Merge RubyGems upstream: 56c0bbb69e4506bda7ef7f447dfec5db820df20b

  It fixed the multiple vulnerabilities.
  https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67168 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 5 insertions, 8 deletions

diff --git a/lib/rubygems/commands/owner_command.rb b/lib/rubygems/commands/owner_command.rb
index 9fcabaa9f8..f8e68c48e7 100644
--- a/lib/rubygems/commands/owner_command.rb
+++ b/lib/rubygems/commands/owner_command.rb
@@ -2,9 +2,11 @@
 require 'rubygems/command'
 require 'rubygems/local_remote_options'
 require 'rubygems/gemcutter_utilities'
+require 'rubygems/text'
 
 class Gem::Commands::OwnerCommand < Gem::Command
 
+  include Gem::Text
   include Gem::LocalRemoteOptions
   include Gem::GemcutterUtilities
 
@@ -68,7 +70,7 @@ permission to.
     end
 
     with_response response do |resp|
-      owners = Gem::SafeYAML.load resp.body
+      owners = Gem::SafeYAML.load clean_text(resp.body)
 
       say "Owners for gem: #{name}"
       owners.each do |owner|
@@ -89,11 +91,6 @@ permission to.
     owners.each do |owner|
       begin
         response = send_owner_request(method, name, owner)
-
-        if need_otp? response
-          response = send_owner_request(method, name, owner, true)
-        end
-
         action = method == :delete ? "Removing" : "Adding"
 
         with_response response, "#{action} #{owner}"
@@ -105,11 +102,11 @@ permission to.
 
   private
 
-  def send_owner_request(method, name, owner, use_otp = false)
+  def send_owner_request(method, name, owner)
     rubygems_api_request method, "api/v1/gems/#{name}/owners" do |request|
       request.set_form_data 'email' => owner
       request.add_field "Authorization", api_key
-      request.add_field "OTP", options[:otp] if use_otp
+      request.add_field "OTP", options[:otp] if options[:otp]
     end
   end