From 2c8223274d94c6e0d6c68ff1416bc8921e43baf8 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Sat, 26 Jul 2014 13:43:52 +0000
Subject: [PATCH] filter pattern tweaks

---
 apps/jetty/java/src/net/i2p/servlet/filters/XSSFilter.java | 3 +++
 .../src/net/i2p/servlet/filters/XSSRequestWrapper.java     | 7 +++++--
 router/java/src/net/i2p/router/RouterVersion.java          | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/apps/jetty/java/src/net/i2p/servlet/filters/XSSFilter.java b/apps/jetty/java/src/net/i2p/servlet/filters/XSSFilter.java
index a093354d31..b29892e70f 100644
--- a/apps/jetty/java/src/net/i2p/servlet/filters/XSSFilter.java
+++ b/apps/jetty/java/src/net/i2p/servlet/filters/XSSFilter.java
@@ -10,6 +10,9 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 
+/**
+ *  @since 0.9.14
+ */
 public class XSSFilter implements Filter {
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
diff --git a/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java b/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
index 93228079bd..de81897435 100644
--- a/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
+++ b/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
@@ -10,10 +10,13 @@ import javax.servlet.http.HttpServletRequestWrapper;
 import net.i2p.I2PAppContext;
 import net.i2p.util.Log;
 
+/**
+ *  @since 0.9.14
+ */
 public class XSSRequestWrapper extends HttpServletRequestWrapper {
     // Adapted from https://owasp-esapi-java.googlecode.com/svn/trunk/configuration/esapi/ESAPI.properties
-    private static Pattern parameterValuePattern = Pattern.compile("^[a-zA-Z0-9.,:\\-\\/+=@_ \r\n]*$");
-    private static Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
+    private static final Pattern parameterValuePattern = Pattern.compile("^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n]*$");
+    private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
 
     public XSSRequestWrapper(HttpServletRequest servletRequest) {
         super(servletRequest);
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index a85b0c8aa2..9535f12e9f 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,7 +18,7 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Monotone";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 22;
+    public final static long BUILD = 23;
 
     /** for example "-test" */
     public final static String EXTRA = "-rc";
-- 
GitLab