Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix potential injection vulnerability
  • Loading branch information
martingjaldbaek authored and Eric Fuhrmann committed Aug 9, 2021
1 parent 409c1fd commit 55b5a23
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/combine-prs.yml
Expand Up @@ -106,7 +106,7 @@ jobs:
BRANCHES_TO_COMBINE: ${{ steps.fetch-branch-names.outputs.result }}
COMBINE_BRANCH_NAME: ${{ github.event.inputs.combineBranchName }}
run: |
echo "${{steps.fetch-branch-names.outputs.result}}"
echo "$BRANCHES_TO_COMBINE"
sourcebranches="${BRANCHES_TO_COMBINE%\"}"
sourcebranches="${sourcebranches#\"}"
Expand All @@ -124,10 +124,12 @@ jobs:
# Creates a PR with the new combined branch
- uses: actions/github-script@v3
name: Create Combined Pull Request
env:
PRS_STRING: ${{ steps.fetch-branch-names.outputs.prs-string }}
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const prString = `${{ steps.fetch-branch-names.outputs.prs-string }}`;
const prString = process.env.PRS_STRING;
const body = 'This PR was created by the Combine PRs action by combining the following PRs:\n' + prString;
await github.pulls.create({
owner: context.repo.owner,
Expand Down

0 comments on commit 55b5a23

Please sign in to comment.