From 1d66f60cb0223b549d87d9e300cea06596f379d5 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Fri, 9 Apr 2010 13:17:07 -0700
Subject: We now accept/remove X-Approved: and X-Approve: headers in addition
 to Approved: and Approve: for pre-approving posts.  Bug ##557750.

---
 Mailman/Handlers/Approve.py | 13 ++++++++++---
 Mailman/Handlers/Cleanse.py |  5 ++++-
 2 files changed, 14 insertions(+), 4 deletions(-)

(limited to 'Mailman')

diff --git a/Mailman/Handlers/Approve.py b/Mailman/Handlers/Approve.py
index 9e7da910..ed85395d 100644
--- a/Mailman/Handlers/Approve.py
+++ b/Mailman/Handlers/Approve.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2009 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -61,7 +61,10 @@ def process(mlist, msg, msgdata):
     # because we want to discourage the practice of sending the site admin
     # password through email in the clear.
     missing = []
-    passwd = msg.get('approved', msg.get('approve', missing))
+    for hdr in ('approved', 'approve', 'x-approved', 'x-approve'):
+        passwd = msg.get(hdr, missing)
+        if passwd is not missing:
+            break
     if passwd is missing:
         # Find the first text/plain part in the message
         part = None
@@ -80,7 +83,11 @@ def process(mlist, msg, msgdata):
             if i >= 0:
                 name = line[:i]
                 value = line[i+1:]
-                if name.lower() in ('approve', 'approved'):
+                if name.lower() in ('approve',
+                                    'approved',
+                                    'x-approve',
+                                    'x-approved',
+                                    ):
                     passwd = value.lstrip()
                     # Now strip the first line from the payload so the
                     # password doesn't leak.
diff --git a/Mailman/Handlers/Cleanse.py b/Mailman/Handlers/Cleanse.py
index b2c9611a..725cb41b 100644
--- a/Mailman/Handlers/Cleanse.py
+++ b/Mailman/Handlers/Cleanse.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2009 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -33,6 +33,9 @@ def process(mlist, msg, msgdata):
     del msg['approved']
     # Remove this one too.
     del msg['approve']
+    # And these too.
+    del msg['x-approved']
+    del msg['x-approve']
     # Also remove this header since it can contain a password
     del msg['urgent']
     # We remove other headers from anonymous lists
-- 
cgit v1.2.3