This is an automated email from the ASF dual-hosted git repository.
lihan pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new c8fba3264d Improved regexp performance: "a-zA-Z0-9_" -> "\w" (#592)
c8fba3264d is described below
commit c8fba3264d0c75637a44eb403d10b163384981e7
Author: lihan <[email protected]>
AuthorDate: Fri Mar 10 15:22:50 2023 +0800
Improved regexp performance: "a-zA-Z0-9_" -> "\w" (#592)
Submitted by Andrei Briukhov
---
conf/web.xml | 4 ++--
java/org/apache/catalina/servlets/CGIServlet.java | 4 ++--
test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java | 2 +-
webapps/docs/cgi-howto.xml | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/conf/web.xml b/conf/web.xml
index 00acceb763..1a5cbfecd0 100644
--- a/conf/web.xml
+++ b/conf/web.xml
@@ -359,7 +359,7 @@
<!-- the arguments to the OS. See the CGI How-To -->
<!-- for more details. The default varies by -->
<!-- platform. -->
- <!-- Windows: [[a-zA-Z0-9\Q-_.\\/:\E]+] -->
+ <!-- Windows: [[\w\Q-.\\/:\E]+] -->
<!-- Others: [.*] -->
<!-- Note that internally the CGI Servlet treats -->
<!-- [.*] as a special case to improve performance -->
@@ -370,7 +370,7 @@
<!-- command line arguments must match else the -->
<!-- request will be rejected. The default matches -->
<!-- the allowed values defined by RFC3875. -->
- <!-- [[a-zA-Z0-9\Q%;/?:@&,$-_.!~*'()\E]+] -->
+ <!-- [[\w\Q%;/?:@&,$-.!~*'()\E]+] -->
<!-- -->
<!-- enableCmdLineArguments -->
<!-- Are command line parameters generated from -->
diff --git a/java/org/apache/catalina/servlets/CGIServlet.java
b/java/org/apache/catalina/servlets/CGIServlet.java
index d0755c6fdd..e1cda7bb97 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -255,7 +255,7 @@ public final class CGIServlet extends HttpServlet {
DEFAULT_SUPER_METHODS.add("TRACE");
if (JrePlatform.IS_WINDOWS) {
- DEFAULT_CMD_LINE_ARGUMENTS_DECODED_PATTERN =
Pattern.compile("[a-zA-Z0-9\\Q-_.\\/:\\E]+");
+ DEFAULT_CMD_LINE_ARGUMENTS_DECODED_PATTERN =
Pattern.compile("[\\w\\Q-.\\/:\\E]+");
} else {
// No restrictions
DEFAULT_CMD_LINE_ARGUMENTS_DECODED_PATTERN = null;
@@ -324,7 +324,7 @@ public final class CGIServlet extends HttpServlet {
* Uses \Q...\E to avoid individual quoting.
*/
private Pattern cmdLineArgumentsEncodedPattern =
- Pattern.compile("[a-zA-Z0-9\\Q%;/?:@&,$-_.!~*'()\\E]+");
+ Pattern.compile("[\\w\\Q%;/?:@&,$-.!~*'()\\E]+");
/**
* Limits the decoded form of individual command line arguments. Default
diff --git
a/test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java
b/test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java
index c2bbae3bee..37e241f5a4 100755
--- a/test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java
+++ b/test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java
@@ -41,7 +41,7 @@ public class TestCGIServletCmdLineArguments {
* here. This was chosen as it is simple and the tests are run on
* Windows as part of every release cycle.
*/
- defaultDecodedPatternWindows =
Pattern.compile("[a-zA-Z0-9\\Q-_.\\/:\\E]+");
+ defaultDecodedPatternWindows = Pattern.compile("[\\w\\Q-.\\/:\\E]+");
if (JrePlatform.IS_WINDOWS) {
Pattern p = null;
diff --git a/webapps/docs/cgi-howto.xml b/webapps/docs/cgi-howto.xml
index d1f3e0d0c9..cc5befa5d5 100644
--- a/webapps/docs/cgi-howto.xml
+++ b/webapps/docs/cgi-howto.xml
@@ -115,7 +115,7 @@ by Daniel Colascione</a>.</li>
are enabled (via <strong>enableCmdLineArguments</strong>) individual encoded
command line argument must match this pattern else the request will be
rejected.
The default matches the allowed values defined by RFC3875 and is
-<code>[a-zA-Z0-9\Q%;/?:@&,$-_.!~*'()\E]+</code></li>
+<code>[\w\Q%;/?:@&,$-.!~*'()\E]+</code></li>
<li><strong>enableCmdLineArguments</strong> - Are command line arguments
generated from the query string as per section 4.4 of 3875 RFC? The default is
<code>false</code>.</li>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
