diff --git a/modules/Calendar/actions/Feed.php b/modules/Calendar/actions/Feed.php
index 6e1241cfcf440612acc6fd7892cd6ef44d2f8904..40ad5379db27dcb43779ad6e01bf6a01d6497685 100644
--- a/modules/Calendar/actions/Feed.php
+++ b/modules/Calendar/actions/Feed.php
@@ -233,7 +233,9 @@ class Calendar_Feed_Action extends Vtiger_BasicAjax_Action {
 		}
 
 		if(!empty($operator) && !empty($conditions['fieldname']) && !empty($conditions['value'])) {
-			$conditionQuery = ' '.Vtiger_Functions::realEscapeString($conditions['fieldname']).$operator.'\'' .Vtiger_Functions::realEscapeString($conditions['value']).'\' ';
+			$fieldname = vtlib_purifyForSql($conditions['fieldname']);
+			if (empty($fieldname)) throw new Exception('Invalid fieldname.');
+			$conditionQuery = ' '.$fieldname.$operator.'\'' .Vtiger_Functions::realEscapeString($conditions['value']).'\' ';
 		}
 		return $conditionQuery;
 	}