diff --git a/cl_dll/ammo.cpp b/cl_dll/ammo.cpp
index a5a8f85..377c53f 100644
--- a/cl_dll/ammo.cpp
+++ b/cl_dll/ammo.cpp
@@ -643,7 +643,8 @@ bool CHudAmmo::MsgFunc_WeaponList(const char* pszName, int iSize, void* pbuf)
 
 	WEAPON Weapon;
 
-	strcpy(Weapon.szName, READ_STRING());
+	strncpy(Weapon.szName, READ_STRING(), MAX_WEAPON_NAME);
+	Weapon.szName[sizeof(Weapon.szName) - 1] = '\0';
 	Weapon.iAmmoType = (int)READ_CHAR();
 
 	Weapon.iMax1 = READ_BYTE();
diff --git a/cl_dll/hud_spectator.cpp b/cl_dll/hud_spectator.cpp
index ca395c8..f0e9ae4 100644
--- a/cl_dll/hud_spectator.cpp
+++ b/cl_dll/hud_spectator.cpp
@@ -209,7 +209,8 @@ void UTIL_StringToVector(float* pVector, const char* pString)
 	char *pstr, *pfront, tempString[128];
 	int j;
 
-	strcpy(tempString, pString);
+	strncpy(tempString, pString, sizeof(tempString));
+	tempString[sizeof(tempString) - 1] = '\0';
 	pstr = pfront = tempString;
 
 	for (j = 0; j < 3; j++)
diff --git a/cl_dll/inputw32.cpp b/cl_dll/inputw32.cpp
index fe01761..2f8e725 100644
--- a/cl_dll/inputw32.cpp
+++ b/cl_dll/inputw32.cpp
@@ -711,7 +711,7 @@ void IN_StartupJoystick()
 
 					// mark the joystick as available and advanced initialization not completed
 					// this is needed as cvars are not available during initialization
-					gEngfuncs.Con_Printf("joystick found\n\n", SDL_GameControllerName(s_pJoystick));
+					gEngfuncs.Con_Printf("joystick found %s\n\n", SDL_GameControllerName(s_pJoystick));
 					joy_avail = true;
 					joy_advancedinit = false;
 					break;
diff --git a/cl_dll/message.cpp b/cl_dll/message.cpp
index 8eca2e9..fea6044 100644
--- a/cl_dll/message.cpp
+++ b/cl_dll/message.cpp
@@ -285,7 +285,7 @@ void CHudMessage::MessageDrawScan(client_textmessage_t* pMessage, float time)
 	{
 		m_parms.lineLength = 0;
 		m_parms.width = 0;
-		while ('\0' != *pText && *pText != '\n')
+		while ('\0' != *pText && *pText != '\n' && m_parms.lineLength < ARRAYSIZE(line) - 1)
 		{
 			unsigned char c = *pText;
 			line[m_parms.lineLength] = c;
diff --git a/cl_dll/text_message.cpp b/cl_dll/text_message.cpp
index 6c5e039..6d981fc 100644
--- a/cl_dll/text_message.cpp
+++ b/cl_dll/text_message.cpp
@@ -223,7 +223,7 @@ bool CHudTextMessage::MsgFunc_TextMsg(const char* pszName, int iSize, void* pbuf
 
 	case HUD_PRINTNOTIFY:
 		psz[0] = 1; // mark this message to go into the notify buffer
-		safe_sprintf(psz + 1, MSG_BUF_SIZE, msg_text, sstr1, sstr2, sstr3, sstr4);
+		safe_sprintf(psz + 1, MSG_BUF_SIZE - 1, msg_text, sstr1, sstr2, sstr3, sstr4);
 		ConsolePrint(ConvertCRtoNL(psz));
 		break;
 
diff --git a/dlls/client.cpp b/dlls/client.cpp
index 4810787..597f1b4 100644
--- a/dlls/client.cpp
+++ b/dlls/client.cpp
@@ -604,6 +604,13 @@ void ClientCommand(edict_t* pEntity)
 		// max total length is 192 ...and we're adding a string below ("Unknown command: %s\n")
 		strncpy(command, pcmd, 127);
 		command[127] = '\0';
+		// First parse the name and remove any %'s
+		for (char* pApersand = command; pApersand != NULL && *pApersand != 0; pApersand++)
+		{
+			// Replace it with a space
+			if (*pApersand == '%')
+				*pApersand = ' ';
+		}
 
