filter pattern tweaks

apps/jetty/java/src/net/i2p/servlet/filters/XSSFilter.java

@@ -10,6 +10,9 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 
+/**
+ *  @since 0.9.14
+ */
 public class XSSFilter implements Filter {
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {

apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java

@@ -10,10 +10,13 @@ import javax.servlet.http.HttpServletRequestWrapper;
 import net.i2p.I2PAppContext;
 import net.i2p.util.Log;
 
+/**
+ *  @since 0.9.14
+ */
 public class XSSRequestWrapper extends HttpServletRequestWrapper {
     // Adapted from https://owasp-esapi-java.googlecode.com/svn/trunk/configuration/esapi/ESAPI.properties
-    private static Pattern parameterValuePattern = Pattern.compile("^[a-zA-Z0-9.,:\\-\\/+=@_ \r\n]*$");
+    private static final Pattern parameterValuePattern = Pattern.compile("^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n]*$");
-    private static Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
+    private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
 
     public XSSRequestWrapper(HttpServletRequest servletRequest) {
         super(servletRequest);

router/java/src/net/i2p/router/RouterVersion.java

@@ -18,7 +18,7 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Monotone";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 22;
+    public final static long BUILD = 23;
 
     /** for example "-test" */
     public final static String EXTRA = "-rc";