mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-01-03 14:18:42 +00:00
Code Issues Projects Releases Wiki Activity

only inject private parameters for non-pull requests, for security purposes

Browse source
This commit is contained in:
Brad Rydzewski 2014-02-25 16:48:43 -07:00
parent c0adf459f9
commit 5673c4d2ac
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkg/queue/worker.go
View file

@ -108,8 +108,9 @@ func (w *worker) execute(task *BuildTask) error {
var buf = &bufferWrapper{channel: consoleslug} var buf = &bufferWrapper{channel: consoleslug}
// append private parameters to the environment // append private parameters to the environment
// variable section of the .drone.yml file // variable section of the .drone.yml file, iff
if task.Repo.Params != nil { // this is not a pull request (for security purposes)
if task.Repo.Params != nil && len(task.Commit.PullRequest) == 0 {
for k, v := range task.Repo.Params { for k, v := range task.Repo.Params {
task.Script.Env = append(task.Script.Env, k+"="+v) task.Script.Env = append(task.Script.Env, k+"="+v)
} }