Able to see name of another account holder's folder

Problem when passing in folder id to a 'Files' page - we can see the name of a folder that we don't own

Testing steps:

1) Create a site with at least two accounts, personA and personB
2) Log in as personA and go to Create -> Files (artefact/file/index.php) page
3) Create a folder, say 'SubFolder', hover mouse over folder to find the ID of the folder, eg '&folder=123'. Make a note of the value and then click into that folder
4) Upload a file to the folder
5) Reload the page and you should be in the home directory of the Files area
6) Change the URL and add to the end the folder id (eg artefact/file/index.php?folder=123) and reload - you should now see that the page loads with you in the folder you created
7) Log out

8) Log in as personB and go to Create -> Files (artefact/file/index.php) page
9) Change the URL and add to the end the folder id (eg artefact/file/index.php?folder=123) and reload

Expected: As you are not the folder owner you should not go to that folder

Actual: The name of the other person's folder displays on the screen (plus errors in dev mode)

As this is an escalation of privilege I'll make it a security bug