Index: syllabus-app/src/java/org/sakaiproject/tool/syllabus/SyllabusTool.java
===================================================================
--- syllabus-app/src/java/org/sakaiproject/tool/syllabus/SyllabusTool.java	(revision 86634)
+++ syllabus-app/src/java/org/sakaiproject/tool/syllabus/SyllabusTool.java	(working copy)
@@ -20,14 +20,15 @@
  **********************************************************************************/
 package org.sakaiproject.tool.syllabus;
 
-import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.logging.Logger;
 
+import javax.faces.application.FacesMessage;
 import javax.faces.component.UIComponent;
 import javax.faces.context.ExternalContext;
 import javax.faces.context.FacesContext;
@@ -35,6 +36,8 @@
 import javax.faces.event.ValueChangeEvent;
 
 import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.sakaiproject.api.app.syllabus.SyllabusAttachment;
 import org.sakaiproject.api.app.syllabus.SyllabusData;
 import org.sakaiproject.api.app.syllabus.SyllabusItem;
@@ -48,6 +51,8 @@
 import org.sakaiproject.entity.api.Reference;
 import org.sakaiproject.entity.api.ResourcePropertiesEdit;
 import org.sakaiproject.entity.cover.EntityManager;
+import org.sakaiproject.event.api.Event;
+import org.sakaiproject.event.cover.EventTrackingService;
 import org.sakaiproject.exception.PermissionException;
 import org.sakaiproject.site.cover.SiteService;
 import org.sakaiproject.tool.api.Placement;
@@ -56,16 +61,10 @@
 import org.sakaiproject.tool.cover.ToolManager;
 import org.sakaiproject.user.cover.UserDirectoryService;
 import org.sakaiproject.util.FormattedText;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.sakaiproject.util.ResourceLoader;
 
 import com.sun.faces.util.MessageFactory;
 
-import org.sakaiproject.event.cover.EventTrackingService;
-import org.sakaiproject.event.api.Event;
-
-import org.sakaiproject.util.ResourceLoader;
-
 //sakai2 - no need to import org.sakaiproject.jsf.ToolBean here as sakai does.
 
 /**
@@ -75,6 +74,9 @@
 //sakai2 - doesn't implement ToolBean as sakai does.
 public class SyllabusTool
 {
+  private static final int MAX_REDIRECT_LENGTH = 512; // according to HBM file
+  private static final int MAX_TITLE_LENGTH = 256;    // according to HBM file
+  
   public class DecoratedSyllabusEntry
   {
     protected SyllabusData in_entry = null;
@@ -310,7 +312,7 @@
         FacesContext.getCurrentInstance().addMessage(
             null,
             MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-                "error_permission", (new Object[] { e.toString() })));
+                "error_general", (new Object[] { e.toString() })));
       }
     }
     else
@@ -369,7 +371,7 @@
         FacesContext.getCurrentInstance().addMessage(
             null,
             MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-                "error_permission", (new Object[] { e.toString() })));
+                "error_general", (new Object[] { e.toString() })));
       }
     }
     if (entries == null || entries.isEmpty())
@@ -624,7 +626,7 @@
       FacesContext.getCurrentInstance().addMessage(
           null,
           MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-              "error_permission", (new Object[] { e.toString() })));
+              "error_general", (new Object[] { e.toString() })));
     }
 
     entries.clear();
@@ -733,7 +735,7 @@
       FacesContext.getCurrentInstance().addMessage(
           null,
           MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-              "error_permission", (new Object[] { e.toString() })));
+              "error_general", (new Object[] { e.toString() })));
     }
 
     return null;
@@ -811,7 +813,7 @@
       FacesContext.getCurrentInstance().addMessage(
           null,
           MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-              "error_permission", (new Object[] { e.toString() })));
+              "error_general", (new Object[] { e.toString() })));
     }
 
     return null;
@@ -848,7 +850,7 @@
       FacesContext.getCurrentInstance().addMessage(
           null,
           MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-              "error_permission", (new Object[] { e.toString() })));
+              "error_general", (new Object[] { e.toString() })));
     }
 
     return null;
@@ -886,7 +888,7 @@
       FacesContext.getCurrentInstance().addMessage(
           null,
           MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-              "error_permission", (new Object[] { e.toString() })));
+              "error_general", (new Object[] { e.toString() })));
 
       return null;
     }
@@ -994,7 +996,7 @@
       FacesContext.getCurrentInstance().addMessage(
           null,
           MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-              "error_permission", (new Object[] { e.toString() })));
+              "error_general", (new Object[] { e.toString() })));
     }
 
     return null;
@@ -1071,7 +1073,7 @@
       FacesContext.getCurrentInstance().addMessage(
           null,
           MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-              "error_permission", (new Object[] { e.toString() })));
+              "error_general", (new Object[] { e.toString() })));
     }
 
