here is possible fix. it is alsopresent in v4.
XSS vulnerability
the patch might be : --- include/ftp.class.php.old 2016-08-03 01:49:20.123000000...