diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index c2d65d718c5206a026a1b11ea6c5546ad1d143eb..77d866979c3cfc61921b77fd66314d03f6aca15f 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -8,12 +8,11 @@ if(!OC_User::isLoggedIn()) {
 }
 
 session_write_close();
-
 // Get the params
-$dir = isset( $_REQUEST['dir'] ) ? stripslashes($_REQUEST['dir']) : '';
-$filename = isset( $_REQUEST['filename'] ) ? stripslashes($_REQUEST['filename']) : '';
+$dir = isset( $_REQUEST['dir'] ) ? trim($_REQUEST['dir'], '/\\') : '';
+$filename = isset( $_REQUEST['filename'] ) ? trim($_REQUEST['filename'], '/\\') : '';
 $content = isset( $_REQUEST['content'] ) ? $_REQUEST['content'] : '';
-$source = isset( $_REQUEST['source'] ) ? stripslashes($_REQUEST['source']) : '';
+$source = isset( $_REQUEST['source'] ) ? trim($_REQUEST['source'], '/\\') : '';
 
 if($source) {
 	$eventSource=new OC_EventSource();