 		// tell the user they entered an unknown command
 		ClientPrint(&pEntity->v, HUD_PRINTCONSOLE, UTIL_VarArgs("Unknown command: %s\n", command));
diff --git a/dlls/maprules.cpp b/dlls/maprules.cpp
index c97f3f6..ccbfff3 100644
--- a/dlls/maprules.cpp
+++ b/dlls/maprules.cpp
@@ -808,7 +808,7 @@ bool CGamePlayerEquip::KeyValue(KeyValueData* pkvd)
 		{
 			char tmp[128];
 
-			UTIL_StripToken(pkvd->szKeyName, tmp);
+			UTIL_StripToken(pkvd->szKeyName, tmp, sizeof(tmp));
 
 			m_weaponNames[i] = ALLOC_STRING(tmp);
 			m_weaponCount[i] = atoi(pkvd->szValue);
diff --git a/dlls/multiplay_gamerules.cpp b/dlls/multiplay_gamerules.cpp
index 38d210c..a21e140 100644
--- a/dlls/multiplay_gamerules.cpp
+++ b/dlls/multiplay_gamerules.cpp
@@ -1263,7 +1263,8 @@ bool ReloadMapCycleFile(char* filename, mapcycle_t* cycle)
 			if (strlen(com_token) <= 0)
 				break;
 
-			strcpy(szMap, com_token);
+			strncpy(szMap, com_token, sizeof(szMap));
+			szMap[sizeof(szMap) - 1] = '\0';
 
 			// Any more tokens on this line?
 			if (COM_TokenWaiting(pFileList))
@@ -1272,7 +1273,8 @@ bool ReloadMapCycleFile(char* filename, mapcycle_t* cycle)
 				if (strlen(com_token) > 0)
 				{
 					hasbuffer = true;
-					strcpy(szBuffer, com_token);
+					strncpy(szBuffer, com_token, sizeof(szBuffer));
+					szBuffer[sizeof(szBuffer) - 1] = '\0';
 				}
 			}
 
diff --git a/dlls/triggers.cpp b/dlls/triggers.cpp
index 63cf8e3..d678f45 100644
--- a/dlls/triggers.cpp
+++ b/dlls/triggers.cpp
@@ -329,7 +329,7 @@ bool CMultiManager::KeyValue(KeyValueData* pkvd)
 		{
 			char tmp[128];
 
-			UTIL_StripToken(pkvd->szKeyName, tmp);
+			UTIL_StripToken(pkvd->szKeyName, tmp, sizeof(tmp));
 			m_iTargetName[m_cTargets] = ALLOC_STRING(tmp);
 			m_flTargetDelay[m_cTargets] = atof(pkvd->szValue);
 			m_cTargets++;
diff --git a/dlls/util.cpp b/dlls/util.cpp
index 8d4ab53..f5cafdc 100644
--- a/dlls/util.cpp
+++ b/dlls/util.cpp
@@ -1403,7 +1403,8 @@ void UTIL_StringToVector(float* pVector, const char* pString)
 	char *pstr, *pfront, tempString[128];
 	int j;
 
-	strcpy(tempString, pString);
+	strncpy(tempString, pString, sizeof(tempString));
+	tempString[sizeof(tempString) - 1] = '\0';
 	pstr = pfront = tempString;
 
 	for (j = 0; j < 3; j++) // lifted from pr_edict.c
@@ -1434,7 +1435,8 @@ void UTIL_StringToIntArray(int* pVector, int count, const char* pString)
 	char *pstr, *pfront, tempString[128];
 	int j;
 
-	strcpy(tempString, pString);
+	strncpy(tempString, pString, sizeof(tempString));
+	tempString[sizeof(tempString) - 1] = '\0';
 	pstr = pfront = tempString;
 
 	for (j = 0; j < count; j++) // lifted from pr_edict.c
@@ -1642,11 +1644,11 @@ float UTIL_DotPoints(const Vector& vecSrc, const Vector& vecCheck, const Vector&
 //=========================================================
 // UTIL_StripToken - for redundant keynames
 //=========================================================
-void UTIL_StripToken(const char* pKey, char* pDest)
+void UTIL_StripToken(const char* pKey, char* pDest, int nLen)
 {
 	int i = 0;
 
