diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index 9860d5618e29daa44b4e4da0c6539c88d994b678..30d15bca837f2781e70ab6ef6cccaafb781829c2 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -731,7 +731,7 @@ function purifyHtmlEventAttributes($value){
  * @return <String> $string/false
  */
 function vtlib_purifyForSql($string, $skipEmpty=true) {
-	$pattern = "/^[_a-zA-Z0-9.]+$/";
+	$pattern = "/^[_a-zA-Z0-9.:\-]+$/";
 	if ((empty($string) && $skipEmpty) || preg_match($pattern, $string)) {
 		return $string;
 	}
diff --git a/modules/Calendar/actions/Feed.php b/modules/Calendar/actions/Feed.php
index 8445281650a367e54513a03c7744087e6f62ffc1..91044cd1364901d8abaad0df13d49b9506a23a4f 100644
--- a/modules/Calendar/actions/Feed.php
+++ b/modules/Calendar/actions/Feed.php
@@ -53,6 +53,11 @@ class Calendar_Feed_Action extends Vtiger_BasicAjax_Action {
 
 	public function _process($request) {
 		try {
+			foreach ($request as $k => $v) {
+				if ($k == 'conditions' || $k == 'mapping') continue;
+				$request[$k] = $this->valForSql($v);
+			}
+
 			$start = $request['start'];
 			$end = $request['end'];
 			$type = $request['type'];
@@ -87,6 +92,10 @@ class Calendar_Feed_Action extends Vtiger_BasicAjax_Action {
 		}
 	}
 
+	private function valForSql($value) {
+		return Vtiger_Util_Helper::validateStringForSql($value);
+	}
+
 	protected function pullDetails($start, $end, &$result, $type, $fieldName, $color = null, $textColor = 'white', $conditions = '') {
 		$moduleModel = Vtiger_Module_Model::getInstance($type);
 		$nameFields = $moduleModel->getNameFields();
@@ -216,7 +225,7 @@ class Calendar_Feed_Action extends Vtiger_BasicAjax_Action {
 		}
 
 		if(!empty($operator) && !empty($conditions['fieldname']) && !empty($conditions['value'])) {
-			$conditionQuery = ' '.$conditions['fieldname'].$operator.'\'' .$conditions['value'].'\' ';
+			$conditionQuery = ' '.$conditions['fieldname'].$operator.'\'' .Vtiger_Functions::realEscapeString($conditions['value']).'\' ';
 		}
 		return $conditionQuery;
 	}
@@ -423,4 +432,4 @@ class Calendar_Feed_Action extends Vtiger_BasicAjax_Action {
 		}
 	}
 
-}
\ No newline at end of file
+}