Index: branches/version-2_12-dev/data/class/api/SC_Api_Operation.php
===================================================================
--- branches/version-2_12-dev/data/class/api/SC_Api_Operation.php	(revision 22796)
+++ branches/version-2_12-dev/data/class/api/SC_Api_Operation.php	(revision 23144)
@@ -288,5 +288,5 @@
         $objFormParam->convParam();
 
-        $arrErr = $objFormParam->checkError();
+        $arrErr = SC_Api_Operation_Ex::checkParam($objFormParam);
         if (SC_Utils_Ex::isBlank($arrErr)) {
             $arrParam = $objFormParam->getHashArray();
@@ -404,3 +404,29 @@
     }
 
+    /**
+     * APIのリクエスト基本パラメーターのチェック
+     *
+     * @param object $objFormParam
+     * @return array $arrErr
+     */
+    protected function checkParam($objFormParam)
+    {
+        $arrErr = $objFormParam->checkError();
+        if (!preg_match("/^[a-zA-Z0-9\-\_]+$/", $objFormParam->getValue('Operation')) && !SC_Utils::isBlank($objFormParam->getValue('Operation'))) {
+            $arrErr['ECCUBE.Operation.ParamError'] = 'Operationの値が不正です。';
+        }
+        if (!preg_match("/^[a-zA-Z0-9\-\_]+$/", $objFormParam->getValue('Service')) && !SC_Utils::isBlank($objFormParam->getValue('Service'))) {
+            $arrErr['ECCUBE.Service.ParamError'] = 'Serviceの値が不正です。';
+        }
+        if (!preg_match("/^[a-zA-Z0-9\-\_]+$/", $objFormParam->getValue('Style')) && !SC_Utils::isBlank($objFormParam->getValue('Style'))) {
+            $arrErr['ECCUBE.Style.ParamError'] = 'Styleの値が不正です。';
+        }
+        if (!preg_match("/^[a-zA-Z0-9\-\_]+$/", $objFormParam->getValue('Validate')) && !SC_Utils::isBlank($objFormParam->getValue('Validate'))) {
+            $arrErr['ECCUBE.Validate.ParamError'] = 'Validateの値が不正です。';
+        }
+        if (!preg_match("/^[a-zA-Z0-9\-\_\.]+$/", $objFormParam->getValue('Version')) && !SC_Utils::isBlank($objFormParam->getValue('Version'))) {
+            $arrErr['ECCUBE.Version.ParamError'] = 'Versionの値が不正です。';
+        }
+        return $arrErr;
+    }
 }