--- etc/papd/lp.c	2005/04/28 20:49:49	1.15
+++ etc/papd/lp.c	2008/08/14 20:02:47	1.16
@@ -258,9 +258,9 @@
             destlen -= len;
         }
 
-        /* stuff up to next $ */
+        /* stuff up to next % */
         src = p + 2;
-        p = strchr(src, '$');
+        p = strchr(src, '%');
         len = p ? MIN((size_t)(p - src), destlen) : destlen;
         if (len > 0) {
             strncpy(dest, src, len);

--- etc/papd/lp.c	2008/08/14 20:02:47	1.16
+++ etc/papd/lp.c	2008/08/14 20:18:50	1.17
@@ -212,10 +212,37 @@
 
 #define is_var(a, b) (strncmp((a), (b), 2) == 0)
 
+static size_t quote(char *dest, char *src, const size_t bsize, size_t len)
+{
+size_t used = 0;
+
+    while (len && used < bsize ) {
+        switch (*src) {
+          case '$':
+          case '\\':
+          case '"':
+          case '`':
+            if (used + 2 > bsize )
+              return used;
+            *dest = '\\';
+            dest++;
+            used++;
+            break;
+        }
+        *dest = *src;
+        src++;
+        dest++;
+        len--;
+        used++;
+    }
+    return used;
+}
+
+
 static char* pipexlate(char *src)
 {
     char *p, *q, *dest; 
-    static char destbuf[MAXPATHLEN];
+    static char destbuf[MAXPATHLEN +1];
     size_t destlen = MAXPATHLEN;
     int len = 0;
    
@@ -224,13 +251,15 @@
     if (!src)
 	return NULL;
 
-    strncpy(dest, src, MAXPATHLEN);
-    if ((p = strchr(src, '%')) == NULL) /* nothing to do */
+    memset(dest, 0, MAXPATHLEN +1);
+    if ((p = strchr(src, '%')) == NULL) { /* nothing to do */
+        strncpy(dest, src, MAXPATHLEN);
         return destbuf;
-
-    /* first part of the path. just forward to the next variable. */
+    }
+    /* first part of the path. copy and forward to the next variable. */
     len = MIN((size_t)(p - src), destlen);
     if (len > 0) {
+        strncpy(dest, src, len);
         destlen -= len;
         dest += len;
     }
@@ -246,17 +275,20 @@
             q =  lp.lp_created_for;
         } else if (is_var(p, "%%")) {
             q = "%";
-        } else
-            q = p;
+        } 
 
         /* copy the stuff over. if we don't understand something that we
          * should, just skip it over. */
         if (q) {
-            len = MIN(p == q ? 2 : strlen(q), destlen);
+            len = MIN(strlen(q), destlen);
+            len = quote(dest, q, destlen, len);
+        }
+        else {
+            len = MIN(2, destlen);
             strncpy(dest, q, len);
-            dest += len;
-            destlen -= len;
         }
+        dest += len;
+        destlen -= len;
 
         /* stuff up to next % */
         src = p + 2;
--- etc/papd/lp.c	2009/01/21 02:43:46	1.21
+++ etc/papd/lp.c	2009/01/28 18:03:15	1.22
@@ -217,7 +217,26 @@
           case '$':
           case '\\':
           case '"':
+          case ';':
+          case '&':
+          case '(':
+          case ')':
+          case ' ':
+          case '*':
+          case '#':
+          case '|':
+          case '>':
+          case '<':
+          case '[':
+          case ']':
+          case '{':
+          case '}':
+          case '^':
+          case '?':
+          case '~':
           case '`':
+          case '\x0A':
+          case '\xFF':
             if (used + 2 > bsize )
               return used;
             *dest = '\\';
@@ -247,9 +266,9 @@
     if (!src)
 	return NULL;
 
-    memset(dest, 0, MAXPATHLEN +1);
+    memset(dest, 0, sizeof(destbuf));
     if ((p = strchr(src, '%')) == NULL) { /* nothing to do */
-        strncpy(dest, src, MAXPATHLEN);
+        strncpy(dest, src, sizeof(dest) - 1);
         return destbuf;
     }
     /* first part of the path. copy and forward to the next variable. */
