diff --git a/plugins/kolab_files/lib/kolab_files_engine.php b/plugins/kolab_files/lib/kolab_files_engine.php
index 48ae89d9..d751c975 100644
--- a/plugins/kolab_files/lib/kolab_files_engine.php
+++ b/plugins/kolab_files/lib/kolab_files_engine.php
@@ -840,6 +840,11 @@ class kolab_files_engine
         $cells = [];
 
         foreach ($a_show_cols as $col) {
+            // sanity check
+            if (!preg_match('/^[a-zA-Z_-]+$/', $col)) {
+                continue;
+            }
+
             // get column name
             switch ($col) {
                 case 'options':