From 7f2ea61925cac1fbf04bbf7dc7c31863ea95006f Mon Sep 17 00:00:00 2001
From: Naor Yaacov <46160459+NaorYaa@users.noreply.github.com>
Date: Wed, 11 Oct 2023 16:57:05 +0300
Subject: [PATCH] Sanitize variable which can be controlled by user input

---
 .github/workflows/issuetracker-webhook.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/issuetracker-webhook.yml b/.github/workflows/issuetracker-webhook.yml
index 414a5aa..0f5fd12 100644
--- a/.github/workflows/issuetracker-webhook.yml
+++ b/.github/workflows/issuetracker-webhook.yml
@@ -20,7 +20,7 @@ jobs:
           echo "Using issue_title: $issue_title"
       - name: Google Chat Notification
         run: |
-            export issue_title=$(echo "${{ github.event.issue.title }}" | sed -e "s/'//g" -e 's/"//g')
+            export issue_title=$(echo "$ISSUE_TITLE" | sed -e "s/'//g" -e 's/"//g')
             curl --location --request POST '${{ secrets.WEBHOOK }}' \
             --header 'Content-Type: application/json; charset=UTF-8' \
             --data "{'text': '[${{ github.event.issue.number }}] ${{ github.event.issue.html_url }} $issue_title (${{ github.event.issue.user.login }})'}"