Index: ircd-ratbox/bandb/bandb.c
===================================================================
--- ircd-ratbox.orig/bandb/bandb.c	2011-09-27 19:27:46.449677148 +0200
+++ ircd-ratbox/bandb/bandb.c	2011-10-29 21:37:49.576999345 +0200
@@ -261,7 +261,7 @@
 {
 	char buf[256];
 	rb_snprintf(buf, sizeof(buf), "! :%s", errstr);
-	rb_helper_write(bandb_helper, buf);
+	rb_helper_write(bandb_helper, "%s", buf);
 	rb_sleep(2 << 30, 0);
 	exit(1);
 }
Index: ircd-ratbox/modules/core/m_kill.c
===================================================================
--- ircd-ratbox.orig/modules/core/m_kill.c	2011-09-27 19:28:09.360108038 +0200
+++ ircd-ratbox/modules/core/m_kill.c	2011-10-29 21:32:57.600941699 +0200
@@ -101,7 +101,7 @@
 	}
 	if(IsServer(target_p) || IsMe(target_p))
 	{
-		sendto_one_numeric(source_p, ERR_CANTKILLSERVER, form_str(ERR_CANTKILLSERVER));
+		sendto_one_numeric(source_p, ERR_CANTKILLSERVER, "%s", form_str(ERR_CANTKILLSERVER));
 		return 0;
 	}
 
Index: ircd-ratbox/modules/m_info.c
===================================================================
--- ircd-ratbox.orig/modules/m_info.c	2011-09-27 19:28:10.680017642 +0200
+++ ircd-ratbox/modules/m_info.c	2011-10-29 21:33:54.517054293 +0200
@@ -858,7 +858,7 @@
 	{
 		/* safe enough to give this on a local connect only */
 		sendto_one(source_p, form_str(RPL_LOAD2HI), me.name, source_p->name, "INFO");
-		sendto_one_numeric(source_p, RPL_ENDOFINFO, form_str(RPL_ENDOFINFO));
+		sendto_one_numeric(source_p, RPL_ENDOFINFO, "%s", form_str(RPL_ENDOFINFO));
 		return 0;
 	}
 	else
@@ -872,7 +872,7 @@
 	send_info_text(source_p);
 	send_birthdate_online_time(source_p);
 	ClearCork(source_p);
-	sendto_one_numeric(source_p, RPL_ENDOFINFO, form_str(RPL_ENDOFINFO));
+	sendto_one_numeric(source_p, RPL_ENDOFINFO, "%s", form_str(RPL_ENDOFINFO));
 	return 0;
 }
 
@@ -897,7 +897,7 @@
                 }
 		send_birthdate_online_time(source_p);
 		ClearCork(source_p);
-		sendto_one_numeric(source_p, RPL_ENDOFINFO, form_str(RPL_ENDOFINFO));
+		sendto_one_numeric(source_p, RPL_ENDOFINFO, "%s", form_str(RPL_ENDOFINFO));
 	}
 
 	return 0;
Index: ircd-ratbox/modules/m_stats.c
===================================================================
--- ircd-ratbox.orig/modules/m_stats.c	2011-09-27 19:28:12.179914916 +0200
+++ ircd-ratbox/modules/m_stats.c	2011-10-29 21:36:57.476557913 +0200
@@ -226,7 +226,7 @@
 			if((stats_cmd_table[i].need_admin && !IsOperAdmin(source_p)) ||
 			   (stats_cmd_table[i].need_oper && !IsOper(source_p)))
 			{
-				sendto_one_numeric(source_p, ERR_NOPRIVILEGES,
+				sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s",
 						   form_str(ERR_NOPRIVILEGES));
 				break;
 			}
@@ -284,7 +284,7 @@
 	if((ConfigFileEntry.stats_c_oper_only ||
 	    (ConfigServerHide.flatten_links && !IsExemptShide(source_p))) && !IsOper(source_p))
 	{
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 		return;
 	}
 
@@ -358,7 +358,7 @@
 {
 	if(ConfigFileEntry.stats_e_disabled)
 	{
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 		return;
 	}
 
@@ -470,7 +470,7 @@
 	if((ConfigFileEntry.stats_h_oper_only ||
 	    (ConfigServerHide.flatten_links && !IsExemptShide(source_p))) && !IsOper(source_p))
 	{
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 		return;
 	}
 
