- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that

                                  Changelog

Daniel Stenberg (8 Mar 2009)

- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that

  curl didn't use sprintf() in a way that is documented to work in POSIX but

  since we use our own printf() code (from libcurl) that shouldn't be a

  problem. Nonetheless I modified the code to not rely on such particular

  features and to not cause further raised eyebrowse with no good reason.

Daniel Fandrich (5 Mar 2009)

- Expanded the security section of the libcurl-tutorial man page to cover

  more issues for authors to consider when writing robust libcurl-using

This release would not have looked like this without help, code, reports and

advice from friends like these:

 David James, Chris Deidun

 Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert

        Thanks! (and sorry if I forgot to mention someone)

    /* since strtok returns a token for the last word even

       if not ending with DIR_CHAR, we need to prune it */

    if (tempdir2 != NULL) {

      if (strlen(dirbuildup) > 0)

        sprintf(dirbuildup,"%s%s%s",dirbuildup, DIR_CHAR, tempdir);

      size_t dlen = strlen(dirbuildup);

      if (dlen)

        sprintf(&dirbuildup[dlen], "%s%s", DIR_CHAR, tempdir);

      else {

        if (0 != strncmp(outdup, DIR_CHAR, 1))

          sprintf(dirbuildup,"%s",tempdir);

          strcpy(dirbuildup, tempdir);

        else

          sprintf(dirbuildup, "%s%s", DIR_CHAR, tempdir);

      }