fix: prevent code injection (#4327)

Description --- Prevent code injection from PR titles. How Has This Been Tested? --- I've used `act` to test locally the pull request, with the code injection title.
tari-project · Jul 21, 2022 · 5391938 · 5391938
1 parent 9797c19
commit 5391938
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/pr_title.yml b/.github/workflows/pr_title.yml
@@ -19,4 +19,6 @@ jobs:
           echo "module.exports = {extends: ['@commitlint/config-conventional']}" > commitlint.config.js
       - name: lint
         run: |
-          echo "${{github.event.pull_request.title}}" | commitlint
+          echo "$PR_TITLE" | commitlint
+        env:
+          PR_TITLE: ${{github.event.pull_request.title}}