Avoid running untrusted input as shell commands in the GitHub Actions - Githubissues

woocommerce / woocommerce-google-analytics-integration

WordPress plugin: Provides the integration between WooCommerce and Google Analytics.

http://wordpress.org/plugins/woocommerce-google-analytics-integration/

170 stars 69 forks source link

Avoid running untrusted input as shell commands in the GitHub Actions #418

Closed eason9487 closed 4 months ago

eason9487 commented 4 months ago

Changes proposed in this Pull Request:

This PR avoids running untrusted input as shell commands in the GitHub Actions.

Ref: https://securitylab.github.com/research/github-actions-untrusted-input/

Checks:

[x] Does your code follow the WordPress coding standards?
[ ] Have you written new tests for your changes, as applicable?
[ ] Have you successfully run tests with your changes locally?
[x] Have you checked to ensure there aren't other open Pull Requests for the same update/change?

Detailed test instructions:

Please refer to the PR https://github.com/woocommerce/google-listings-and-ads/pull/2394 that fixes the same issue.

Changelog entry