Index: openacs-4/packages/acs-subsite/www/register/user-new.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/register/user-new.tcl,v
diff -u -r1.22 -r1.23
--- openacs-4/packages/acs-subsite/www/register/user-new.tcl	6 May 2007 06:58:40 -0000	1.22
+++ openacs-4/packages/acs-subsite/www/register/user-new.tcl	7 Aug 2017 23:47:59 -0000	1.23
@@ -4,7 +4,25 @@
     @cvs-id $Id$
 } {
     {email ""}
-    {return_url [ad_pvt_home]}
+    {return_url:localurl [ad_pvt_home]}
+} -validate {
+    valid_return_url {
+        #
+        # TODO: The following protection is for the cmd
+        #     ad_form -name register -export {next_url user_id return_url}
+        # in acs-subsite/lib/usr-new and has to be addressed in ad_form
+        #
+        if {[string first {$} $return_url] > -1
+            || [string first {\[} $return_url] > -1
+        } {
+            ad_complain "return_url contains invalid character"
+        }
+    }
+    valid_email -requires email {
+        if {![regexp {^[\w.@+/=$%!*~-]+$} $email]} {
+            ad_complain "invalid email address"
+        }
+    }
 }
 
 set registration_url [parameter::get -parameter RegistrationRedirectUrl]
@@ -18,3 +36,9 @@
 if {$user_new_template eq ""} {
     set user_new_template "/packages/acs-subsite/lib/user-new"
 }
+
+# Local variables:
+#    mode: tcl
+#    tcl-indent-level: 4
+#    indent-tabs-mode: nil
+# End: