Index: openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl,v
diff -u -r1.118.2.16 -r1.118.2.17
--- openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl	27 May 2016 08:42:20 -0000	1.118.2.16
+++ openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl	28 May 2016 09:53:03 -0000	1.118.2.17
@@ -1697,8 +1697,12 @@
 }
 
 ad_proc -private rp_lookup_node_from_host { host } {
-    binary scan [encoding convertto utf-8 $host] H* hex
-    ns_log notice "rp_lookup_node_from_host <$host> hex $hex"
+    if {![regexp {^[\w.@+/=$%!*~-]+$} $host]} {
+        binary scan [encoding convertto utf-8 $host] H* hex
+        ad_log error "rp_lookup_node_from_host: host <$host> (hey $hex) contains invalid characters"
+        ad_return_complaint 1 "invalid request"
+        ad_script_abort
+    }
     return [db_string node_id {} -default ""]
 }