From a5debe1b2e73b16c613117cd563720fc1822ead3 Mon Sep 17 00:00:00 2001
From: Eddy Filip <eddy.filip@agilebits.com>
Date: Wed, 18 May 2022 12:47:49 +0300
Subject: [PATCH] Improve the way input is processed to avoid command injection

---
 action.yml           |  9 +++++----
 configure/action.yml | 11 ++++++-----
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/action.yml b/action.yml
index 0177386..04fc058 100644
--- a/action.yml
+++ b/action.yml
@@ -10,8 +10,9 @@ inputs:
     default: false
 runs:
   using: composite
-  steps: 
-    - run: |
-        export INPUT_UNSET_PREVIOUS=${{ inputs.unset-previous }}
+  steps:
+    - shell: bash
+      env:
+        INPUT_UNSET_PREVIOUS: ${{ inputs.unset-previous }}
+      run: |
         ${{ github.action_path }}/entrypoint.sh
-      shell: bash
diff --git a/configure/action.yml b/configure/action.yml
index 97a44b4..3ffe2b6 100644
--- a/configure/action.yml
+++ b/configure/action.yml
@@ -8,9 +8,10 @@ inputs:
     description: Token to authenticate to your 1Password Connect instance
 runs:
   using: composite
-  steps: 
-    - run: |
-        export INPUT_CONNECT_HOST=${{ inputs.connect-host }}
-        export INPUT_CONNECT_TOKEN=${{ inputs.connect-token }}
+  steps:
+    - shell: bash
+      env:
+        INPUT_CONNECT_HOST: ${{ inputs.connect-host }}
+        INPUT_CONNECT_TOKEN: ${{ inputs.connect-token }}
+      run: |
         ${{ github.action_path }}/entrypoint.sh
-      shell: bash