Do not allow invalid characters in URIs

According to RFC 3986, URIs should only contain :/?#[]@!$&'()*+,;= , %, A-Z, a-z, 0-9 and -._~

See also #329

src/civetweb.c

@@ -12204,6 +12204,41 @@ get_uri_type(const char *uri)
 		/* asterisk */
 		return 1;
 	}
+
+	/* Valid URIs according to RFC 3986
+	 * (https://www.ietf.org/rfc/rfc3986.txt)
+	 * must only contain reserved characters :/?#[]@!$&'()*+,;=
+	 * and unreserved characters A-Z a-z 0-9 and -._~
+	 * and % encoded symbols.
+	 */
+	for (i = 0; uri[i] != 0; i++) {
+		if (uri[i] < 33) {
+			/* control characters and spaces are invalid */
+			return 0;
+		}
+		if (uri[i] > 126) {
+			/* non-ascii characters must be % encoded */
+			return 0;
+		} else {
+			switch (uri[i]) {
+			case '"':  /* 34 */
+			case '<':  /* 60 */
+			case '>':  /* 62 */
+			case '\\': /* 92 */
+			case '^':  /* 94 */
+			case '`':  /* 96 */
+			case '{':  /* 123 */
+			case '|':  /* 124 */
+			case '}':  /* 125 */
+				return 0;
+			default:
+				/* character is ok */
+				break;
+			}
+		}
+	}
+
+	/* A relative uri starts with a / character */
 	if (uri[0] == '/') {
 		/* relative uri */
 		return 2;