Index: openacs-4/packages/acs-subsite/www/register/user-new.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/register/user-new.tcl,v
diff -u -N -r1.22.12.4 -r1.22.12.5
--- openacs-4/packages/acs-subsite/www/register/user-new.tcl	20 May 2016 20:02:44 -0000	1.22.12.4
+++ openacs-4/packages/acs-subsite/www/register/user-new.tcl	25 May 2016 13:07:25 -0000	1.22.12.5
@@ -7,7 +7,14 @@
     {return_url:localurl [ad_pvt_home]}
 } -validate {
     valid_return_url {
-        if {[string first {$} $return_url] > -1} {
+        #
+        # TODO: The following protection is for the cmd
+        #     ad_form -name register -export {next_url user_id return_url}
+        # in acs-subsite/lib/usr-new and has to be addressed in ad_form
+        #
+        if {[string first {$} $return_url] > -1
+            || [string first {\[} $return_url] > -1
+        } {
             ad_complain "return_url contains invalid character"
         }
     }