     return null;
@@ -1256,7 +1258,7 @@
       FacesContext.getCurrentInstance().addMessage(
           null,
           MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-              "error_permission", (new Object[] { e.toString() })));
+              "error_general", (new Object[] { e.toString() })));
     }
     return null;
   }
@@ -1283,15 +1285,36 @@
       }
       else
       {
+    	// can currentRedirectURL ever be null?
       	currentRediredUrl = currentRediredUrl.replaceAll("\"", ""); 
-    	  syllabusItem.setRedirectURL(currentRediredUrl);
-        syllabusManager.saveSyllabusItem(syllabusItem);
-
-        entries.clear();
-        entry = null;
+      	FacesMessage errorMsg = null;
+      	if (currentRediredUrl.length() > MAX_REDIRECT_LENGTH) {
+          errorMsg = MessageFactory.getMessage(FacesContext.getCurrentInstance(), 
+   			     "error_redirect_too_long");
+      	} else {
+      		try {
+      			// an empty redirect URL will effectively remove the redirect
+      			if (currentRediredUrl.trim().length() > 0) {
+      				// validate the input string to be a valid URL.
+      				URL ignore = new URL(currentRediredUrl);
+      			}
+    	    	syllabusItem.setRedirectURL(currentRediredUrl);
+    	        syllabusManager.saveSyllabusItem(syllabusItem);
+    	
+    	        entries.clear();
+    	        entry = null;
+      		} catch (MalformedURLException ex) {
+      			errorMsg = MessageFactory.getMessage(FacesContext.getCurrentInstance(), 
+  			     "error_redirect_ivalid", new Object[] {ex.getMessage()});
+      		}
+      	}
+      	if (errorMsg != null) {
+      	   FacesContext.getCurrentInstance().addMessage("redirectForm:urlValue", errorMsg);
+      	   return "edit_redirect";
+      	}
       }
 
-      return "main_edit";
+     return "main_edit";
     }
     catch (Exception e)
     {
@@ -1299,7 +1322,7 @@
       FacesContext.getCurrentInstance().addMessage(
           null,
           MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-              "error_permission", (new Object[] { e.toString() })));
+              "error_general", (new Object[] { e.toString() })));
     }
 
     return null;
@@ -1333,7 +1356,7 @@
       FacesContext.getCurrentInstance().addMessage(
           null,
           MessageFactory.getMessage(FacesContext.getCurrentInstance(),
-              "error_permission", (new Object[] { e.toString() })));
+              "error_general", (new Object[] { e.toString() })));
     }
     return null;
   }
Index: syllabus-app/src/bundle/org/sakaiproject/tool/syllabus/bundle/Messages.properties
===================================================================
--- syllabus-app/src/bundle/org/sakaiproject/tool/syllabus/bundle/Messages.properties	(revision 86634)
+++ syllabus-app/src/bundle/org/sakaiproject/tool/syllabus/bundle/Messages.properties	(working copy)
@@ -41,6 +41,7 @@
 bar_student_view=Preview
 bar_create_edit=Create/Edit
 
+error_general=server error occurred {0}
 error_permission=permission error {0}
 error_delete_unused=delete unused {0}
 error_version=version error {0}
@@ -149,4 +150,8 @@
 send_to_printer=Send To Printer
 close_window=Close Window
 
