mailman/rules/approved.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

# Copyright (C) 2007-2009 by the Free Software Foundation, Inc.
#
# This file is part of GNU Mailman.
#
# GNU Mailman is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# GNU Mailman is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along with
# GNU Mailman.  If not, see <http://www.gnu.org/licenses/>.

"""Look for moderator pre-approval."""

from __future__ import absolute_import, unicode_literals

__metaclass__ = type
__all__ = [
    'Approved',
    ]


import re
from email.iterators import typed_subpart_iterator
from zope.interface import implements

from mailman.i18n import _
from mailman.interfaces.rules import IRule


EMPTYSTRING = ''


class Approved:
    """Look for moderator pre-approval."""
    implements(IRule)

    name = 'approved'
    description = _('The message has a matching Approve or Approved header.')
    record = True

    def check(self, mlist, msg, msgdata):
        """See `IRule`."""
        # See if the message has an Approved or Approve header with a valid
        # moderator password.  Also look at the first non-whitespace line in
        # the file to see if it looks like an Approved header.
        missing = object()
        password = msg.get('approved', msg.get('approve', missing))
        if password is missing:
            # Find the first text/plain part in the message
            part = None
            stripped = False
            for part in typed_subpart_iterator(msg, 'text', 'plain'):
                break
            payload = part.get_payload(decode=True)
            if payload is not None:
                lines = payload.splitlines(True)
                for lineno, line in enumerate(lines):
                    if line.strip() <> '':
                        break
                if ':' in line:
                    header, value = line.split(':', 1)
                    if header.lower() in ('approved', 'approve'):
                        password = value.strip()
                        # Now strip the first line from the payload so the
                        # password doesn't leak.
                        del lines[lineno]
                        reset_payload(part, EMPTYSTRING.join(lines))
                        stripped = True
            if stripped:
                # Now try all the text parts in case it's
                # multipart/alternative with the approved line in HTML or
                # other text part.  We make a pattern from the Approved line
                # and delete it from all text/* parts in which we find it.  It
                # would be better to just iterate forward, but email
                # compatability for pre Python 2.2 returns a list, not a true
                # iterator.
                #
                # This will process all the multipart/alternative parts in the
                # message as well as all other text parts.  We shouldn't find
                # the pattern outside the multipart/alternative parts, but if
                # we do, it is probably best to delete it anyway as it does
                # contain the password.
                #
                # Make a pattern to delete.  We can't just delete a line
                # because line of HTML or other fancy text may include
                # additional message text.  This pattern works with HTML.  It
                # may not work with rtf or whatever else is possible.
                pattern = header + ':(\s|&nbsp;)*' + re.escape(password)
                for part in typed_subpart_iterator(msg, 'text'):
                    payload = part.get_payload(decode=True)
                    if payload is not None:
                        if re.search(pattern, payload):
                            reset_payload(part, re.sub(pattern, '', payload))
        else:
            del msg['approved']
            del msg['approve']
        return password is not missing and password == mlist.moderator_password


def reset_payload(part, payload):
    # Set decoded payload maintaining content-type, charset, format and delsp.
    charset = part.get_content_charset() or 'us-ascii'
    content_type = part.get_content_type()
    format = part.get_param('format')
    delsp = part.get_param('delsp')
    del part['content-transfer-encoding']
    del part['content-type']
    part.set_payload(payload, charset)
    part.set_type(content_type)
    if format:
        part.set_param('Format', format)
    if delsp:
        part.set_param('DelSp', delsp)