fortify OpencartSetup (hestiacp#4568)

* fortify OpencartSetup

* Run npm run format

---------

Co-authored-by: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>

Author: divinity76

web/src/app/WebApp/Installers/Opencart/OpencartSetup.php

@@ -3,6 +3,7 @@
 namespace Hestia\WebApp\Installers\Opencart;
 
 use Hestia\WebApp\Installers\BaseSetup as BaseSetup;
+use function Hestiacp\quoteshellarg\quoteshellarg;
 
 class OpencartSetup extends BaseSetup {
 	protected $appInfo = [
@@ -80,16 +81,18 @@ public function install(array $options = null): bool {
 			"v-run-cli-cmd",
 			[
 				"/usr/bin/php" . $options["php_version"],
-				$this->getDocRoot("/install/cli_install.php"),
+				quoteshellarg($this->getDocRoot("/install/cli_install.php")),
 				"install",
-				"--db_hostname " . $options["database_host"],
-				"--db_username " . $this->appcontext->user() . "_" . $options["database_user"],
-				"--db_password " . $options["database_password"],
-				"--db_database " . $this->appcontext->user() . "_" . $options["database_name"],
-				"--username " . $options["opencart_account_username"],
-				"--password " . $options["opencart_account_password"],
-				"--email " . $options["opencart_account_email"],
-				"--http_server " . $protocol . $this->domain . "/",
+				"--db_hostname " . quoteshellarg($options["database_host"]),
+				"--db_username " .
+				quoteshellarg($this->appcontext->user() . "_" . $options["database_user"]),
+				"--db_password " . quoteshellarg($options["database_password"]),
+				"--db_database " .
+				quoteshellarg($this->appcontext->user() . "_" . $options["database_name"]),
+				"--username " . quoteshellarg($options["opencart_account_username"]),
+				"--password " . quoteshellarg($options["opencart_account_password"]),
+				"--email " . quoteshellarg($options["opencart_account_email"]),
+				"--http_server " . quoteshellarg($protocol . $this->domain . "/"),
 			],
 			$status,
 		);