diff --git a/admserv/cgi-src40/htmladmin.c b/admserv/cgi-src40/htmladmin.c
index e79ad82..a294766 100644
--- a/admserv/cgi-src40/htmladmin.c
+++ b/admserv/cgi-src40/htmladmin.c
@@ -981,7 +981,7 @@ int output_topology(AdmldapInfo ldapInfo,
   }
 
 
-  fprintf(stdout, getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_HEADER));
+  fprintf(stdout, "%s", getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_HEADER));
 
   for(domain_entry = ldap_first_entry(server, domain_result);
       domain_entry != NULL;
@@ -1334,7 +1334,7 @@ int output_topology(AdmldapInfo ldapInfo,
 		PR_smprintf_free((char *)log_link);
 	      }
 
-	      fprintf(stdout, getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_FOOTER));
+	      fprintf(stdout, "%s", getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_FOOTER));
 
 	      util_ldap_value_free(vals);
 	    } else {
@@ -1563,7 +1563,7 @@ int main(int argc, char *argv[])
     m = getenv("REQUEST_METHOD");
 
 
-    fprintf(stdout, getResourceString(DBT_MAIN_CONTENT_TYPE));
+    fprintf(stdout, "%s", getResourceString(DBT_MAIN_CONTENT_TYPE));
 
     if(m && !strcmp(m, "GET")) {
 
@@ -1587,15 +1587,15 @@ int main(int argc, char *argv[])
 	   * Load the frames.
 	   */
 
-	  fprintf(stdout, getResourceString(DBT_MAIN_FRAME_HEADER));
+	  fprintf(stdout, "%s", getResourceString(DBT_MAIN_FRAME_HEADER));
 	  fprintf(stdout, "%s", view ? viewparam : "");
-	  fprintf(stdout, getResourceString(DBT_MAIN_FRAME_FOOTER));
+	  fprintf(stdout, "%s", getResourceString(DBT_MAIN_FRAME_FOOTER));
 
        }
        else if(operation && !strcmp(operation, "empty")) {
 
 	 /* Message frame */
-	 fprintf(stdout, getResourceString(DBT_MAIN_MESSAGE_FRAME));
+	 fprintf(stdout, "%s", getResourceString(DBT_MAIN_MESSAGE_FRAME));
        }
        else if(operation && !strcmp(operation, "topframepaint")) {
 	 FILE *html = open_html_file(MY_PAGE);
@@ -1606,11 +1606,11 @@ int main(int argc, char *argv[])
 	 }
        }
        else if(operation && !strcmp(operation, "framepaint")) {
-	 fprintf(stdout, getResourceString(DBT_MAIN_FRAMESET_HEADER));
+	 fprintf(stdout, "%s", getResourceString(DBT_MAIN_FRAMESET_HEADER));
 	 fprintf(stdout, "%s", view ? viewparam : "");
-	 fprintf(stdout, getResourceString(DBT_MAIN_FRAMESET_BODY));
+	 fprintf(stdout, "%s", getResourceString(DBT_MAIN_FRAMESET_BODY));
 	 fprintf(stdout, "%s", view ? viewparam : "");
-	 fprintf(stdout, getResourceString(DBT_MAIN_FRAMESET_FOOTER));
+	 fprintf(stdout, "%s", getResourceString(DBT_MAIN_FRAMESET_FOOTER));
        }
        else if(operation && !strcmp(operation, "viewselect")) {
 	 /*
@@ -1636,7 +1636,7 @@ int main(int argc, char *argv[])
 	 if(server)
 	   selections = get_all_users_views(server, binddn, ldapInfo);
 
-	 fprintf(stdout, getResourceString(DBT_MAIN_BODY_HEADER));
+	 fprintf(stdout, "%s", getResourceString(DBT_MAIN_BODY_HEADER));
 
 	 found=0;
 	 i=0;
@@ -1658,7 +1658,7 @@ int main(int argc, char *argv[])
 
 
 
