8335428: Enhanced Building of Processes

Reviewed-by: mbalao, andrew
Backport-of: 978dfdf9aa95da4196055cc288c5993d4dc6ef85

src/java.base/windows/classes/java/lang/ProcessImpl.java

@@ -211,13 +211,14 @@ private static String[] getTokensFromCommand(String command) {
     private static final int VERIFICATION_LEGACY = 3;
     // See Command shell overview for documentation of special characters.
     // https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb490954(v=technet.10)
-    private static final char ESCAPE_VERIFICATION[][] = {
+    private static final String ESCAPE_VERIFICATION[] = {
         // We guarantee the only command file execution for implicit [cmd.exe] run.
         //    http://technet.microsoft.com/en-us/library/bb490954.aspx
-        {' ', '\t', '\"', '<', '>', '&', '|', '^'},
-        {' ', '\t', '\"', '<', '>'},
-        {' ', '\t', '\"', '<', '>'},
-        {' ', '\t'}
+        // All space characters require quoting are checked in needsEscaping().
+        "\t\"<>&|^",
+        "\t\"<>",
+        "\t\"<>",
+        "\t"
     };
 
     private static String createCommandLine(int verificationType,
@@ -332,9 +333,13 @@ private static boolean needsEscaping(int verificationType, String arg) {
         }
 
         if (!argIsQuoted) {
-            char testEscape[] = ESCAPE_VERIFICATION[verificationType];
-            for (int i = 0; i < testEscape.length; ++i) {
-                if (arg.indexOf(testEscape[i]) >= 0) {
+            for (int i = 0; i < arg.length(); i++) {
+                char ch = arg.charAt(i);
+                if (Character.isLetterOrDigit(ch))
+                    continue;   // skip over common characters
+                // All space chars require quotes and other mode specific characters
+                if (Character.isSpaceChar(ch) ||
+                        ESCAPE_VERIFICATION[verificationType].indexOf(ch) >= 0) {
                     return true;
                 }
             }