Fix quotes to avoid shell injection

Author: daianamezdrea

lib/puppet/provider/postgresql_psql/ruby.rb

@@ -16,7 +16,7 @@ def run_sql_command(sql)
     command = [resource[:psql_path]]
     command.push('-d', resource[:db]) if resource[:db]
     command.push('-p', resource[:port]) if resource[:port]
-    command.push('-t', '-X', '-c', '"' + sql.gsub('"', '\"') + '"')
+    command.push('-t', '-X', '-c', sql)
 
     environment = fetch_environment
 
@@ -57,7 +57,6 @@ def fetch_environment
   end
 
   def run_command(command, user, group, environment)
-    command = command.join ' '
     output = Puppet::Util::Execution.execute(command, uid: user,
                                                       gid: group,
                                                       failonfail: false,