[Patches] [ python-Patches-633547 ] Plural forms support for gettext

noreply@sourceforge.net noreply@sourceforge.net
Thu, 21 Nov 2002 23:51:17 -0800


Patches item #633547, was opened at 2002-11-05 00:43
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=633547&group_id=5470

Category: Library (Lib)
Group: Python 2.3
>Status: Closed
>Resolution: Accepted
Priority: 5
Submitted By: Juan David Ibez Palomar (jdavid)
Assigned to: Martin v. Lwis (loewis)
Summary: Plural forms support for gettext

Initial Comment:
Adds support for plural forms to the gettext module.
The test script has been rewritten to use unittest.

----------------------------------------------------------------------

>Comment By: Martin v. Lwis (loewis)
Date: 2002-11-22 08:51

Message:
Logged In: YES 
user_id=21627

Thanks for the patch. Applied as

libgettext.tex 1.13
gettext.py 1.16
test_gettext.py 1.11
test_gettext delete
ACKS 1.216
NEWS 1.531


----------------------------------------------------------------------

Comment By: Juan David Ibez Palomar (jdavid)
Date: 2002-11-20 23:56

Message:
Logged In: YES 
user_id=17532

New version of the patch available, used lazy approach,
just added a security check and a test case for it.

----------------------------------------------------------------------

Comment By: Martin v. Lwis (loewis)
Date: 2002-11-06 23:16

Message:
Logged In: YES 
user_id=21627

Just in case the security implications are not clear:
Somebody might put

os.chmod('/etc/passwd',0777)

into a message catalog, and the superuser might run that script.

----------------------------------------------------------------------

Comment By: Juan David Ibez Palomar (jdavid)
Date: 2002-11-06 20:04

Message:
Logged In: YES 
user_id=17532

I wasn't aware of the security implications, there will
be a new version of the patch sometime between 18 and 30
this month.

I used eval for simplicity and performance reasons, the
lookup in the catalog must be as fast as posible, so the
parsing must be when the MO file is loaded.

I will keep the use of eval, but it will check that 'n'
is the only identifier used and, by the way, I will clean
this part of the patch.

----------------------------------------------------------------------

Comment By: Martin v. Lwis (loewis)
Date: 2002-11-05 10:36

Message:
Logged In: YES 
user_id=21627

The patch looks quite good, overall. However, I don't like
the use of eval to generate the plural form function: it is,
in general, a security issue to evaluate a string that you
read from some file.

I would prefer if it parses the string, or uses other
mechanisms to establish "safety": for example, if the only
identifier occurring in the string is 'n', then this would
be a good test. You might want to use
tokenize.generate_tokens for that.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=633547&group_id=5470