From dc50a23b1045fcddd3dd486c7d43f9402ccb4b6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20P=C3=A9pin?= <martin.pepin@ens.fr>
Date: Sun, 19 Mar 2017 14:48:04 +0000
Subject: [PATCH] Escape the content of the regex in `highligh_text`

---
 gestioncof/templatetags/utils.py | 2 +-
 kfet/templatetags/kfet_tags.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gestioncof/templatetags/utils.py b/gestioncof/templatetags/utils.py
index 90855165..76bc6003 100644
--- a/gestioncof/templatetags/utils.py
+++ b/gestioncof/templatetags/utils.py
@@ -23,7 +23,7 @@ def key(d, key_name):
 
 
 def highlight_text(text, q):
-    q2 = "|".join(q.split())
+    q2 = "|".join(re.escape(word) for word in q.split())
     pattern = re.compile(r"(?P<filter>%s)" % q2, re.IGNORECASE)
     return mark_safe(re.sub(pattern,
                             r"<span class='highlight'>\g<filter></span>",
diff --git a/kfet/templatetags/kfet_tags.py b/kfet/templatetags/kfet_tags.py
index b3976326..c8b6a228 100644
--- a/kfet/templatetags/kfet_tags.py
+++ b/kfet/templatetags/kfet_tags.py
@@ -11,7 +11,7 @@ register = template.Library()
 
 
 def highlight_text(text, q):
-    q2 = "|".join(q.split())
+    q2 = "|".join(re.escape(word) for word in q.split())
     pattern = re.compile(r"(?P<filter>%s)" % q2, re.IGNORECASE)
     regex = r"<span class='highlight_autocomplete'>\g<filter></span>"
     return mark_safe(re.sub(pattern, regex, text))