X-Git-Url: http://git.indexdata.com/?p=yaz-moved-to-github.git;a=blobdiff_plain;f=src%2Furi.c;h=33120ed104b7bc4b3af66417022e0b51053f013e;hp=ecf1adc3fd2803ec195e7f6d35294b486615734c;hb=cf0d647d4a642af04013d09f412e8629897187c5;hpb=692cfa1de9dd855c1725db48f6d0a2cddcae9fcd

diff --git a/src/uri.c b/src/uri.c
index ecf1adc..33120ed 100644
--- a/src/uri.c
+++ b/src/uri.c
@@ -1,5 +1,5 @@
 /* This file is part of the YAZ toolkit.
- * Copyright (C) 1995-2011 Index Data
+ * Copyright (C) 1995-2013 Index Data
  * See the file LICENSE for details.
  */
 /**
@@ -101,7 +101,7 @@ void yaz_array_to_uri(char **path, ODR o, char **name, char **value)
     for(i = 0; name[i]; i++)
         sz += strlen(name[i]) + 3 + strlen(value[i]) * 3;
     *path = (char *) odr_malloc(o, sz);
-    
+
     for(i = 0; name[i]; i++)
     {
         size_t ilen;
@@ -132,6 +132,13 @@ int yaz_uri_to_array(const char *path, ODR o, char ***name, char ***val)
     {
         cp++;
         no++;
+        while (*cp && *cp != '=' && *cp != '&')
+        {
+            /* check that x-form names looks sane */
+            if (*cp <= ' ' || *cp >= 127)
+                return 0;
+            cp++;
+        }
     }
     *name = (char **) odr_malloc(o, no * sizeof(char*));
     *val = (char **) odr_malloc(o, no * sizeof(char*));
@@ -190,7 +197,7 @@ char *yaz_uri_val(const char *path, const char *name, ODR o)
         {
             size_t i = 0;
             char *ret;
-            
+
             path = p1 + 1;
             p1 = strchr(path, '&');
             if (!p1)