diff --git a/apps/files/ajax/delete.php b/apps/files/ajax/delete.php
index 4d4232e872e4de0ae5a51552cd7c9084f9da88fe..61caa7618da83c228baf13d9492452779019baf2 100644
--- a/apps/files/ajax/delete.php
+++ b/apps/files/ajax/delete.php
@@ -6,7 +6,7 @@ OCP\JSON::callCheck();
 
 
 // Get data
-$dir = stripslashes($_POST["dir"]);
+$dir = isset($_POST['dir']) ? $_POST['dir'] : '';
 $allFiles = isset($_POST["allfiles"]) ? $_POST["allfiles"] : false;
 
 // delete all files in dir ?
diff --git a/apps/files/ajax/move.php b/apps/files/ajax/move.php
index 12760d4415f6c9847f1070e43b7876a6dd9895ab..a9e0d09f1765e10f1347e3f9b3f17bbc4e576a62 100644
--- a/apps/files/ajax/move.php
+++ b/apps/files/ajax/move.php
@@ -5,9 +5,9 @@ OCP\JSON::callCheck();
 \OC::$server->getSession()->close();
 
 // Get data
-$dir = stripslashes($_POST["dir"]);
-$file = stripslashes($_POST["file"]);
-$target = stripslashes(rawurldecode($_POST["target"]));
+$dir = isset($_POST['dir']) ? $_POST['dir'] : '';
+$file = isset($_POST['file']) ? $_POST['file'] : '';
+$target = isset($_POST['target']) ? rawurldecode($_POST['target']) : '';
 
 $l = \OC::$server->getL10N('files');
 
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index c162237fe92d6d62772b40647b34f9ae8b1b3dd2..0eb144aca56e90bc6b5e9ef5194a5be24e63f466 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -81,7 +81,6 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
 	exit();
 }
 
-//TODO why is stripslashes used on foldername in newfolder.php but not here?
 $target = $dir.'/'.$filename;
 
 if (\OC\Files\Filesystem::file_exists($target)) {
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php
index ea7a10c2ab9d5870674c77ca04d6c98347983a25..3ad64021cfe6028fc78678e360787e25e927fa9f 100644
--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -8,8 +8,8 @@ OCP\JSON::callCheck();
 \OC::$server->getSession()->close();
 
 // Get the params
-$dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';
-$foldername = isset( $_POST['foldername'] ) ? stripslashes($_POST['foldername']) : '';
+$dir = isset($_POST['dir']) ? $_POST['dir'] : '';
+$foldername = isset($_POST['foldername']) ? $_POST['foldername'] : '';
 
 $l10n = \OC::$server->getL10N('files');
 
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 7bf6c40e87c2ffa1ba75f7ba646ffee9ba169ebf..88375f82acb478651fad79c0424c6169da4cd52d 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -132,9 +132,9 @@ if (strpos($dir, '..') === false) {
 		// $path needs to be normalized - this failed within drag'n'drop upload to a sub-folder
 		if ($resolution === 'autorename') {
 			// append a number in brackets like 'filename (2).ext'
-			$target = OCP\Files::buildNotExistingFileName(stripslashes($dir . $relativePath), $files['name'][$i]);
+			$target = OCP\Files::buildNotExistingFileName($dir . $relativePath, $files['name'][$i]);
 		} else {
-			$target = \OC\Files\Filesystem::normalizePath(stripslashes($dir . $relativePath).'/'.$files['name'][$i]);
+			$target = \OC\Files\Filesystem::normalizePath($dir . $relativePath.'/'.$files['name'][$i]);
 		}
 
 		// relative dir to return to the client