Index: wp-admin/includes/file.php
===================================================================
--- wp-admin/includes/file.php	(revision 10187)
+++ wp-admin/includes/file.php	(working copy)
@@ -667,8 +667,17 @@
 	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? $_POST['public_key'] : $credentials['public_key']);
 	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? $_POST['private_key'] : $credentials['private_key']);
 
-	if ( strpos($credentials['hostname'], ':') )
+	//sanitize the hostname, Some people might pass in odd-data:
+	$credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
+
+	if ( strpos($credentials['hostname'], ':') && !defined('FTP_PORT') ) {
 		list( $credentials['hostname'], $credentials['port'] ) = explode(':', $credentials['hostname'], 2);
+	} else {
+		if ( defined('FTP_PORT') )
+			$credentials['port'] = FTP_PORT;
+		else
+			unset($credentials['port']);
+	}
 
 	if ( defined('FTP_SSH') || (isset($_POST['connection_type']) && 'ssh' == $_POST['connection_type']) )
 		$credentials['connection_type'] = 'ssh';
@@ -679,7 +688,10 @@
 
 	if ( ! $error && !empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) ) {
 		$stored_credentials = $credentials;
-		unset($stored_credentials['password'], $stored_credentials['private_key'], $stored_credentials['public_key']);
+		if ( !empty($stored_credentials['port']) ) //save port as part of hostname to simplify above code.
+			$stored_credentials['hostname'] .= ':' . $stored_credentials['port'];
+
+		unset($stored_credentials['password'], $stored_credentials['port'], $stored_credentials['private_key'], $stored_credentials['public_key']);
 		update_option('ftp_credentials', $stored_credentials);
 		return $credentials;
 	}