diff --git a/7.3.146 b/7.3.146
new file mode 100644
index 0000000..0a7390c
--- /dev/null
+++ b/7.3.146
@@ -0,0 +1,224 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.3.146
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.3.146
+Problem:    It's possible to assign to a read-only member of a dict.
+	    It's possible to create a global variable "0". (ZyX)
+            It's possible to add a v: variable with ":let v:.name = 1".
+Solution:   Add check for dict item being read-only.
+	    Check the name of g: variables.
+	    Disallow adding v: variables.
+Files:	    src/eval.c
+
+
+*** ../vim-7.3.145/src/eval.c	2011-02-01 13:48:47.000000000 +0100
+--- src/eval.c	2011-03-27 15:56:44.000000000 +0200
+***************
+*** 789,794 ****
+--- 789,796 ----
+  static void set_var __ARGS((char_u *name, typval_T *varp, int copy));
+  static int var_check_ro __ARGS((int flags, char_u *name));
+  static int var_check_fixed __ARGS((int flags, char_u *name));
++ static int var_check_func_name __ARGS((char_u *name, int new_var));
++ static int valid_varname __ARGS((char_u *varname));
+  static int tv_check_lock __ARGS((int lock, char_u *name));
+  static int item_copy __ARGS((typval_T *from, typval_T *to, int deep, int copyID));
+  static char_u *find_option_end __ARGS((char_u **arg, int *opt_flags));
+***************
+*** 2716,2723 ****
+--- 2718,2744 ----
+  	    lp->ll_list = NULL;
+  	    lp->ll_dict = lp->ll_tv->vval.v_dict;
+  	    lp->ll_di = dict_find(lp->ll_dict, key, len);
++ 
++ 	    /* When assigning to g: check that a function and variable name is
++ 	     * valid. */
++ 	    if (rettv != NULL && lp->ll_dict == &globvardict)
++ 	    {
++ 		if (rettv->v_type == VAR_FUNC
++ 			       && var_check_func_name(key, lp->ll_di == NULL))
++ 		    return NULL;
++ 		if (!valid_varname(key))
++ 		    return NULL;
++ 	    }
++ 
+  	    if (lp->ll_di == NULL)
+  	    {
++ 		/* Can't add "v:" variable. */
++ 		if (lp->ll_dict == &vimvardict)
++ 		{
++ 		    EMSG2(_(e_illvar), name);
++ 		    return NULL;
++ 		}
++ 
+  		/* Key does not exist in dict: may need to add it. */
+  		if (*p == '[' || *p == '.' || unlet)
+  		{
+***************
+*** 2737,2742 ****
+--- 2758,2767 ----
+  		    p = NULL;
+  		break;
+  	    }
++ 	    /* existing variable, need to check if it can be changed */
++ 	    else if (var_check_ro(lp->ll_di->di_flags, name))
++ 		return NULL;
++ 
+  	    if (len == -1)
+  		clear_tv(&var1);
+  	    lp->ll_tv = &lp->ll_di->di_tv;
+***************
+*** 19786,19792 ****
+      dictitem_T	*v;
+      char_u	*varname;
+      hashtab_T	*ht;
+-     char_u	*p;
+  
+      ht = find_var_ht(name, &varname);
+      if (ht == NULL || *varname == NUL)
+--- 19811,19816 ----
+***************
+*** 19796,19820 ****
+      }
+      v = find_var_in_ht(ht, varname, TRUE);
+  
+!     if (tv->v_type == VAR_FUNC)
+!     {
+! 	if (!(vim_strchr((char_u *)"wbs", name[0]) != NULL && name[1] == ':')
+! 		&& !ASCII_ISUPPER((name[0] != NUL && name[1] == ':')
+! 							 ? name[2] : name[0]))
+! 	{
+! 	    EMSG2(_("E704: Funcref variable name must start with a capital: %s"), name);
+! 	    return;
+! 	}
+! 	/* Don't allow hiding a function.  When "v" is not NULL we might be
