Invited user can subscribe to any list (inc private lists)

Currently, the Pending queue maintains no reference to
what mailing list a subscription request is for. This
is encoded in the URL, and isn't a security problem for
subscriptions. However, Invitations are a special sort
of subscription that bypasses the subscription approval
step if the user accepts the invitation. So if a user
munges the URL they are sent from
http://wherever/invited_list/123cookie to
http://whereever/private_list/123cookie, and goes to
that link, they are subscribed to the private list with
no notification to anyone.

Simple solution may be to set userdesc.invited to the
listname rather than just '1', and then when checking
for the invited flag make sure that someone is hacking
the system.

[http://sourceforge.net/tracker/index.php?func=detail&aid=703941&group_id=103&atid=100103]