X-Git-Url: http://git.indexdata.com/?p=yaz-moved-to-github.git;a=blobdiff_plain;f=src%2Furi.c;h=1ebb5306af22f61ef79b82db1e9560431a7c6146;hp=1d30cdaabef6b0b1af0d592c357c3ada0636d423;hb=4fc6e040f08c366277d3405f178c62c580c7416c;hpb=77c5a4fca8b516fd39b8ba213daed17a465a6b2a

diff --git a/src/uri.c b/src/uri.c
index 1d30cda..1ebb530 100644
--- a/src/uri.c
+++ b/src/uri.c
@@ -101,7 +101,7 @@ void yaz_array_to_uri(char **path, ODR o, char **name, char **value)
     for(i = 0; name[i]; i++)
         sz += strlen(name[i]) + 3 + strlen(value[i]) * 3;
     *path = (char *) odr_malloc(o, sz);
-    
+
     for(i = 0; name[i]; i++)
     {
         size_t ilen;
@@ -132,6 +132,13 @@ int yaz_uri_to_array(const char *path, ODR o, char ***name, char ***val)
     {
         cp++;
         no++;
+        while (*cp && *cp != '=' && *cp != '&')
+        {
+            /* check that x-form names looks sane */
+            if (*cp <= ' ' || *cp >= 127)
+                return 0;
+            cp++;
+        }
     }
     *name = (char **) odr_malloc(o, no * sizeof(char*));
     *val = (char **) odr_malloc(o, no * sizeof(char*));
@@ -190,7 +197,7 @@ char *yaz_uri_val(const char *path, const char *name, ODR o)
         {
             size_t i = 0;
             char *ret;
-            
+
             path = p1 + 1;
             p1 = strchr(path, '&');
             if (!p1)