-	 fprintf(stdout, getResourceString(DBT_MAIN_BODY_FOOTER));
+	 fprintf(stdout, "%s", getResourceString(DBT_MAIN_BODY_FOOTER));
        }
        else {
 
@@ -1741,10 +1741,10 @@ int main(int argc, char *argv[])
 	       count++;
 	     }
 	     if(count == max_count) {
-	       fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
-	       fprintf(stdout, getResourceString(DBT_STOP_SERVER_ERROR));
-	       fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
-	       fprintf(stdout, getResourceString(DBT_MAIN_PAGE_FOOTER));
+	       fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
+	       fprintf(stdout, "%s", getResourceString(DBT_STOP_SERVER_ERROR));
+	       fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
+	       fprintf(stdout, "%s", getResourceString(DBT_MAIN_PAGE_FOOTER));
 	       return 1;
 	     }
 	   }
@@ -1757,10 +1757,10 @@ int main(int argc, char *argv[])
 	       count++;
 	     }
 	     if(count == max_count) {
-	       fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
-	       fprintf(stdout, getResourceString(DBT_START_SERVER_ERROR));
-	       fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
-	       fprintf(stdout, getResourceString(DBT_MAIN_PAGE_FOOTER));
+	       fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
+	       fprintf(stdout, "%s", getResourceString(DBT_START_SERVER_ERROR));
+	       fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
+	       fprintf(stdout, "%s", getResourceString(DBT_MAIN_PAGE_FOOTER));
 	       return 1;
 	     }
 	   }
@@ -1769,7 +1769,7 @@ int main(int argc, char *argv[])
 
 
 output_topology:
-         fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
+         fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
 
 	 rv = output_topology(ldapInfo,
 			      binddn,
@@ -1777,13 +1777,13 @@ output_topology:
 			      view);
 
 	 if(rv == -1) {
-	   fprintf(stdout, getResourceString(DBT_MAIN_LDAP_ERROR));
+	   fprintf(stdout, "%s", getResourceString(DBT_MAIN_LDAP_ERROR));
 	 }
 
-	 fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
+	 fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
        }
 
-       fprintf(stdout, getResourceString(DBT_MAIN_PAGE_FOOTER));
+       fprintf(stdout, "%s", getResourceString(DBT_MAIN_PAGE_FOOTER));
     }
     return 0;
 }
diff --git a/admserv/cgi-src40/stopsrv.c b/admserv/cgi-src40/stopsrv.c
index 780a6d0..436989e 100644
--- a/admserv/cgi-src40/stopsrv.c
+++ b/admserv/cgi-src40/stopsrv.c
@@ -120,7 +120,7 @@ int main(int argc, char *argv[])
     }
     else {
       if(return_format && !strcmp(return_format, "html")) {
-	fprintf(stdout, getResourceString(DBT_UNIX_STOP_FAIL));
+	fprintf(stdout, "%s", getResourceString(DBT_UNIX_STOP_FAIL));
       }
       else {
 	rpt_err(SYSTEM_ERROR,
@@ -170,7 +170,7 @@ int main(int argc, char *argv[])
     }
     else {
       if(return_format && !strcmp(return_format, "html")) {
-	fprintf(stdout, getResourceString(DBT_UNIX_STOP_SUCCESS));
+	fprintf(stdout, "%s", getResourceString(DBT_UNIX_STOP_SUCCESS));
       }
       else {
 	rpt_unknown("Admin server should be shutdown on user request");
diff --git a/admserv/cgi-src40/viewdata.c b/admserv/cgi-src40/viewdata.c
index 25b66c9..7dd5d80 100644
--- a/admserv/cgi-src40/viewdata.c
+++ b/admserv/cgi-src40/viewdata.c
@@ -446,9 +446,9 @@ int main(int argc, char *argv[])
     while(next_html_line(html, line))  {
         if(parse_line(line, NULL))  {
             if(directive_is(line, "SHOW_DATA"))  {
-	      fprintf(stdout, getResourceString(DBT_MAIN_TABLE_HEADER));
+	      fprintf(stdout, "%s", getResourceString(DBT_MAIN_TABLE_HEADER));
 	      output_data(server, sie);
-	      fprintf(stdout, getResourceString(DBT_MAIN_TABLE_FOOTER));
+	      fprintf(stdout, "%s", getResourceString(DBT_MAIN_TABLE_FOOTER));
             } 
             else if(directive_is(line, "ID_TITLE"))  {
 	      char **vals;
diff --git a/admserv/cgi-src40/viewlog.c b/admserv/cgi-src40/viewlog.c
index a47b5cf..e4ec208 100644
--- a/admserv/cgi-src40/viewlog.c
+++ b/admserv/cgi-src40/viewlog.c
@@ -192,7 +192,7 @@ void display_logfiles(char *logdir, char *default_logfile)
         token = strtok(NULL, seps);
       }
     }
-    fprintf(stdout, getResourceString(DBT_DISPLAY_LOGFILE_SELECT_BEGIN));
+    fprintf(stdout, "%s", getResourceString(DBT_DISPLAY_LOGFILE_SELECT_BEGIN));
 
