[tomcat] branch 9.0.x updated: Improved regexp performance: "a-zA-Z0-9_" -> "\w" (#592)

Thu, 09 Mar 2023 23:28:57 -0800 

This is an automated email from the ASF dual-hosted git repository.

lihan pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 6918c28c77 Improved regexp performance: "a-zA-Z0-9_" -> "\w" (#592)
6918c28c77 is described below

commit 6918c28c776c7b7d2104b26b9768b46eeb4352a0
Author: lihan <li...@apache.org>
AuthorDate: Fri Mar 10 15:22:50 2023 +0800

    Improved regexp performance: "a-zA-Z0-9_" -> "\w" (#592)
    
    Submitted by Andrei Briukhov
---
 conf/web.xml                                                          | 4 ++--
 java/org/apache/catalina/servlets/CGIServlet.java                     | 4 ++--
 test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java | 2 +-
 webapps/docs/cgi-howto.xml                                            | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/conf/web.xml b/conf/web.xml
index ddabd5efa9..0b8b1edfe7 100644
--- a/conf/web.xml
+++ b/conf/web.xml
@@ -363,7 +363,7 @@
   <!--                        the arguments to the OS. See the CGI How-To   -->
   <!--                        for more details. The default varies by       -->
   <!--                        platform.                                     -->
-  <!--                        Windows: [[a-zA-Z0-9\Q-_.\\/:\E]+]            -->
+  <!--                        Windows: [[\w\Q-.\\/:\E]+]            -->
   <!--                        Others:  [.*]                                 -->
   <!--                        Note that internally the CGI Servlet treats   -->
   <!--                        [.*] as a special case to improve performance -->
@@ -374,7 +374,7 @@
   <!--                        command line arguments must match else the    -->
   <!--                        request will be rejected. The default matches -->
   <!--                        the allowed values defined by RFC3875.        -->
-  <!--                        [[a-zA-Z0-9\Q%;/?:@&,$-_.!~*'()\E]+]          -->
+  <!--                        [[\w\Q%;/?:@&,$-.!~*'()\E]+]          -->
   <!--                                                                      -->
   <!--   enableCmdLineArguments                                             -->
   <!--                        Are command line parameters generated from    -->
diff --git a/java/org/apache/catalina/servlets/CGIServlet.java 
b/java/org/apache/catalina/servlets/CGIServlet.java
index 1c01714ff7..2c03cf7601 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -254,7 +254,7 @@ public final class CGIServlet extends HttpServlet {
         DEFAULT_SUPER_METHODS.add("TRACE");
 
         if (JrePlatform.IS_WINDOWS) {
-            DEFAULT_CMD_LINE_ARGUMENTS_DECODED_PATTERN = 
Pattern.compile("[a-zA-Z0-9\\Q-_.\\/:\\E]+");
+            DEFAULT_CMD_LINE_ARGUMENTS_DECODED_PATTERN = 
Pattern.compile("[\\w\\Q-.\\/:\\E]+");
         } else {
             // No restrictions
             DEFAULT_CMD_LINE_ARGUMENTS_DECODED_PATTERN = null;
@@ -323,7 +323,7 @@ public final class CGIServlet extends HttpServlet {
      * Uses \Q...\E to avoid individual quoting.
      */
     private Pattern cmdLineArgumentsEncodedPattern =
-            Pattern.compile("[a-zA-Z0-9\\Q%;/?:@&,$-_.!~*'()\\E]+");
+            Pattern.compile("[\\w\\Q%;/?:@&,$-.!~*'()\\E]+");
 
     /**
      * Limits the decoded form of individual command line arguments. Default
diff --git 
a/test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java 
b/test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java
index c2bbae3bee..37e241f5a4 100755
--- a/test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java
+++ b/test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java
@@ -41,7 +41,7 @@ public class TestCGIServletCmdLineArguments {
          * here. This was chosen as it is simple and the tests are run on
          * Windows as part of every release cycle.
          */
-        defaultDecodedPatternWindows = 
Pattern.compile("[a-zA-Z0-9\\Q-_.\\/:\\E]+");
+        defaultDecodedPatternWindows = Pattern.compile("[\\w\\Q-.\\/:\\E]+");
 
         if (JrePlatform.IS_WINDOWS) {
             Pattern p = null;
diff --git a/webapps/docs/cgi-howto.xml b/webapps/docs/cgi-howto.xml
index e00faf0a19..b3b76937f9 100644
--- a/webapps/docs/cgi-howto.xml
+++ b/webapps/docs/cgi-howto.xml
@@ -116,7 +116,7 @@ by Daniel Colascione</a>.</li>
 are enabled (via <strong>enableCmdLineArguments</strong>) individual encoded
 command line argument must match this pattern else the request will be 
rejected.
 The default matches the allowed values defined by RFC3875 and is
-<code>[a-zA-Z0-9\Q%;/?:@&amp;,$-_.!~*'()\E]+</code></li>
+<code>[\w\Q%;/?:@&amp;,$-.!~*'()\E]+</code></li>
 <li><strong>enableCmdLineArguments</strong> - Are command line arguments
 generated from the query string as per section 4.4 of 3875 RFC? The default is
 <code>false</code>.</li>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to