From 59cecade128686dacdfa0a7afa1c538946269aac Mon Sep 17 00:00:00 2001
From: Mathias Kraus <elboberido@m-hias.de>
Date: Tue, 3 Dec 2024 14:02:20 +0100
Subject: [PATCH] test

---
 .github/workflows/build-test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
index 391b2978..52e8baba 100644
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
@@ -6,18 +6,18 @@ on:
   pull_request:
     branches: [ main, release* ]
 
-# env:
-  # RUSTFLAGS: "-C debug-assertions"
+env:
+  PR_TITLE: ${{ github.event.pull_request.title }} # NOTE: this is used to prevent script injection attacks when used directly in "run"
 
 jobs:
   check_wip_pr:
     runs-on: ubuntu-latest
     steps:
       - name : Print Title of PR
-        run: echo The Title of your PR is "${{ github.event.pull_request.title }}"
+        run: echo The Title of your PR is "${PR_TITLE}"
 
       - name: Check for WIP Marker
-        if: startsWith(github.event.pull_request.title, '[WIP]')
+        if: startsWith(${PR_TITLE}, '[WIP]')
         run: |
             echo "PR is work in progress -> Aborting CI"
             exit 1