=== modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java'
--- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java	2013-03-08 08:41:32 +0000
+++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java	2013-03-08 15:17:40 +0000
@@ -452,6 +452,20 @@
         {
             facility.setUuid( UUID.randomUUID().toString() );
         }
+        else
+        {
+            String uuid = facility.getUuid();
+
+            try
+            {
+                UUID.fromString( uuid );
+            }
+            catch ( IllegalArgumentException ignored )
+            {
+                return new ResponseEntity<String>( MessageResponseUtils.jsonMessage( HttpStatus.PRECONDITION_FAILED.toString(),
+                    "Bad id: (does not match expected UUID string format)" ), HttpStatus.PRECONDITION_FAILED );
+            }
+        }
 
         Set<ConstraintViolation<Facility>> constraintViolations = validator.validate( facility, Default.class, Create.class );
 

=== modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/test/java/org/hisp/dhis/web/webapi/v1/controller/FacilityControllerTest.java'
--- dhis-2/dhis-web/dhis-web-api-fred/src/test/java/org/hisp/dhis/web/webapi/v1/controller/FacilityControllerTest.java	2013-03-08 05:30:08 +0000
+++ dhis-2/dhis-web/dhis-web-api-fred/src/test/java/org/hisp/dhis/web/webapi/v1/controller/FacilityControllerTest.java	2013-03-08 15:17:40 +0000
@@ -264,6 +264,24 @@
             .andExpect( status().isOk() );
     }
 
+    @Test
+    public void testPutInvalidUuidShouldFail() throws Exception
+    {
+        OrganisationUnit organisationUnit = createOrganisationUnit( 'A' );
+        manager.save( organisationUnit );
+
+        Facility facility = new OrganisationUnitToFacilityConverter().convert( organisationUnit );
+        facility.setUuid( "DUMMY_UUID" );
+        facility.setName( "FacilityB" );
+        facility.setActive( false );
+
+        MockHttpSession session = getSession( "ALL" );
+
+        mvc.perform( put( "/v1/facilities/" + organisationUnit.getUuid() ).content( objectMapper.writeValueAsString( facility ) )
+            .session( session ).contentType( MediaType.APPLICATION_JSON ) )
+            .andExpect( status().isPreconditionFailed() );
+    }
+
     //---------------------------------------------------------------------------------------------
     // Test POST
     //---------------------------------------------------------------------------------------------
@@ -294,6 +312,19 @@
     }
 
     @Test
+    public void testPostInvalidUuidShouldFail() throws Exception
+    {
+        MockHttpSession session = getSession( "ALL" );
+
+        Facility facility = new Facility( "FacilityA" );
+        facility.setUuid( "DUMMY_UUID" );
+
+        mvc.perform( post( "/v1/facilities" ).content( objectMapper.writeValueAsString( facility ) )
+            .session( session ).contentType( MediaType.APPLICATION_JSON ) )
+            .andExpect( status().isPreconditionFailed() );
+    }
+
+    @Test
     public void testPostNameActive() throws Exception
     {
         MockHttpSession session = getSession( "ALL" );