+! 	 * assigning another function to the same var, the type is checked
+! 	 * below. */
+! 	if (v == NULL && function_exists(name))
+! 	{
+! 	    EMSG2(_("E705: Variable name conflicts with existing function: %s"),
+! 									name);
+! 	    return;
+! 	}
+!     }
+  
+      if (v != NULL)
+      {
+--- 19820,19827 ----
+      }
+      v = find_var_in_ht(ht, varname, TRUE);
+  
+!     if (tv->v_type == VAR_FUNC && var_check_func_name(name, v == NULL))
+! 	return;
+  
+      if (v != NULL)
+      {
+***************
+*** 19880,19892 ****
+  	}
+  
+  	/* Make sure the variable name is valid. */
+! 	for (p = varname; *p != NUL; ++p)
+! 	    if (!eval_isnamec1(*p) && (p == varname || !VIM_ISDIGIT(*p))
+! 						       && *p != AUTOLOAD_CHAR)
+! 	    {
+! 		EMSG2(_(e_illvar), varname);
+! 		return;
+! 	    }
+  
+  	v = (dictitem_T *)alloc((unsigned)(sizeof(dictitem_T)
+  							  + STRLEN(varname)));
+--- 19887,19894 ----
+  	}
+  
+  	/* Make sure the variable name is valid. */
+! 	if (!valid_varname(varname))
+! 	    return;
+  
+  	v = (dictitem_T *)alloc((unsigned)(sizeof(dictitem_T)
+  							  + STRLEN(varname)));
+***************
+*** 19951,19956 ****
+--- 19953,20007 ----
+  }
+  
+  /*
++  * Check if a funcref is assigned to a valid variable name.
++  * Return TRUE and give an error if not.
++  */
++     static int
++ var_check_func_name(name, new_var)
++     char_u *name;    /* points to start of variable name */
++     int    new_var;  /* TRUE when creating the variable */
++ {
++     if (!(vim_strchr((char_u *)"wbs", name[0]) != NULL && name[1] == ':')
++ 	    && !ASCII_ISUPPER((name[0] != NUL && name[1] == ':')
++ 						     ? name[2] : name[0]))
++     {
++ 	EMSG2(_("E704: Funcref variable name must start with a capital: %s"),
++ 									name);
++ 	return TRUE;
++     }
++     /* Don't allow hiding a function.  When "v" is not NULL we might be
++      * assigning another function to the same var, the type is checked
++      * below. */
++     if (new_var && function_exists(name))
++     {
++ 	EMSG2(_("E705: Variable name conflicts with existing function: %s"),
++ 								    name);
++ 	return TRUE;
++     }
++     return FALSE;
++ }
++ 
++ /*
++  * Check if a variable name is valid.
++  * Return FALSE and give an error if not.
++  */
++     static int
++ valid_varname(varname)
++     char_u *varname;
++ {
++     char_u *p;
++ 
++     for (p = varname; *p != NUL; ++p)
++ 	if (!eval_isnamec1(*p) && (p == varname || !VIM_ISDIGIT(*p))
++ 						   && *p != AUTOLOAD_CHAR)
++ 	{
++ 	    EMSG2(_(e_illvar), varname);
++ 	    return FALSE;
++ 	}
++     return TRUE;
++ }
++ 
++ /*
+   * Return TRUE if typeval "tv" is set to be locked (immutable).
+   * Also give an error message, using "name".
+   */
+*** ../vim-7.3.145/src/version.c	2011-03-26 18:32:00.000000000 +0100
+--- src/version.c	2011-03-27 16:01:03.000000000 +0200
+***************
+*** 716,717 ****
+--- 716,719 ----
+  {   /* Add new patch number below this line */
++ /**/
++     146,
+  /**/
+
+-- 
+ARTHUR: It is I, Arthur, son of Uther Pendragon, from the castle of Camelot.
+        King of all Britons, defeator of the Saxons, sovereign of all England!
+   [Pause]
+SOLDIER: Get away!
+                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///