     logfiles = list_directory(logdir, 0);
       
@@ -209,9 +209,9 @@ void display_logfiles(char *logdir, char *default_logfile)
     }
 
     if(!at_least_one)
-      fprintf(stdout, getResourceString(DBT_DISPLAY_LOGFILE_NO_LOG));
+      fprintf(stdout, "%s", getResourceString(DBT_DISPLAY_LOGFILE_NO_LOG));
 
-    fprintf(stdout, getResourceString(DBT_DISPLAY_LOGFILE_SELECT_END));
+    fprintf(stdout, "%s", getResourceString(DBT_DISPLAY_LOGFILE_SELECT_END));
 
 }
 
@@ -458,19 +458,19 @@ int main(int argc, char *argv[])
 
                     PR_snprintf(full_path, sizeof(full_path), "%s%c%s", logdir, FILE_PATHSEP, file);
                     cmd = fopen(full_path, "r");
-                    fprintf(stdout, getResourceString(DBT_MAIN_WIDTH));
+                    fprintf(stdout, "%s", getResourceString(DBT_MAIN_WIDTH));
                     PR_snprintf(tmp, sizeof(tmp), getResourceString(DBT_SUBTITLE), num, file, (str)? getResourceString(DBT_WITH) : "",
                         (str)? str : "");
 
                     fprintf(stdout, (const char*)getResourceString(DBT_MAIN_TABLE), tmp);
 
-                    fprintf(stdout, getResourceString(DBT_MAIN_TABLE_FONT));
+                    fprintf(stdout, "%s", getResourceString(DBT_MAIN_TABLE_FONT));
                     /* begin search */
                     if(cmd) {
                         search_file(cmd, atoi(num), str);
                         fclose(cmd);
                     }
-                    fprintf(stdout, getResourceString(DBT_MAIN_TABLE_FONT_CLOSE));
+                    fprintf(stdout, "%s", getResourceString(DBT_MAIN_TABLE_FONT_CLOSE));
                 } else {
                     fputs(line, stdout);
                 }
diff -u a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
--- a/mod_admserv/mod_admserv.c	2011-10-20 17:18:42.813309296 +0300
+++ b/mod_admserv/mod_admserv.c	2011-10-20 17:16:28.293220230 +0300
@@ -1074,7 +1074,7 @@
 
     return OK;
 bad:
-    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, msg);
+    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "%s", msg);
     if (send_response) {
         return admserv_error_std(r, msg);
     }
@@ -2052,7 +2052,7 @@
 
     msg = apr_psprintf(r->pool, "admserv_host_ip_check: Unauthorized host ip=%s, connection rejected",
                        clientIP);
-    ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, msg);
+    ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "%s", msg);
   
     return admserv_error(r, HTTP_UNAUTHORIZED, msg);
 }