cfg="$(jq ".params[$i].value = \"${ret_vals[$i]}\"" <<<"$cfg")"
         done
diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php
index 122a43ba..a74bb01a 100644
--- a/ncp-web/ncp-launcher.php
+++ b/ncp-web/ncp-launcher.php
@@ -66,7 +66,7 @@ if ( $_POST['action'] == "launch" && $_POST['config'] )
 
       // sanitize
       $val = trim(escapeshellarg($new_params[$id]),"'");
-      preg_match( '/ /' , $val , $matches )
+      preg_match( '/[\'" ]/' , $val , $matches )
         and exit( '{ "output": "Invalid parameters" , "token": "' . getCSRFToken() . '" }' );
 
       // save