Update zapier.yml to parse issue title into the env

This prevents potential injection in a run script
OneSignal · Oct 26, 2023 · bbaaf36 · bbaaf36
1 parent 7b2df9d
commit bbaaf36
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/Zapier.yml b/.github/workflows/Zapier.yml
@@ -20,10 +20,12 @@ jobs:
       # Runs a set of commands using the runners shell
       - name: Call Zapier web hook to close Asana task
         if: ${{ !github.event.issue.pull_request }}
+        env:
+          ISSUE_TITLE: ${{ github.event.issue.title }}
         run: |
           curl --location --request POST 'https://hooks.zapier.com/hooks/catch/12728683/b7009qc/' \
           --header 'Content-Type: application/json' \
           --header 'Accept: application/json' \
           --data-raw '{
-            "task_name" : "${{ github.event.issue.title }}"
+            "task_name" : "$ISSUE_TITLE"
           }'