diff --git a/webui/module/Restore/src/Restore/Controller/RestoreController.php b/webui/module/Restore/src/Restore/Controller/RestoreController.php
index e4080d95fd1..63d718b0d18 100644
--- a/webui/module/Restore/src/Restore/Controller/RestoreController.php
+++ b/webui/module/Restore/src/Restore/Controller/RestoreController.php
@@ -4,8 +4,8 @@
  *
  * bareos-webui - Bareos Web-Frontend
  *
- * @link      https://github.com/bareos/bareos-webui for the canonical source repository
- * @copyright Copyright (c) 2013-2017 Bareos GmbH & Co. KG (http://www.bareos.org/)
+ * @link      https://github.com/bareos/bareos for the canonical source repository
+ * @copyright Copyright (c) 2013-2021 Bareos GmbH & Co. KG (http://www.bareos.org/)
  * @license   GNU Affero General Public License (http://www.gnu.org/licenses/)
  *
  * This program is free software: you can redistribute it and/or modify
@@ -313,6 +313,15 @@ private function getFiles()
 
    }
 
+   private function escapeNameString($n=null)
+   {
+      $n = preg_replace('/[\x00-\x1F\x7F]/', '', $n);
+      $replace_pairs = array('"' => '\"', '\\' => '\\\\');
+      $n = strtr($n, $replace_pairs);
+
+      return $n;
+   }
+
    /**
     * Builds a subtree as Json for JStree
     */
@@ -346,7 +355,7 @@ private function buildSubtree()
                --$dnum;
                $items .= '{';
                $items .= '"id":"-' . $dir['pathid'] . '"';
-               $items .= ',"text":"' . preg_replace('/[\x00-\x1F\x7F]/', '', str_replace('"', '\"', $dir["name"])) . '"';
+               $items .= ',"text":"' . $this->escapeNameString($dir["name"]) . '"';
                $items .= ',"icon":"glyphicon glyphicon-folder-close"';
                $items .= ',"state":""';
                $items .= ',"data":' . \Zend\Json\Json::encode($dir, \Zend\Json\Json::TYPE_OBJECT);
@@ -369,7 +378,7 @@ private function buildSubtree()
          foreach($this->files as $file) {
             $items .= '{';
             $items .= '"id":"' . $file["fileid"] . '"';
-            $items .= ',"text":"' . preg_replace('/[\x00-\x1F\x7F]/', '', str_replace('"', '\"', $file["name"])) . '"';
+            $items .= ',"text":"' . $this->escapeNameString($file["name"]) . '"';
             $items .= ',"icon":"glyphicon glyphicon-file"';
             $items .= ',"state":""';
             $items .= ',"data":' . \Zend\Json\Json::encode($file, \Zend\Json\Json::TYPE_OBJECT);
diff --git a/webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php b/webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php
index ca96a7b9d4e..3293d37bbd2 100644
--- a/webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php
+++ b/webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php
@@ -975,7 +975,7 @@ public function restore($type=null, $jobid=null, $client=null, $restoreclient=nu
          $debug = self::receive_message();
       }
 
-      if(self::send('restore file=?b2000'.$rnd.' client='.$client.' restoreclient='.$restoreclient.' restorejob="'.$restorejob.'" where='.$where.' replace='.$replace.' yes')) {
+      if(self::send('restore file=?b2000'.$rnd.' client="'.$client.'" restoreclient="'.$restoreclient.'" restorejob="'.$restorejob.'" where="'.$where.'" replace="'.$replace.'" yes')) {
          $result = self::receive_message();
       }