diff --git a/7.3.146 b/7.3.146
new file mode 100644
index 0000000..0a7390c
--- /dev/null
+++ b/7.3.146
@@ -0,0 +1,224 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.3.146
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.3.146
+Problem: It's possible to assign to a read-only member of a dict.
+ It's possible to create a global variable "0". (ZyX)
+ It's possible to add a v: variable with ":let v:.name = 1".
+Solution: Add check for dict item being read-only.
+ Check the name of g: variables.
+ Disallow adding v: variables.
+Files: src/eval.c
+
+
+*** ../vim-7.3.145/src/eval.c 2011-02-01 13:48:47.000000000 +0100
+--- src/eval.c 2011-03-27 15:56:44.000000000 +0200
+***************
+*** 789,794 ****
+--- 789,796 ----
+ static void set_var __ARGS((char_u *name, typval_T *varp, int copy));
+ static int var_check_ro __ARGS((int flags, char_u *name));
+ static int var_check_fixed __ARGS((int flags, char_u *name));
++ static int var_check_func_name __ARGS((char_u *name, int new_var));
++ static int valid_varname __ARGS((char_u *varname));
+ static int tv_check_lock __ARGS((int lock, char_u *name));
+ static int item_copy __ARGS((typval_T *from, typval_T *to, int deep, int copyID));
+ static char_u *find_option_end __ARGS((char_u **arg, int *opt_flags));
+***************
+*** 2716,2723 ****
+--- 2718,2744 ----
+ lp->ll_list = NULL;
+ lp->ll_dict = lp->ll_tv->vval.v_dict;
+ lp->ll_di = dict_find(lp->ll_dict, key, len);
++
++ /* When assigning to g: check that a function and variable name is
++ * valid. */
++ if (rettv != NULL && lp->ll_dict == &globvardict)
++ {
++ if (rettv->v_type == VAR_FUNC
++ && var_check_func_name(key, lp->ll_di == NULL))
++ return NULL;
++ if (!valid_varname(key))
++ return NULL;
++ }
++
+ if (lp->ll_di == NULL)
+ {
++ /* Can't add "v:" variable. */
++ if (lp->ll_dict == &vimvardict)
++ {
++ EMSG2(_(e_illvar), name);
++ return NULL;
++ }
++
+ /* Key does not exist in dict: may need to add it. */
+ if (*p == '[' || *p == '.' || unlet)
+ {
+***************
+*** 2737,2742 ****
+--- 2758,2767 ----
+ p = NULL;
+ break;
+ }
++ /* existing variable, need to check if it can be changed */
++ else if (var_check_ro(lp->ll_di->di_flags, name))
++ return NULL;
++
+ if (len == -1)
+ clear_tv(&var1);
+ lp->ll_tv = &lp->ll_di->di_tv;
+***************
+*** 19786,19792 ****
+ dictitem_T *v;
+ char_u *varname;
+ hashtab_T *ht;
+- char_u *p;
+
+ ht = find_var_ht(name, &varname);
+ if (ht == NULL || *varname == NUL)
+--- 19811,19816 ----
+***************
+*** 19796,19820 ****
+ }
+ v = find_var_in_ht(ht, varname, TRUE);
+
+! if (tv->v_type == VAR_FUNC)
+! {
+! if (!(vim_strchr((char_u *)"wbs", name[0]) != NULL && name[1] == ':')
+! && !ASCII_ISUPPER((name[0] != NUL && name[1] == ':')
+! ? name[2] : name[0]))
+! {
+! EMSG2(_("E704: Funcref variable name must start with a capital: %s"), name);
+! return;
+! }
+! /* Don't allow hiding a function. When "v" is not NULL we might be
+! * assigning another function to the same var, the type is checked
+! * below. */
+! if (v == NULL && function_exists(name))
+! {
+! EMSG2(_("E705: Variable name conflicts with existing function: %s"),
+! name);
+! return;
+! }
+! }
+
+ if (v != NULL)
+ {
+--- 19820,19827 ----
+ }
+ v = find_var_in_ht(ht, varname, TRUE);
+
+! if (tv->v_type == VAR_FUNC && var_check_func_name(name, v == NULL))
+! return;
+
+ if (v != NULL)
+ {
+***************
+*** 19880,19892 ****
+ }
+
+ /* Make sure the variable name is valid. */
+! for (p = varname; *p != NUL; ++p)
+! if (!eval_isnamec1(*p) && (p == varname || !VIM_ISDIGIT(*p))
+! && *p != AUTOLOAD_CHAR)
+! {
+! EMSG2(_(e_illvar), varname);
+! return;
+! }
+
+ v = (dictitem_T *)alloc((unsigned)(sizeof(dictitem_T)
+ + STRLEN(varname)));
+--- 19887,19894 ----
+ }
+
+ /* Make sure the variable name is valid. */
+! if (!valid_varname(varname))
+! return;
+
+ v = (dictitem_T *)alloc((unsigned)(sizeof(dictitem_T)
+ + STRLEN(varname)));
+***************
+*** 19951,19956 ****
+--- 19953,20007 ----
+ }
+
+ /*
++ * Check if a funcref is assigned to a valid variable name.
++ * Return TRUE and give an error if not.
++ */
++ static int
++ var_check_func_name(name, new_var)
++ char_u *name; /* points to start of variable name */
++ int new_var; /* TRUE when creating the variable */
++ {
++ if (!(vim_strchr((char_u *)"wbs", name[0]) != NULL && name[1] == ':')
++ && !ASCII_ISUPPER((name[0] != NUL && name[1] == ':')
++ ? name[2] : name[0]))
++ {
++ EMSG2(_("E704: Funcref variable name must start with a capital: %s"),
++ name);
++ return TRUE;
++ }
++ /* Don't allow hiding a function. When "v" is not NULL we might be
++ * assigning another function to the same var, the type is checked
++ * below. */
++ if (new_var && function_exists(name))
++ {
++ EMSG2(_("E705: Variable name conflicts with existing function: %s"),
++ name);
++ return TRUE;
++ }
++ return FALSE;
++ }
++
++ /*
++ * Check if a variable name is valid.
++ * Return FALSE and give an error if not.
++ */
++ static int
++ valid_varname(varname)
++ char_u *varname;
++ {
++ char_u *p;
++
++ for (p = varname; *p != NUL; ++p)
++ if (!eval_isnamec1(*p) && (p == varname || !VIM_ISDIGIT(*p))
++ && *p != AUTOLOAD_CHAR)
++ {
++ EMSG2(_(e_illvar), varname);
++ return FALSE;
++ }
++ return TRUE;
++ }
++
++ /*
+ * Return TRUE if typeval "tv" is set to be locked (immutable).
+ * Also give an error message, using "name".
+ */
+*** ../vim-7.3.145/src/version.c 2011-03-26 18:32:00.000000000 +0100
+--- src/version.c 2011-03-27 16:01:03.000000000 +0200
+***************
+*** 716,717 ****
+--- 716,719 ----
+ { /* Add new patch number below this line */
++ /**/
++ 146,
+ /**/
+
+--
+ARTHUR: It is I, Arthur, son of Uther Pendragon, from the castle of Camelot.
+ King of all Britons, defeator of the Saxons, sovereign of all England!
+ [Pause]
+SOLDIER: Get away!
+ "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
+/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ an exciting new programming language -- http://www.Zimbu.org ///
+ \\\ help me help AIDS victims -- http://ICCF-Holland.org ///