Issue 633547: Plural forms support for gettext (original) (raw)

Created on 2002-11-04 23:43 by jdavid, last changed 2022-04-10 16:05 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
gettext.tgz jdavid,2002-11-04 23:44 Tarball with unified diffs for gettext.py and test_gettext.py
gettext.diff jdavid,2002-11-20 22:49 Patch that adds plural forms support to gettext
test_gettext.diff jdavid,2002-11-20 22:51 Patch for test_gettext.py, uses unittest and adds new test cases
Messages (6)
msg41561 - (view) Author: Juan David Ibáñez Palomar (jdavid) Date: 2002-11-04 23:43
Adds support for plural forms to the gettext module. The test script has been rewritten to use unittest.
msg41562 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2002-11-05 09:36
Logged In: YES user_id=21627 The patch looks quite good, overall. However, I don't like the use of eval to generate the plural form function: it is, in general, a security issue to evaluate a string that you read from some file. I would prefer if it parses the string, or uses other mechanisms to establish "safety": for example, if the only identifier occurring in the string is 'n', then this would be a good test. You might want to use tokenize.generate_tokens for that.
msg41563 - (view) Author: Juan David Ibáñez Palomar (jdavid) Date: 2002-11-06 19:04
Logged In: YES user_id=17532 I wasn't aware of the security implications, there will be a new version of the patch sometime between 18 and 30 this month. I used eval for simplicity and performance reasons, the lookup in the catalog must be as fast as posible, so the parsing must be when the MO file is loaded. I will keep the use of eval, but it will check that 'n' is the only identifier used and, by the way, I will clean this part of the patch.
msg41564 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2002-11-06 22:16
Logged In: YES user_id=21627 Just in case the security implications are not clear: Somebody might put os.chmod('/etc/passwd',0777) into a message catalog, and the superuser might run that script.
msg41565 - (view) Author: Juan David Ibáñez Palomar (jdavid) Date: 2002-11-20 22:56
Logged In: YES user_id=17532 New version of the patch available, used lazy approach, just added a security check and a test case for it.
msg41566 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2002-11-22 07:51
Logged In: YES user_id=21627 Thanks for the patch. Applied as libgettext.tex 1.13 gettext.py 1.16 test_gettext.py 1.11 test_gettext delete ACKS 1.216 NEWS 1.531
History
Date User Action Args
2022-04-10 16:05:49 admin set github: 37415
2002-11-04 23:43:05 jdavid create