@@ -498,7 +498,7 @@
 
 	/* Oper only, if unopered, return ERR_NOPRIVS */
 	if((ConfigFileEntry.stats_i_oper_only == 2) && !IsOper(source_p))
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 
 	/* If unopered, Only return matching auth blocks */
 	else if((ConfigFileEntry.stats_i_oper_only == 1) && !IsOper(source_p))
@@ -556,7 +556,7 @@
 
 	/* Oper only, if unopered, return ERR_NOPRIVS */
 	if((ConfigFileEntry.stats_k_oper_only == 2) && !IsOper(source_p))
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 
 	/* If unopered, Only return matching klines */
 	else if((ConfigFileEntry.stats_k_oper_only == 1) && !IsOper(source_p))
@@ -621,7 +621,7 @@
 
 	/* Oper only, if unopered, return ERR_NOPRIVS */
 	if((ConfigFileEntry.stats_k_oper_only == 2) && !IsOper(source_p))
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 
 	/* If unopered, Only return matching klines */
 	else if((ConfigFileEntry.stats_k_oper_only == 1) && !IsOper(source_p))
@@ -708,7 +708,7 @@
 
 	if(!IsOper(source_p) && ConfigFileEntry.stats_o_oper_only)
 	{
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 		return;
 	}
 
@@ -774,7 +774,7 @@
 stats_ports(struct Client *source_p)
 {
 	if(!IsOper(source_p) && ConfigFileEntry.stats_P_oper_only)
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 	else
 		show_ports(source_p);
 }
@@ -1042,7 +1042,7 @@
 
 	if(ConfigServerHide.flatten_links && !IsOper(source_p) && !IsExemptShide(source_p))
 	{
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 		return;
 	}
 
@@ -1115,7 +1115,7 @@
 
 	if(ConfigFileEntry.stats_y_oper_only && !IsOper(source_p))
 	{
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 		return;
 	}
 
@@ -1419,7 +1419,7 @@
 
 	if(ConfigServerHide.flatten_links && !IsOper(source_p) && !IsExemptShide(source_p))
 	{
-		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+		sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 		return;
 	}
 
Index: ircd-ratbox/src/parse.c
===================================================================
--- ircd-ratbox.orig/src/parse.c	2011-10-29 21:28:28.047352095 +0200
+++ ircd-ratbox/src/parse.c	2011-10-29 21:28:43.618288619 +0200
@@ -711,7 +711,7 @@
 int
 m_not_oper(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
 {
-	sendto_one_numeric(source_p, ERR_NOPRIVILEGES, form_str(ERR_NOPRIVILEGES));
+	sendto_one_numeric(source_p, ERR_NOPRIVILEGES, "%s", form_str(ERR_NOPRIVILEGES));
 	return 0;
 }
 
Index: ircd-ratbox/src/s_auth.c
===================================================================
--- ircd-ratbox.orig/src/s_auth.c	2011-09-27 19:28:16.371627836 +0200
+++ ircd-ratbox/src/s_auth.c	2011-10-29 21:30:30.710974279 +0200
@@ -90,7 +90,7 @@
 }
 ReportType;
 
-#define sendheader(c, r) sendto_one(c, HeaderMessages[(r)])
+#define sendheader(c, r) sendto_one(c, "%s", HeaderMessages[(r)])
 
 static rb_dlink_list auth_poll_list;
 static rb_bh *auth_heap;
Index: ircd-ratbox/src/sslproc.c
===================================================================
--- ircd-ratbox.orig/src/sslproc.c	2011-09-27 19:28:16.879593047 +0200
+++ ircd-ratbox/src/sslproc.c	2011-10-29 21:32:04.100595787 +0200
@@ -434,13 +434,13 @@
 			break;
 		case 'I':
 			ircd_ssl_ok = 0;
-			ilog(L_MAIN, cannot_setup_ssl);
-			sendto_realops_flags(UMODE_ALL, L_ALL, cannot_setup_ssl);
+			ilog(L_MAIN, "%s", cannot_setup_ssl);
+			sendto_realops_flags(UMODE_ALL, L_ALL, "%s", cannot_setup_ssl);
 		case 'U':
 			zlib_ok = 0;
 			ircd_ssl_ok = 0;
-			ilog(L_MAIN, no_ssl_or_zlib);
-			sendto_realops_flags(UMODE_ALL, L_ALL, no_ssl_or_zlib);
+			ilog(L_MAIN, "%s", no_ssl_or_zlib);
+			sendto_realops_flags(UMODE_ALL, L_ALL, "%s", no_ssl_or_zlib);
 			ssl_killall();
 			break;
 		case 'z':
