Christian Heimes added the comment: We don't eval() the whole MO file. It's just the pluralization formula, http://www.gnu.org/software/gettext/manual/gettext.html#index-nplurals_0040r_007b_002c-in-a-PO-file-header_007d-1093
The patch uses ast.NodeVisitor to look for dangerous code. ---------- keywords: +patch Added file: http://bugs.python.org/file30721/18317_gettext.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue18317> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com