diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 87547601a390d74f4d79e3967af693ef98af00f4..3f46ef479cb5a8586001bbcadec7be9381147667 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -661,11 +661,11 @@ class remoting_lib {
 		}
 
 		function ispconfig_sysuser_add($params,$insert_id){
-			global $app,$sql1;
+			global $conf,$app,$sql1;
 			$username = $app->db->quote($params["username"]);
 			$password = $app->db->quote($params["password"]);
 			if(!isset($params['modules'])) {
-				$modules = 'dashboard,mail,sites,dns,tools';
+				$modules = $conf['interface_modules_enabled'];
 			} else {
 				$modules = $app->db->quote($params['modules']);
 			}
diff --git a/interface/lib/classes/validate_ftpuser.inc.php b/interface/lib/classes/validate_ftpuser.inc.php
index 7e04cb99ca367f1a7e40270b42cfa1467e453cb2..06826505b94cd32771fdea26a8e3618e8a8900f9 100644
--- a/interface/lib/classes/validate_ftpuser.inc.php
+++ b/interface/lib/classes/validate_ftpuser.inc.php
@@ -72,6 +72,8 @@ class validate_ftpuser {
         
         $doc_root .= "/";
         if(substr($field_value, 0, strlen($doc_root)) == $doc_root) $is_ok = true;
+		
+		if(stristr($field_value,'..') or stristr($field_value,'./') or stristr($field_value,'/.')) $is_ok = false;
         
         if($is_ok == false) {
             $errmsg = $validator['errmsg'];
diff --git a/interface/web/sites/form/ftp_user.tform.php b/interface/web/sites/form/ftp_user.tform.php
index 6077dee02ce3d40862557de2f83bd6e88a92bf49..91dc0809aee0fc895f956a42357978d897c60ef6 100644
--- a/interface/web/sites/form/ftp_user.tform.php
+++ b/interface/web/sites/form/ftp_user.tform.php
@@ -126,7 +126,7 @@ $form["tabs"]['ftp'] = array (
 	)
 );
 
-if($_SESSION["s"]["user"]["typ"] == 'admin') {
+if($app->auth->is_admin()) {
 
 $form["tabs"]['advanced'] = array (
     'title'     => "Options",