[Patches] [ python-Patches-633547 ] Plural forms support for gettext
noreply@sourceforge.net
noreply@sourceforge.net
Thu, 21 Nov 2002 23:51:17 -0800
Patches item #633547, was opened at 2002-11-05 00:43
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=633547&group_id=5470
Category: Library (Lib)
Group: Python 2.3
>Status: Closed
>Resolution: Accepted
Priority: 5
Submitted By: Juan David Ibáñez Palomar (jdavid)
Assigned to: Martin v. Löwis (loewis)
Summary: Plural forms support for gettext
Initial Comment:
Adds support for plural forms to the gettext module.
The test script has been rewritten to use unittest.
----------------------------------------------------------------------
>Comment By: Martin v. Löwis (loewis)
Date: 2002-11-22 08:51
Message:
Logged In: YES
user_id=21627
Thanks for the patch. Applied as
libgettext.tex 1.13
gettext.py 1.16
test_gettext.py 1.11
test_gettext delete
ACKS 1.216
NEWS 1.531
----------------------------------------------------------------------
Comment By: Juan David Ibáñez Palomar (jdavid)
Date: 2002-11-20 23:56
Message:
Logged In: YES
user_id=17532
New version of the patch available, used lazy approach,
just added a security check and a test case for it.
----------------------------------------------------------------------
Comment By: Martin v. Löwis (loewis)
Date: 2002-11-06 23:16
Message:
Logged In: YES
user_id=21627
Just in case the security implications are not clear:
Somebody might put
os.chmod('/etc/passwd',0777)
into a message catalog, and the superuser might run that script.
----------------------------------------------------------------------
Comment By: Juan David Ibáñez Palomar (jdavid)
Date: 2002-11-06 20:04
Message:
Logged In: YES
user_id=17532
I wasn't aware of the security implications, there will
be a new version of the patch sometime between 18 and 30
this month.
I used eval for simplicity and performance reasons, the
lookup in the catalog must be as fast as posible, so the
parsing must be when the MO file is loaded.
I will keep the use of eval, but it will check that 'n'
is the only identifier used and, by the way, I will clean
this part of the patch.
----------------------------------------------------------------------
Comment By: Martin v. Löwis (loewis)
Date: 2002-11-05 10:36
Message:
Logged In: YES
user_id=21627
The patch looks quite good, overall. However, I don't like
the use of eval to generate the plural form function: it is,
in general, a security issue to evaluate a string that you
read from some file.
I would prefer if it parses the string, or uses other
mechanisms to establish "safety": for example, if the only
identifier occurring in the string is 'n', then this would
be a good test. You might want to use
tokenize.generate_tokens for that.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=633547&group_id=5470