[Patches] [ python-Patches-633547 ] Plural forms support for gettext
noreply@sourceforge.net
noreply@sourceforge.net
Wed, 06 Nov 2002 14:16:37 -0800
Patches item #633547, was opened at 2002-11-05 00:43
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=633547&group_id=5470
Category: Library (Lib)
Group: Python 2.3
Status: Open
Resolution: None
Priority: 5
Submitted By: Juan David Ibáñez Palomar (jdavid)
Assigned to: Nobody/Anonymous (nobody)
Summary: Plural forms support for gettext
Initial Comment:
Adds support for plural forms to the gettext module.
The test script has been rewritten to use unittest.
----------------------------------------------------------------------
>Comment By: Martin v. Löwis (loewis)
Date: 2002-11-06 23:16
Message:
Logged In: YES
user_id=21627
Just in case the security implications are not clear:
Somebody might put
os.chmod('/etc/passwd',0777)
into a message catalog, and the superuser might run that script.
----------------------------------------------------------------------
Comment By: Juan David Ibáñez Palomar (jdavid)
Date: 2002-11-06 20:04
Message:
Logged In: YES
user_id=17532
I wasn't aware of the security implications, there will
be a new version of the patch sometime between 18 and 30
this month.
I used eval for simplicity and performance reasons, the
lookup in the catalog must be as fast as posible, so the
parsing must be when the MO file is loaded.
I will keep the use of eval, but it will check that 'n'
is the only identifier used and, by the way, I will clean
this part of the patch.
----------------------------------------------------------------------
Comment By: Martin v. Löwis (loewis)
Date: 2002-11-05 10:36
Message:
Logged In: YES
user_id=21627
The patch looks quite good, overall. However, I don't like
the use of eval to generate the plural form function: it is,
in general, a security issue to evaluate a string that you
read from some file.
I would prefer if it parses the string, or uses other
mechanisms to establish "safety": for example, if the only
identifier occurring in the string is 'n', then this would
be a good test. You might want to use
tokenize.generate_tokens for that.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=633547&group_id=5470