Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42

1 files changed, 9 insertions, 7 deletions

diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index d8ba7e4f235..8be7af3e2c5 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -10,29 +10,31 @@ class Projects::RawController < Projects::ApplicationController
 
   prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:blob) }
 
+  before_action :set_ref_and_path
   before_action :require_non_empty_project
   before_action :authorize_download_code!
   before_action :show_rate_limit, only: [:show], unless: :external_storage_request?
-  before_action :assign_ref_vars
   before_action :redirect_to_external_storage, only: :show, if: :static_objects_external_storage_enabled?
 
   feature_category :source_code_management
 
   def show
-    @blob = @repository.blob_at(@commit.id, @path)
+    @blob = @repository.blob_at(@ref, @path)
 
     send_blob(@repository, @blob, inline: (params[:inline] != 'false'), allow_caching: @project.public?)
   end
 
   private
 
-  def show_rate_limit
+  def set_ref_and_path
     # This bypasses assign_ref_vars to avoid a Gitaly FindCommit lookup.
-    # When rate limiting, we really don't care if a different commit is
-    # being requested.
-    _ref, path = extract_ref(get_id)
+    # We don't need to find the commit to either rate limit or send the
+    # blob.
+    @ref, @path = extract_ref(get_id)
+  end
 
-    if rate_limiter.throttled?(:show_raw_controller, scope: [@project, path], threshold: raw_blob_request_limit)
+  def show_rate_limit
+    if rate_limiter.throttled?(:show_raw_controller, scope: [@project, @path], threshold: raw_blob_request_limit)
       rate_limiter.log_request(request, :raw_blob_request_limit, current_user)
 
       render plain: _('You cannot access the raw file. Please wait a minute.'), status: :too_many_requests