--- elog/src/elogd.c.old	2006-09-28 00:36:10.000000000 +0200
+++ elog/src/elogd.c	2006-10-31 22:19:42.000000000 +0100
@@ -4584,7 +4584,7 @@ int el_submit(LOGBOOK * lbs, int message
    sprintf(message + strlen(message), "Attachment: ");
 
    if (afilename) {
-      sprintf(message + strlen(message), afilename[0]);
+      sprintf(message + strlen(message), "%s", afilename[0]);
       for (i = 1; i < MAX_ATTACHMENTS; i++)
          if (afilename[i][0])
             sprintf(message + strlen(message), ",%s", afilename[i]);
@@ -7318,7 +7318,7 @@ void show_standard_title(char *logbook, 
       rsprintf("<a href=\"%s\">\n", str);
 
    if (getcfg(logbook, "Title image", str, sizeof(str)))
-      rsprintf(str);
+      rsprintf("%s", str);
    else
       rsprintf("<img border=0 src=\"elog.png\" alt=\"ELOG logo\" title=\"ELOG logo\">");
 
@@ -7660,10 +7660,14 @@ void send_file_direct(char *file_name)
 
       close(fh);
    } else {
+      char encodedname[256];
       show_html_header(NULL, FALSE, "404 Not Found", TRUE, FALSE, NULL, FALSE);
 
       rsprintf("<body><h1>Not Found</h1>\r\n");
-      rsprintf("The requested file <b>%s</b> was not found on this server<p>\r\n", file_name);
+      rsprintf("The requested file <b>");
+      strencode2(encodedname, file_name, sizeof(encodedname));
+      rsprintf("%s", encodedname);
+      rsprintf("</b> was not found on this server<p>\r\n");
       rsprintf("<hr><address>ELOG version %s</address></body></html>\r\n\r\n", VERSION);
       return_length = strlen_retbuf;
       keep_alive = 0;
@@ -13697,10 +13701,10 @@ void receive_config(LOGBOOK * lbs, char 
 
    if (lbs == NULL) {
       if (!save_config(p, str))
-         rsprintf(str);
+         rsprintf("%s", str);
    } else {
       if (!save_admin_config(lbs->name, p, str))
-         rsprintf(str);
+         rsprintf("%s", str);
    }
 
    xfree(buffer);
@@ -16586,7 +16590,7 @@ void show_rss_feed(LOGBOOK * lbs)
       rsprintf("</description>\n");
 
       rsprintf("<pubDate>\n");
-      rsprintf(date);
+      rsprintf("%s", date);
       rsprintf("</pubDate>\n");
 
       rsprintf("</item>\n");
@@ -18126,7 +18130,7 @@ void show_elog_list(LOGBOOK * lbs, int p
          rsprintf("Attachment: ");
 
          if (attachment[0][0]) {
-            rsprintf(attachment[0]);
+            rsprintf("%s", attachment[0]);
             for (i = 1; i < MAX_ATTACHMENTS; i++)
                if (attachment[i][0])
                   rsprintf(",%s", attachment[i]);
@@ -19336,7 +19340,9 @@ void submit_elog(LOGBOOK * lbs)
                   if (!add_attribute_option(lbs, attr_list[i], getparam(ua), getparam("condition")))
                      return;
                } else {
-                  sprintf(error, loc("Error: Attribute option <b>%s</b> not existing"), getparam(ua));
+                  char encoded[100];
+                  strencode2(encoded, getparam(ua), sizeof(encoded));
+                  sprintf(error, loc("Error: Attribute option <b>%s</b> not existing"), encoded);
                   show_error(error);
                   return;
                }
@@ -21782,7 +21788,7 @@ void show_logbook_node(LBLIST plb, LBLIS
          if (expand) {
 
             if (expand_all)
-               rsprintf(plb->name);
+               rsprintf("%s", plb->name);
             else {
                if (pparent != NULL) {
                   if (getcfg_topgroup())
@@ -21799,7 +21805,7 @@ void show_logbook_node(LBLIST plb, LBLIS
             }
          } else {
             if (expand_all)
-               rsprintf(plb->name);
+               rsprintf("%s", plb->name);
             else {
                if (getcfg_topgroup())
                   rsprintf("<a href=\"%s/?gexp=%s\">+ %s</a> ", getcfg_topgroup(), plb->name, plb->name);
@@ -23920,7 +23926,7 @@ void server_loop(void)
    }
 
    sprintf(str, "Server listening on port %d ...\n", elog_tcp_port);
-   eprintf(str);
+   eprintf("%s", str);
    if (_logging_level > 0)
       write_logfile(NULL, str);