From 07337e2f7ee661070229f7895c9235d02949c87b Mon Sep 17 00:00:00 2001
From: jmontoyaa <gugli100@gmail.com>
Date: Mon, 4 Dec 2017 11:15:57 +0100
Subject: [PATCH] Add Database::escape_string

---
 main/inc/lib/fileDisplay.lib.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/main/inc/lib/fileDisplay.lib.php b/main/inc/lib/fileDisplay.lib.php
index 8fa8a60c96d..6107e28d53b 100755
--- a/main/inc/lib/fileDisplay.lib.php
+++ b/main/inc/lib/fileDisplay.lib.php
@@ -283,6 +283,7 @@ function get_total_folder_size($path, $can_see_invisible = false)
         'props.session_id'
     );
 
+    $path = Database::escape_string($path);
     $visibility_rule = ' props.visibility '.($can_see_invisible ? '<> 2' : '= 1');
 
     $sql = "SELECT SUM(table1.size) FROM (