ncp-web: avoid quotes in fields

nachoparker · nachoparker · commit 5de855ffecc4 · 2019-06-01T15:43:15.000-06:00
Signed-off-by: nachoparker &lt;nacho@ownyourbits.com&gt;
diff --git a/changelog.md b/changelog.md
@@ -1,5 +1,7 @@
 
-[v1.13.0](https://github.com/nextcloud/nextcloudpi/commit/4572d74) (2019-06-01) upgrade to NC15.0.8
+[v1.13.1](https://github.com/nextcloud/nextcloudpi/commit/18172be) (2019-06-01) ncp-web: avoid quotes in fields
+
+[v1.13.0](https://github.com/nextcloud/nextcloudpi/commit/86f14ae) (2019-06-01) upgrade to NC15.0.8
 
 [v1.12.10](https://github.com/nextcloud/nextcloudpi/commit/5924131) (2019-06-01) fail2ban: fix missing ufw filter
 
diff --git a/etc/library.sh b/etc/library.sh
@@ -62,7 +62,7 @@ function configure_app()
 
         for (( i = 0 ; i < len ; i++ )); do
           # check for invalid characters
-          grep -q '[\\&#;`|*?~<>^()[{}$&[:space:]]' <<< "${ret_vals[$i]}" && { echo "Invalid characters in field ${vars[$i]}"; return 1; }
+          grep -q '[\\&#;'"'"'`|*?~<>^"()[{}$&[:space:]]' <<< "${ret_vals[$i]}" && { echo "Invalid characters in field ${vars[$i]}"; return 1; }
 
           cfg="$(jq ".params[$i].value = \"${ret_vals[$i]}\"" <<<"$cfg")"
         done
diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php
@@ -66,7 +66,7 @@
 
       // sanitize
       $val = trim(escapeshellarg($new_params[$id]),"'");
-      preg_match( '/ /' , $val , $matches )
+      preg_match( '/[\'" ]/' , $val , $matches )
         and exit( '{ "output": "Invalid parameters" , "token": "' . getCSRFToken() . '" }' );
 
       // save
