From 5391938c41e5d39cfb57993961a98882887e62bd Mon Sep 17 00:00:00 2001
From: Martin Stefcek <35243812+Cifko@users.noreply.github.com>
Date: Thu, 21 Jul 2022 15:59:03 +0800
Subject: [PATCH] fix: prevent code injection (#4327)

Description
---
Prevent code injection from PR titles.

How Has This Been Tested?
---
I've used `act` to test locally the pull request, with the code injection title.
---
 .github/workflows/pr_title.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pr_title.yml b/.github/workflows/pr_title.yml
index f1266762ee..f2377888b5 100644
--- a/.github/workflows/pr_title.yml
+++ b/.github/workflows/pr_title.yml
@@ -19,4 +19,6 @@ jobs:
           echo "module.exports = {extends: ['@commitlint/config-conventional']}" > commitlint.config.js
       - name: lint
         run: |
-          echo "${{github.event.pull_request.title}}" | commitlint
+          echo "$PR_TITLE" | commitlint
+        env:
+          PR_TITLE: ${{github.event.pull_request.title}}