-	while ('\0' != pKey[i] && pKey[i] != '#')
+	while (i < nLen - 1 && '\0' != pKey[i] && pKey[i] != '#')
 	{
 		pDest[i] = pKey[i];
 		i++;
diff --git a/dlls/util.h b/dlls/util.h
index 0e72a53..0c50107 100644
--- a/dlls/util.h
+++ b/dlls/util.h
@@ -369,7 +369,7 @@ extern void UTIL_LogPrintf(const char* fmt, ...);
 // Sorta like FInViewCone, but for nonmonsters.
 extern float UTIL_DotPoints(const Vector& vecSrc, const Vector& vecCheck, const Vector& vecDir);
 
-extern void UTIL_StripToken(const char* pKey, char* pDest); // for redundant keynames
+extern void UTIL_StripToken(const char* pKey, char* pDest, int nLen); // for redundant keynames
 
 // Misc functions
 extern void SetMovedir(entvars_t* pev);
diff --git a/game_shared/bot/bot_profile.cpp b/game_shared/bot/bot_profile.cpp
index 15eb877..5b24803 100644
--- a/game_shared/bot/bot_profile.cpp
+++ b/game_shared/bot/bot_profile.cpp
@@ -364,7 +364,8 @@ void BotProfileManager::Init( const char *filename, unsigned int *checksum )
 
 			// found attribute name - keep it
 			char attributeName[64];
-			strcpy( attributeName, token );
+			strncpy( attributeName, token, sizeof( attributeName ) - 1 );
+			attributeName[ sizeof( attributeName ) - 1 ] = '\0';
 
 			// eat '='
 			dataFile = SharedParse( dataFile );
diff --git a/game_shared/bot/nav_file.cpp b/game_shared/bot/nav_file.cpp
index b18bc25..53203e4 100644
--- a/game_shared/bot/nav_file.cpp
+++ b/game_shared/bot/nav_file.cpp
@@ -154,6 +154,7 @@ public:
 		{
 			file->Read( &len, sizeof(unsigned short) );
 			file->Read( placeName, len );
+			placeName[ sizeof( placeName ) - 1 ] = '\0';
 
 			AddPlace( TheBotPhrases->NameToID( placeName ) );
 		}
diff --git a/game_shared/shared_util.cpp b/game_shared/shared_util.cpp
index 9032623..360d49f 100644
--- a/game_shared/shared_util.cpp
+++ b/game_shared/shared_util.cpp
@@ -203,7 +203,7 @@ skipwhite:
 	if (c == s_shared_quote)
 	{
 		data++;
-		while (1)
+		while (len < sizeof( s_shared_token ) - 1))
 		{
 			c = *data++;
 			if (c==s_shared_quote || !c)
@@ -217,24 +217,31 @@ skipwhite:
 	}
 
 // parse single characters
-	if (c=='{' || c=='}'|| c==')'|| c=='(' || c=='\'' || c == ',' )
+	if (len < sizeof( s_shared_token ) - 1)
 	{
-		s_shared_token[len] = c;
-		len++;
-		s_shared_token[len] = 0;
-		return data+1;
+		if (c=='{' || c=='}'|| c==')'|| c=='(' || c=='\'' || c == ',' )
+		{
+			s_shared_token[len] = c;
+			len++;
+			s_shared_token[len] = 0;
+			return data+1;
+		}
 	}
 
 // parse a regular word
-	do
+	while (len < sizeof( s_shared_token ) - 1)
 	{
 		s_shared_token[len] = c;
 		data++;
 		len++;
 		c = *data;
-	if (c=='{' || c=='}'|| c==')'|| c=='(' || c=='\'' || c == ',' )
+
+		if (c=='{' || c=='}'|| c==')'|| c=='(' || c=='\'' || c == ',' )
 			break;
-	} while (c>32);
+
+		if (c <= 32)
+			break;
+	}
 	
 	s_shared_token[len] = 0;
 	return data;