diff options
| -rw-r--r-- | Mailman/MailList.py | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/Mailman/MailList.py b/Mailman/MailList.py index 541d12d3..3ad50e42 100644 --- a/Mailman/MailList.py +++ b/Mailman/MailList.py @@ -315,6 +315,7 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin, self.send_goodbye_msg = mm_cfg.DEFAULT_SEND_GOODBYE_MSG self.bounce_matching_headers = \ mm_cfg.DEFAULT_BOUNCE_MATCHING_HEADERS + self.header_filter_rules = [] self.anonymous_list = mm_cfg.DEFAULT_ANONYMOUS_LIST internalname = self.internal_name() self.real_name = internalname[0].upper() + internalname[1:] @@ -1077,14 +1078,14 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin, # Confirmation processing # def ProcessConfirmation(self, cookie, context=None): - data = Pending.confirm(cookie) - if data is None: - raise Errors.MMBadConfirmation, 'data is None' + rec = Pending.confirm(cookie) + if rec is None: + raise Errors.MMBadConfirmation, 'No cookie record for %s' % cookie try: - op = data[0] - data = data[1:] + op = rec[0] + data = rec[1:] except ValueError: - raise Errors.MMBadConfirmation, 'op-less data %s' % (data,) + raise Errors.MMBadConfirmation, 'op-less data %s' % (rec,) if op == Pending.SUBSCRIPTION: whence = 'via email confirmation' try: @@ -1141,8 +1142,10 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin, approved = None # Confirmation should be coming from email, where context should # be the confirming message. If the message does not have an - # Approved: header, this is a discard, otherwise it's an approval - # (if the passwords match). + # Approved: header, this is a discard. If it has an Approved: + # header that does not match the list password, then we'll notify + # the list administrator that they used the wrong password. + # Otherwise it's an approval. if isinstance(context, Message.Message): # See if it's got an Approved: header, either in the headers, # or in the first text/plain section of the response. For @@ -1156,7 +1159,7 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin, subpart = None if subpart: s = StringIO(subpart.get_payload()) - while 1: + while True: line = s.readline() if not line: break @@ -1169,11 +1172,19 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin, # then approved = line[i+1:].strip() break - # Okay, does the approved header match the list password? - if approved and self.Authenticate([mm_cfg.AuthListAdmin, - mm_cfg.AuthListModerator], - approved) <> mm_cfg.UnAuthorized: - action = mm_cfg.APPROVE + # Is there an approved header? + if approved is not None: + # Does it match the list password? Note that we purposefully + # do not allow the site password here. + if self.Authenticate([mm_cfg.AuthListAdmin, + mm_cfg.AuthListModerator], + approved) <> mm_cfg.UnAuthorized: + action = mm_cfg.APPROVE + else: + # The password didn't match. Re-pend the message and + # inform the list moderators about the problem. + Pending.repend(cookie, rec) + raise Errors.MMBadPasswordError else: action = mm_cfg.DISCARD try: @@ -1187,6 +1198,8 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin, member = data[1] self.setDeliveryStatus(member, MemberAdaptor.ENABLED) return op, member + else: + assert 0, 'Bad op: %s' % op def ConfirmUnsubscription(self, addr, lang=None, remote=None): if lang is None: |