Update Token regex

Author: gapple

src/Parser.php

@@ -334,16 +334,19 @@ private static function parseDisplayString(ParsingInput $string): DisplayString
      */
     private static function parseToken(ParsingInput $input): Token
     {
-        // Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
-        // 3.2.6. Field Value Components
-        // @see https://tools.ietf.org/html/rfc7230#section-3.2.6
-        $tchar = preg_quote("!#$%&'*+-.^_`|~");
+        // RFC 9110: HTTP Semantics (5.6.2. Tokens)
+        // @see https://www.rfc-editor.org/rfc/rfc9110.html#name-tokens
+        // $tchar = preg_quote("!#$%&'*+-.^_`|~");
+        $tchar = "!#$%&'*+\-.^_`|~";
 
         // parseToken is only called by parseBareItem if the initial character
         // is valid, so a Token object is always returned.  If there is an
         // invalid character in the token, the public function that was called
         // will detect that the remainder of the input string is invalid.
-        return new Token($input->consumeRegex('/^([a-z*][a-z0-9:\/' . $tchar . ']*)/i'));
+        return new Token($input->consumeRegex('/^(
+                (?:\*|[a-z])                # an alphabetic character or "*"
+                [a-z0-9:\/' . $tchar . ']*  # zero to many token characters
+            )/ix'));
     }
 
     /**

src/Serializer.php

@@ -224,12 +224,17 @@ private static function serializeDisplayString(DisplayString $value): string
 
     private static function serializeToken(Token $value): string
     {
-        // Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
-        // 3.2.6. Field Value Components
-        // @see https://tools.ietf.org/html/rfc7230#section-3.2.6
-        $tchar = preg_quote("!#$%&'*+-.^_`|~");
-
-        if (!preg_match('/^((?:\*|[a-z])[a-z0-9:\/' . $tchar . ']*)$/i', (string) $value)) {
+        // RFC 9110: HTTP Semantics (5.6.2. Tokens)
+        // @see https://www.rfc-editor.org/rfc/rfc9110.html#name-tokens
+        // $tchar = preg_quote("!#$%&'*+-.^_`|~");
+        $tchar = "!#$%&'*+\-.^_`|~";
+
+        if (
+            !preg_match('/^(
+                (?:\*|[a-z])                # an alphabetic character or "*"
+                [a-z0-9:\/' . $tchar . ']*  # zero to many token characters
+            )$/ix', (string) $value)
+        ) {
             throw new SerializeException('Invalid characters in token');
         }