-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 3/18/2012 3:28 AM, Stephen J. Turnbull wrote:
... Having both one or more Handlers and a special seems like overkill, especially since really one checks the header and the other deletes, completely different functionality. Wouldn't it be better to have a class variable Mlist.approval_headers = ["Approve", "X-Approve"] and have
for h in mlist.approval_headers: if msg[h] == mlist.moderator_password: return True return False
for the chain rule and
for h in mlist.approval_headers: del msg[h]
in a RemoveApprovalHeaders.py pipeline handler?
If that were all that was required, that would be fine. The problem is that we allow approval via a pseudo-header as the first non-blank body line in the first text/plain part of the message, and we have to look for it there and if found, not only remove it from that part, but also from any alternative parts in which it might appear.
It's the removal of this pseudo-header from text/html alternatives that is the hard part. See the comment thread at <https://bugs.launchpad.net/mailman/+bug/266220>.
... I think that more likely the problem will be that people will misspell the header, or use it in list that doesn't support approval-by-header, or grab an incorrect password out of an old message, or whatever.
Incorrect password is not an issue because we remove it anyway. The other things *should* not be a problem because in theory the poster wouldn't use the header if it weren't required, and in that case, the post will be held since it isn't pre-approved. Of course in practice, held posts get approved even if they might leak a password and users do all sorts of things that don't make sense :(
Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32)
iD8DBQFPZiKDVVuXXpU7hpMRAnmWAKD8z234ZKDZGFkAah8jiVW4/Zmd1wCgrtF8 tzWfzmXSJ1uycAo3yeMLpQA= =08Vm -----END PGP SIGNATURE-----