From 36c8a31d573bdd2edd4c87be63eb8dde20a79761 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 28 Sep 2022 22:00:24 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@15-4-stable-ee

---
 app/services/base_project_service.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'app/services')

diff --git a/app/services/base_project_service.rb b/app/services/base_project_service.rb
index 1bf4a235a79..8cb6b632a9e 100644
--- a/app/services/base_project_service.rb
+++ b/app/services/base_project_service.rb
@@ -7,7 +7,9 @@ class BaseProjectService < ::BaseContainerService
   attr_accessor :project
 
   def initialize(project:, current_user: nil, params: {})
-    super(container: project, current_user: current_user, params: params)
+    # we need to exclude project params since they may come from external requests. project should always
+    # be passed as part of the service's initializer
+    super(container: project, current_user: current_user, params: params.except(:project, :project_id))
 
     @project = project
   end
-- 
cgit v1.2.3