Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/OrgSaveAction.java
===================================================================
diff -u -ref31c70885b34d2475c8b297d7f9bb0f564a829b -rbf76df4d3f75c31132a226878461e070bd050d26
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/OrgSaveAction.java	(.../OrgSaveAction.java)	(revision ef31c70885b34d2475c8b297d7f9bb0f564a829b)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/OrgSaveAction.java	(.../OrgSaveAction.java)	(revision bf76df4d3f75c31132a226878461e070bd050d26)
@@ -23,6 +23,8 @@
 package org.lamsfoundation.lams.admin.web;
 
 import java.util.Date;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -111,7 +113,14 @@
 		ActionMessages errors = new ActionMessages();
 		if((orgForm.get("name")==null)||(((String)orgForm.getString("name").trim()).length()==0)){
 			errors.add("name",new ActionMessage("error.name.required"));
+		} else {
+            		Pattern p = Pattern.compile("^[^<>^*@%$]*$");
+            		Matcher m = p.matcher(orgForm.get("name").toString());
+            		if (!m.matches()) {
+                	errors.add("name", new ActionMessage("error.name.invalid.characters"));
+            	}
 		}
+
 		if(errors.isEmpty()){
 			HttpSession ss = SessionManager.getSession();
 			UserDTO user = (UserDTO) ss.getAttribute(AttributeNames.USER);