Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/OrgSaveAction.java
===================================================================
RCS file: /usr/local/cvsroot/lams_admin/src/java/org/lamsfoundation/lams/admin/web/OrgSaveAction.java,v
diff -u -r1.21 -r1.22
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/OrgSaveAction.java	9 Jan 2008 00:53:15 -0000	1.21
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/OrgSaveAction.java	6 Apr 2014 16:28:18 -0000	1.22
@@ -23,6 +23,8 @@
 package org.lamsfoundation.lams.admin.web;
 
 import java.util.Date;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -111,7 +113,14 @@
 		ActionMessages errors = new ActionMessages();
 		if((orgForm.get("name")==null)||(((String)orgForm.getString("name").trim()).length()==0)){
 			errors.add("name",new ActionMessage("error.name.required"));
+		} else {
+            		Pattern p = Pattern.compile("^[^<>^*@%$]*$");
+            		Matcher m = p.matcher(orgForm.get("name").toString());
+            		if (!m.matches()) {
+                	errors.add("name", new ActionMessage("error.name.invalid.characters"));
+            	}
 		}
+
 		if(errors.isEmpty()){
 			HttpSession ss = SessionManager.getSession();
 			UserDTO user = (UserDTO) ss.getAttribute(AttributeNames.USER);