-refresh=Syllabus tool has stale state. Please refresh the tool.
\ No newline at end of file
+refresh=Syllabus tool has stale state. Please refresh the tool.
+
+error_redirect_empty=Redirect URL cannot be blank.
+error_redirect_too_long=Redirect URL cannot be longer than 512 characters.
+error_redirect_ivalid=Redirect URL is invalid ({0}).
\ No newline at end of file
Index: syllabus-app/src/webapp/syllabus/edit.jsp
===================================================================
--- syllabus-app/src/webapp/syllabus/edit.jsp	(revision 86634)
+++ syllabus-app/src/webapp/syllabus/edit.jsp	(working copy)
@@ -12,6 +12,7 @@
 	<sakai:view_container title="#{msgs.title_edit}">
 		<sakai:view_content>
 			<h:outputText value="#{SyllabusTool.alertMessage}" styleClass="alertMessage" rendered="#{SyllabusTool.alertMessage != null}" />
+			<h:messages globalOnly="true" styleClass="alertMessage" />
 			<h:form>
 		  	<sakai:tool_bar_message value="#{msgs.add_sylla}" /> 
  			<sakai:doc_section>
Index: syllabus-app/src/webapp/syllabus/main_edit.jsp
===================================================================
--- syllabus-app/src/webapp/syllabus/main_edit.jsp	(revision 86634)
+++ syllabus-app/src/webapp/syllabus/main_edit.jsp	(working copy)
@@ -13,8 +13,8 @@
 	<sakai:view_content>
 		<h:form>
 		  <sakai:tool_bar>
-		  <%-- (gsilver) cannot pass a needed title atribute to these next items --%>
-			  <sakai:tool_bar_item
+		  <%-- (gsilver) cannot pass a needed title attribute to these next items --%>
+			<sakai:tool_bar_item
 			    action="#{SyllabusTool.processListNew}"
 					value="#{msgs.bar_new}" 
 			    rendered="#{SyllabusTool.editAble == 'true'}" />
@@ -26,10 +26,11 @@
 					action="#{SyllabusTool.processStudentView}"
 					value="#{msgs.bar_student_view}" 
 		   			rendered="#{SyllabusTool.editAble == 'true'}" />
-   	  </sakai:tool_bar>
-			<syllabus:syllabus_if test="#{SyllabusTool.syllabusItem.redirectURL}">
-		  	<sakai:tool_bar_message value="#{msgs.mainEditNotice}" />
-				<syllabus:syllabus_table value="#{SyllabusTool.entries}" var="eachEntry" summary="#{msgs.mainEditListSummary}" styleClass="listHier lines nolines">
+   	      </sakai:tool_bar>
+   	      <h:messages globalOnly="true" styleClass="alertMessage"/>
+	      <syllabus:syllabus_if test="#{SyllabusTool.syllabusItem.redirectURL}">
+		     <sakai:tool_bar_message value="#{msgs.mainEditNotice}" />
+		     <syllabus:syllabus_table value="#{SyllabusTool.entries}" var="eachEntry" summary="#{msgs.mainEditListSummary}" styleClass="listHier lines nolines">
 <%--						<h:column rendered="#{!empty SyllabusTool.entries}">--%>
 						<h:column rendered="#{! SyllabusTool.displayNoEntryMsg}">
 							<f:facet name="header">
@@ -71,20 +72,20 @@
 							</f:facet>
 							<h:selectBooleanCheckbox value="#{eachEntry.selected}" title="#{msgs.selectThisCheckBox}"/>
 						</h:column>
-					</syllabus:syllabus_table>
-					<f:verbatim><p class="act"></f:verbatim>	
-						<h:commandButton 
-							  value="#{msgs.update}" 
-							  action="#{SyllabusTool.processListDelete}"
-							  title="#{msgs.update}"
-							  rendered="#{! SyllabusTool.displayNoEntryMsg}"
-							  accesskey="s" 	/>
-					<f:verbatim></p></f:verbatim>		  
-			</syllabus:syllabus_if>
-			<syllabus:syllabus_ifnot test="#{SyllabusTool.syllabusItem.redirectURL}">
-				<sakai:tool_bar_message value="#{msgs.redirect_sylla}" />
-				<syllabus:syllabus_iframe redirectUrl="#{SyllabusTool.syllabusItem.redirectURL}" width="100%" height="500" />
-			</syllabus:syllabus_ifnot>
+			 </syllabus:syllabus_table>
+			 <f:verbatim><p class="act"></f:verbatim>	
+				<h:commandButton 
+				     value="#{msgs.update}" 
+					 action="#{SyllabusTool.processListDelete}"
+					 title="#{msgs.update}"
+				     rendered="#{! SyllabusTool.displayNoEntryMsg}"
+					 accesskey="s" 	/>
+			<f:verbatim></p></f:verbatim>		  
+		  </syllabus:syllabus_if>
+	      <syllabus:syllabus_ifnot test="#{SyllabusTool.syllabusItem.redirectURL}">
+		    <sakai:tool_bar_message value="#{msgs.redirect_sylla}" />
+		    <syllabus:syllabus_iframe redirectUrl="#{SyllabusTool.syllabusItem.redirectURL}" width="100%" height="500" />
+		  </syllabus:syllabus_ifnot>
 		</h:form>
 	</sakai:view_content>
 	</sakai:view_container>
Index: syllabus-app/src/webapp/syllabus/edit_redirect.jsp
===================================================================
--- syllabus-app/src/webapp/syllabus/edit_redirect.jsp	(revision 86634)
+++ syllabus-app/src/webapp/syllabus/edit_redirect.jsp	(working copy)
@@ -9,15 +9,16 @@
 
 	<sakai:view_container title="#{msgs.title_edit}">
 		<sakai:view_content>
-			<h:form>
+			<h:form id="redirectForm">
 				<h3>
 					<h:outputText value="#{msgs.redirect_sylla}" />
 				</h3>
+				<h:messages styleClass="alertMessage" />
 				<h:panelGrid styleClass="jsfFormTable" columns="1" summary="layout">
 					<h:panelGroup styleClass="shorttext required">
 						<h:outputText value="*" styleClass="reqStar"/>
 						<h:outputLabel for="urlValue"><h:outputText value="#{msgs.syllabus_url}"/></h:outputLabel>
-						<h:inputText id="urlValue" value="#{SyllabusTool.currentRediredUrl}" size="65" />
+						<h:inputText id="urlValue" value="#{SyllabusTool.currentRediredUrl}" size="65"/>
 					</h:panelGroup>
 				</h:panelGrid>
 				<sakai:button_bar>