Making the regex that gets the index courses more secure

2018-12-06 16:55:03 -05:00
parent 877168f72b
commit 0dcb6ecea5
1 changed files with 1 additions and 1 deletions
--- a/openedx/core/djangoapps/content/course_overviews/models.py
+++ b/openedx/core/djangoapps/content/course_overviews/models.py
@@ -584,7 +584,7 @@ class CourseOverview(TimeStampedModel):
            # In rare cases, courses belonging to the same org may be accidentally assigned
            # an org code with a different casing (e.g., Harvardx as opposed to HarvardX).
            # Case-insensitive matching allows us to deal with this kind of dirty data.
-            course_overviews = course_overviews.filter(org__iregex=r'(' + '|'.join(orgs) + ')')
+            course_overviews = course_overviews.filter(org__iregex=r'(^' + '$|^'.join(orgs) + '$)')

        if filter_:
            course_overviews = course_overviews.filter(**filter_)