4 files changed, 5 insertions, 1 deletions

diff --git a/contrib/gana b/contrib/gana
-Subproject 9db4c62596670e87dc1b6af6ffd222f2124b225
+Subproject 7048773eed952c30e4bc8e30d7caed083c18565
diff --git a/contrib/wallet-core b/contrib/wallet-core
-Subproject c412a2fff5ac72f3a15ffcf0c59b226a9c7ad93
+Subproject d61c38e4864dc508536136e94e625cf9dd1660a
diff --git a/src/util/payto.c b/src/util/payto.c
index 90a3f26ce..a471175a9 100644
--- a/src/util/payto.c
+++ b/src/util/payto.c
@@ -293,6 +293,7 @@ validate_payto_xtalerbank (const char *account_url)
       else
       {
         if (! ( ('-' == c) ||
+                ('_' == c) ||
                 ( ('0' <= c) && ('9' >= c) ) ||
                 ( ('a' <= c) && ('z' >= c) ) ||
                 ( ('A' <= c) && ('Z' >= c) ) ) )
@@ -342,7 +343,7 @@ TALER_payto_validate (const char *payto_uri)
     /* This is more strict than RFC 8905, alas we do not need to support messages/instructions/etc.,
        and it is generally better to start with a narrow whitelist; we can be more permissive later ...*/
 #define ALLOWED_CHARACTERS \
-  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/:&?-_.,=+%~"
+        "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/:$&?!-_.,;=*+%~@()[]"
     if (NULL == strchr (ALLOWED_CHARACTERS,
                         (int) payto_uri[i]))
     {
diff --git a/src/util/test_payto.c b/src/util/test_payto.c
index 62ba7d28e..fc800c8d2 100644
--- a/src/util/test_payto.c
+++ b/src/util/test_payto.c
@@ -60,6 +60,9 @@ main (int argc,
     "payto://x-taler-bank/hostname/~path/username?receiver-name=fo/o");
   GNUNET_assert (NULL == r);
   r = TALER_payto_validate (
+    "payto://x-taler-bank/host_name/~path/username?receiver-name=fo_o");
+  GNUNET_assert (NULL == r);
+  r = TALER_payto_validate (
     "payto://x-taler-bank/hostname/path/username?receiver-name=foo");
   GNUNET_assert (NULL == r);
   r = TALER_payto_validate (