diff --git a/lib/Controller/FoldersController.php b/lib/Controller/FoldersController.php
index b5bf0bc0..1b943b85 100644
--- a/lib/Controller/FoldersController.php
+++ b/lib/Controller/FoldersController.php
@@ -19,10 +19,15 @@ class FoldersController extends GenericApiController
     public function sub(string $folder): Http\Response
     {
         return Util::guardEx(function () use ($folder) {
+            $folder = Util::sanitizePath($folder);
+            if (null === $folder) {
+                throw Exceptions::BadRequest('Invalid parameter folder');
+            }
+
             try {
                 $node = Util::getUserFolder()->get($folder);
             } catch (\OCP\Files\NotFoundException) {
-                throw Exceptions::NotFound('Folder not found');
+                throw Exceptions::NotFound("Folder not found: {$folder}");
             }
 
             if (!$node instanceof Folder) {