Rewrite CGI.parse with URI.decode_www_form_component

Co-authored-by: Nobuyoshi Nakada <[email protected]>
author: Hiroshi SHIBATA <[email protected]> 2025-04-24 10:14:01 +0900
committer: Hiroshi SHIBATA <[email protected]> 2025-04-24 12:15:11 +0900
commit: f0dda0534be8befd0d6223531f70df8b12ade9cc (patch)
tree: 5f86bc01a619b57dcb55082bb5bbf1f5e3bf5139
parent: a23ce6d3a5c4a52ed302e6d335fd0721f1e38738 (diff)
1 files changed, 10 insertions, 3 deletions
diff --git a/lib/rubygems/gemcutter_utilities/webauthn_listener.rb b/lib/rubygems/gemcutter_utilities/webauthn_listener.rb
index abf65efe37..7a692d9192 100644
--- a/lib/rubygems/gemcutter_utilities/webauthn_listener.rb
+++ b/lib/rubygems/gemcutter_utilities/webauthn_listener.rb
@@ -85,10 +85,17 @@ module Gem::GemcutterUtilities
     end
 
     def parse_otp_from_uri(uri)
-      require "cgi"
+      query = uri.query
+      return unless query && !query.empty?
 
-      return if uri.query.nil?
-      CGI.parse(uri.query).dig("code", 0)
+      query.split('&') do |param|
+        key, value = param.split('=', 2)
+        if value && Gem::URI.decode_www_form_component(key) == "code"
+          return Gem::URI.decode_www_form_component(value)
+        end
+      end
+
+      nil
     end
 
     class SocketResponder
author	Hiroshi SHIBATA <[email protected]>	2025-04-24 10:14:01 +0900
committer	Hiroshi SHIBATA <[email protected]>	2025-04-24 12:15:11 +0900
commit	f0dda0534be8befd0d6223531f70df8b12ade9cc (patch)
tree	5f86bc01a619b57dcb55082bb5bbf1f5e3bf5139
parent	a23ce6d3a5c4a52ed302e6d335fd0721f1e38738 (diff)