5 files changed, 70 insertions, 17 deletions

diff --git a/src/mailman/docs/NEWS.txt b/src/mailman/docs/NEWS.txt
index 13a6477fd..638d8318c 100644
--- a/src/mailman/docs/NEWS.txt
+++ b/src/mailman/docs/NEWS.txt
@@ -10,7 +10,7 @@ Here is a history of user visible changes to Mailman.
 
 3.0 alpha 6 -- "Cut to the Chase"
 =================================
-(2010-09-07)
+(2010-09-20)
 
 Commands
 --------
@@ -56,6 +56,8 @@ Architecture
 
 Miscellaneous
 -------------
+ * Allow X-Approved and X-Approve headers, equivalent to Approved and
+   Approve. LP: #557750
  * Various test failure fixes.  LP: #543618, LP: #544477
  * List-Post header is retained in MIME digest messages.  LP: #526143
  * Importing from a Mailman 2.1.x list is partially supported.
diff --git a/src/mailman/pipeline/cleanse.py b/src/mailman/pipeline/cleanse.py
index a74a381e8..92e937dd3 100644
--- a/src/mailman/pipeline/cleanse.py
+++ b/src/mailman/pipeline/cleanse.py
@@ -53,6 +53,8 @@ class Cleanse:
         # Remove headers that could contain passwords.
         del msg['approved']
         del msg['approve']
+        del msg['x-approved']
+        del msg['x-approve']
         del msg['urgent']
         # We remove other headers from anonymous lists.
         if mlist.anonymous_list:
diff --git a/src/mailman/pipeline/docs/cleanse.txt b/src/mailman/pipeline/docs/cleanse.txt
index 97fb9d3b4..61dfa8f52 100644
--- a/src/mailman/pipeline/docs/cleanse.txt
+++ b/src/mailman/pipeline/docs/cleanse.txt
@@ -8,18 +8,20 @@ headers can be used to fish for membership.
 
     >>> mlist = create_list('_xtest@example.com')
 
-Headers such as ``Approved``, ``Approve``, and ``Urgent`` are used to grant
-special permissions to individual messages.  All may contain a password; the
-first two headers are used by list administrators to pre-approve a message
-normal held for approval.  The latter header is used to send a regular message
-to all members, regardless of whether they get digests or not.  Because all
-three headers contain passwords, they must be removed from any posted message.
-::
+Headers such as ``Approved``, ``Approve``, (as well as their ``X-`` variants)
+and ``Urgent`` are used to grant special permissions to individual messages.
+All may contain a password; the first two headers are used by list
+administrators to pre-approve a message normal held for approval.  The latter
+header is used to send a regular message to all members, regardless of whether
+they get digests or not.  Because all three headers contain passwords, they
+must be removed from any posted message.  ::
 
     >>> msg = message_from_string("""\
     ... From: aperson@example.com
     ... Approved: foobar
     ... Approve: barfoo
+    ... X-Approved: bazbar
+    ... X-Approve: barbaz
     ... Urgent: notreally
     ... Subject: A message of great import
     ...
diff --git a/src/mailman/rules/approved.py b/src/mailman/rules/approved.py
index f7e62c511..e4a92b0d2 100644
--- a/src/mailman/rules/approved.py
+++ b/src/mailman/rules/approved.py
@@ -34,6 +34,12 @@ from mailman.interfaces.rules import IRule
 
 
 EMPTYSTRING = ''
+HEADERS = [
+    'approve',
+    'approved',
+    'x-approve',
+    'x-approved',
+    ]
 
 
 
@@ -45,13 +51,20 @@ class Approved:
     description = _('The message has a matching Approve or Approved header.')
     record = True
 
+    def _get_password(self, msg, missing):
+        for header in HEADERS:
+            password = msg.get(header, missing)
+            if password is not missing:
+                return password
+        return missing
+
     def check(self, mlist, msg, msgdata):
         """See `IRule`."""
         # See if the message has an Approved or Approve header with a valid
         # moderator password.  Also look at the first non-whitespace line in
         # the file to see if it looks like an Approved header.
         missing = object()
-        password = msg.get('approved', msg.get('approve', missing))
+        password = self._get_password(msg, missing)
         if password is missing:
             # Find the first text/plain part in the message
             part = None
@@ -66,7 +79,7 @@ class Approved:
                         break
                 if ':' in line:
                     header, value = line.split(':', 1)
-                    if header.lower() in ('approved', 'approve'):
+                    if header.lower() in HEADERS:
                         password = value.strip()
                         # Now strip the first line from the payload so the
                         # password doesn't leak.
@@ -99,8 +112,8 @@ class Approved:
                         if re.search(pattern, payload):
                             reset_payload(part, re.sub(pattern, '', payload))
         else:
-            del msg['approved']
-            del msg['approve']
+            for header in HEADERS:
+                del msg[header]
         return password is not missing and password == mlist.moderator_password
 
 
diff --git a/src/mailman/rules/docs/approve.txt b/src/mailman/rules/docs/approve.txt
index 90ef1d33c..3e1206563 100644
--- a/src/mailman/rules/docs/approve.txt
+++ b/src/mailman/rules/docs/approve.txt
@@ -28,8 +28,8 @@ approval or not.
 No approval
 ===========
 
-If the message has no ``Approve:`` or ``Approved:`` header, then the rule does
-not match.
+If the message has no ``Approve:`` or ``Approved:`` header (or their ``X-``
+equivalents), then the rule does not match.
 
     >>> msg = message_from_string("""\
     ... From: aperson@example.com
@@ -39,9 +39,9 @@ not match.
     >>> rule.check(mlist, msg, {})
     False
 
-If the message has an ``Approve:`` or ``Approved:`` header with a value that
-does not match the moderator password, then the rule does not match.  However,
-the header is still removed.
+If the message has an ``Approve:``, ``Approved:``, ``X-Approve:``, or
+``X-Approved:`` header with a value that does not match the moderator
+password, then the rule does not match.  However, the header is still removed.
 ::
 
     >>> msg['Approve'] = '12345'
@@ -58,6 +58,20 @@ the header is still removed.
     None
 
     >>> del msg['approved']
+    >>> msg['X-Approve'] = '12345'
+    >>> rule.check(mlist, msg, {})
+    False
+    >>> print msg['x-approve']
+    None
+
+    >>> del msg['x-approve']
+    >>> msg['X-Approved'] = '12345'
+    >>> rule.check(mlist, msg, {})
+    False
+    >>> print msg['x-approved']
+    None
+
+    >>> del msg['x-approved']
 
 
 Using an approval header
@@ -74,12 +88,32 @@ matches, and the ``Approve:`` header is stripped.
 
 Similarly, for the ``Approved:`` header.
 
+    >>> del msg['approve']
     >>> msg['Approved'] = 'abcxyz'
     >>> rule.check(mlist, msg, {})
     True
     >>> print msg['approved']
     None
 
+The headers ``X-Approve:`` and ``X-Approved:`` are treated the same way.
+::
+
+    >>> del msg['approved']
+    >>> msg['X-Approve'] = 'abcxyz'
+    >>> rule.check(mlist, msg, {})
+    True
+    >>> print msg['x-approve']
+    None
+
+    >>> del msg['x-approve']
+    >>> msg['X-Approved'] = 'abcxyz'
+    >>> rule.check(mlist, msg, {})
+    True
+    >>> print msg['x-approved']
+    None
+
+    >>> del msg['x-approved']
+
 
 Using a pseudo-header
 =====================