From 5de855ffecc49899a58d6078fb45afe42d3fe43a Mon Sep 17 00:00:00 2001
From: nachoparker <nacho@ownyourbits.com>
Date: Sat, 1 Jun 2019 15:43:09 -0600
Subject: ncp-web: avoid quotes in fields

Signed-off-by: nachoparker <nacho@ownyourbits.com>
---
 ncp-web/ncp-launcher.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ncp-web')

diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php
index 122a43ba..a74bb01a 100644
--- a/ncp-web/ncp-launcher.php
+++ b/ncp-web/ncp-launcher.php
@@ -66,7 +66,7 @@ if ( $_POST['action'] == "launch" && $_POST['config'] )
 
       // sanitize
       $val = trim(escapeshellarg($new_params[$id]),"'");
-      preg_match( '/ /' , $val , $matches )
+      preg_match( '/[\'" ]/' , $val , $matches )
         and exit( '{ "output": "Invalid parameters" , "token": "' . getCSRFToken() . '" }' );
 
       // save
-- 
cgit v1.2.3