Index: main/utils.c
===================================================================
--- main/utils.c	(revision 261310)
+++ main/utils.c	(working copy)
@@ -384,9 +384,10 @@
 */
 char *ast_uri_encode(const char *string, char *outbuf, int buflen, int doreserved) 
 {
-	char *reserved = ";/?:@&=+$,# ";	/* Reserved chars */
+	const char *reserved = ";/?:@&=+$,";            /* Section 2.2 */
+	const char *excluded = "\x7F <>#%\"{}|\\^[]`";  /* Section 2.4.3 */
 
- 	const char *ptr  = string;	/* Start with the string */
+	const char *ptr  = string;	/* Start with the string */
 	char *out = NULL;
 	char *buf = NULL;
 
@@ -394,17 +395,24 @@
 
 	/* If there's no characters to convert, just go through and don't do anything */
 	while (*ptr) {
-		if ((*ptr < 32) || (doreserved && strchr(reserved, *ptr))) {
+		if (*ptr < 32 || strchr(excluded, *ptr) || (doreserved && strchr(reserved, *ptr))) {
 			/* Oops, we need to start working here */
 			if (!buf) {
 				buf = outbuf;
 				out = buf + (ptr - string) ;	/* Set output ptr */
 			}
+			/* Don't exceed length of output buffer */
+			if (out + 3 >= outbuf + buflen) {
+				break;
+			}
 			out += sprintf(out, "%%%02x", (unsigned char) *ptr);
-		} else if (buf) {
+		} else if (buf && out + 1 < outbuf + buflen) {
 			*out = *ptr;	/* Continue copying the string */
 			out++;
-		} 
+		} else if (buf) {
+			/* outbuf to be exceeded in this loop */
+			break;
+		}
 		ptr++;
 	}
 	if (buf)