diff --git a/web/add/web/index.php b/web/add/web/index.php
index 63d8d792b..3e86ee9fd 100644
--- a/web/add/web/index.php
+++ b/web/add/web/index.php
@@ -262,7 +262,8 @@ if (!empty($_POST['ok'])) {
                 $v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
 
                 if ($domain_added) {
-                    exec (VESTA_CMD."v-add-web-domain-ftp ".$user." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_user_data['v_ftp_path'], $output, $return_var);
+                    $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
+                    exec (VESTA_CMD."v-add-web-domain-ftp ".$user." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
                     check_return_code($return_var,$output);
                     unset($output);
                     if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
diff --git a/web/edit/web/index.php b/web/edit/web/index.php
index d14f8e3ad..6c3ae943c 100644
--- a/web/edit/web/index.php
+++ b/web/edit/web/index.php
@@ -430,6 +430,9 @@ if (!empty($_POST['save'])) {
     if (!empty($_POST['v_ftp_user'])) {
         $v_ftp_users_updated = array();
         foreach ($_POST['v_ftp_user'] as $i => $v_ftp_user_data) {
+            if (empty($v_ftp_user_data['v_ftp_user']) && empty($v_ftp_user_data['v_ftp_password'])) {
+                continue;
+            }
             $v_ftp_user_data['v_ftp_user'] = preg_replace("/^".$user."_/i", "", $v_ftp_user_data['v_ftp_user']);
             if ($v_ftp_user_data['is_new'] == 1 && !empty($_POST['v_ftp'])) {
                 if ((!empty($v_ftp_user_data['v_ftp_email'])) && (!filter_var($v_ftp_user_data['v_ftp_email'], FILTER_VALIDATE_EMAIL))) $_SESSION['error_msg'] = __('Please enter valid email address.');
@@ -450,8 +453,9 @@ if (!empty($_POST['save'])) {
                 $v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
                 $v_ftp_user = escapeshellarg($v_ftp_username);
                 $v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
+                $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
                 if (empty($_SESSION['error_msg'])) {
-                    exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_user_data['v_ftp_path'], $output, $return_var);
+                    exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
                     check_return_code($return_var,$output);
                     if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
                         $to = $v_ftp_user_data['v_ftp_email'];
@@ -513,7 +517,8 @@ if (!empty($_POST['save'])) {
                 $v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user']; //preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']);
                 $v_ftp_username = escapeshellarg($v_ftp_username);
                 $v_ftp_user_data['v_ftp_password'] = escapeshellarg(trim($v_ftp_user_data['v_ftp_password']));
-                exec (VESTA_CMD."v-change-web-domain-ftp-path ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_user_data['v_ftp_path'], $output, $return_var);
+                $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
+                exec (VESTA_CMD."v-change-web-domain-ftp-path ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_path, $output, $return_var);
                 if ($v_ftp_user_data['v_ftp_password'] != "'••••••••'" && $v_ftp_user_data['v_ftp_password'] != "••••••••" && !empty($v_ftp_user_data['v_ftp_password'])) {
                     exec (VESTA_CMD."v-change-web-domain-ftp-password ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_user_data['v_ftp_password'], $output, $return_var);
                 }