Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee

2 files changed, 3 insertions, 3 deletions

diff --git a/app/assets/javascripts/users_select/index.js b/app/assets/javascripts/users_select/index.js
index 69b3c27173f..8ed92e6b948 100644
--- a/app/assets/javascripts/users_select/index.js
+++ b/app/assets/javascripts/users_select/index.js
@@ -842,7 +842,7 @@ UsersSelect.prototype.renderApprovalRules = function (elsClassName, approvalRule
   const [rule] = approvalRules;
   const countText = sprintf(__('(+%{count} rules)'), { count });
   const renderApprovalRulesCount = count > 1 ? `<span class="ml-1">${countText}</span>` : '';
-  const ruleName = rule.rule_type === 'code_owner' ? __('Code Owner') : rule.name;
+  const ruleName = rule.rule_type === 'code_owner' ? __('Code Owner') : escape(rule.name);
 
   return `<div class="gl-display-flex gl-font-sm">
     <span class="gl-text-truncate" title="${ruleName}">${ruleName}</span>
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index d0987492d2d..b979276437c 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -34,13 +34,13 @@ class Projects::ProjectMembersController < Projects::ApplicationController
   end
 
   def import
-    @projects = current_user.authorized_projects.order_id_desc
+    @projects = Project.visible_to_user_and_access_level(current_user, Gitlab::Access::MAINTAINER).order_id_desc
   end
 
   def apply_import
     source_project = Project.find(params[:source_project_id])
 
-    if can?(current_user, :read_project_member, source_project)
+    if can?(current_user, :admin_project_member, source_project)
       status = @project.team.import(source_project, current_user)
       notice = status ? "Successfully imported" : "Import failed"
     else