Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42

1 files changed, 8 insertions, 4 deletions

diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb
index 1ca35903703..82a13b60b13 100644
--- a/app/controllers/projects/commits_controller.rb
+++ b/app/controllers/projects/commits_controller.rb
@@ -67,11 +67,11 @@ class Projects::CommitsController < Projects::ApplicationController
   def set_commits
     render_404 unless @path.empty? || request.format == :atom || @repository.blob_at(@commit.id, @path) || @repository.tree(@commit.id, @path).entries.present?
 
-    limit = params[:limit].to_i
+    limit = permitted_params[:limit].to_i
     @limit = limit > 0 ? limit : COMMITS_DEFAULT_LIMIT # limit can only ever be a positive number
-    @offset = (params[:offset] || 0).to_i
-    search = params[:search]
-    author = params[:author]
+    @offset = (permitted_params[:offset] || 0).to_i
+    search = permitted_params[:search]
+    author = permitted_params[:author]
 
     @commits =
       if search.present?
@@ -87,4 +87,8 @@ class Projects::CommitsController < Projects::ApplicationController
     @commits = @commits.with_latest_pipeline(@ref)
     @commits = set_commits_for_rendering(@commits)
   end
+
+  def permitted_params
+    params.permit(:limit, :offset, :search, :author)
+  end
 end