Wrong regex for unsafe characters. Safe uppercase letters and digits are considered unsafe

[micheldiemer]

The line of code
var lUnsafeCharacters = /[`~!@#$%^&*()-_=+[]{}\|;':",./<>?]/;
is found in six files :
edit-account-profile.php login.php register.php user-info-xpath.php user-info.php xml-validator.php

Two problems
a) The expression )-_ matches the range from ) (ASCCII 51) to _ (ASCII 95) which includes uppercase letters and digits so uppercase letters and digits are considered unsafe so it is best to put the hyphen at the end
b) the character / should be excaped : \/

The correct regex tested with https://regex101.com/ is
var lUnsafeCharacters = /[`~!@#$%^&*()_=+[]{}\|;':",.\/<>?-]/;

[webpwnized]

Thanks. Fixed in version and tag 2.11.8