Fix string injection vulnerability on CI

emilk · emilk · commit 6f60b4a78afb · 2026-03-17T16:42:35.000+01:00
diff --git a/.github/workflows/enforce_branch_name.yml b/.github/workflows/enforce_branch_name.yml
@@ -9,11 +9,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check PR source branch
+        env:
+          IS_FORK: ${{ github.event.pull_request.head.repo.fork }}
+          HEAD_REF: ${{ github.event.pull_request.head.ref }}
         run: |
           # Check if PR is from a fork
-          if [[ "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then
+          if [[ "${IS_FORK}" == "true" ]]; then
             # Check if PR is from the master/main branch of a fork
-            if [[ "${{ github.event.pull_request.head.ref }}" == "master" || "${{ github.event.pull_request.head.ref }}" == "main" ]]; then
+            if [[ "${HEAD_REF}" == "master" || "${HEAD_REF}" == "main" ]]; then
               echo "ERROR: Pull requests from the master/main branch of forks are not allowed, because it prevents maintainers from contributing to your PR"
               echo "Please create a feature branch in your fork and submit the PR from that branch instead."
               exit 1
