Route time_t-to-string conversions via time_print_T and TIME_PRINT_FORMAT.

The previous code just printed time_t directly with "%ld".  Now it
instead first casts to time_print_T (currently long) and then formats
with TIME_PRINT_FORMAT (currently "ld").  So the varargs will now
always match with the format string, even if time_t is longer than
long.  This still doesn't correctly format time_t values larger than
LONG_MAX, though.  But now it is at least easier to find some of the
places that need to be changed to support that.

I located these time_t-to-string conversions by searching for
str_to_time_t, expires, and last_visit.  There are still more places
that assume every interesting time_t value fits either in 32 bits or
in a long, e.g. in the cookie editor and in the ECMAScript interface.

Inspired by bug 6.

src/cookies/cookies.c

@@ -456,9 +456,9 @@ set_cookie(struct uri *uri, unsigned char *str)
 #ifdef DEBUG_COOKIES
 	{
 		DBG("Got cookie %s = %s from %s, domain %s, "
-		      "expires at %d, secure %d", cookie->name,
+		      "expires at %"TIME_PRINT_FORMAT", secure %d", cookie->name,
 		      cookie->value, cookie->server->host, cookie->domain,
-		      cookie->expires, cookie->secure);
+		      (time_print_T) cookie->expires, cookie->secure);
 	}
 #endif
 
@@ -672,8 +672,8 @@ send_cookies(struct uri *uri)
 
 		if (c->expires && c->expires <= now) {
 #ifdef DEBUG_COOKIES
-			DBG("Cookie %s=%s (exp %d) expired.",
-			    c->name, c->value, c->expires);
+			DBG("Cookie %s=%s (exp %"TIME_PRINT_FORMAT") expired.",
+			    c->name, c->value, (time_print_T) c->expires);
 #endif
 			delete_cookie(c);
 
@@ -878,12 +878,12 @@ save_cookies(struct terminal *term) {
 	now = time(NULL);
 	foreach (c, cookies) {
 		if (!c->expires || c->expires <= now) continue;
-		if (secure_fprintf(ssi, "%s\t%s\t%s\t%s\t%s\t%ld\t%d\n",
+		if (secure_fprintf(ssi, "%s\t%s\t%s\t%s\t%s\t%"TIME_PRINT_FORMAT"\t%d\n",
 				   c->name, c->value,
 				   c->server->host,
 				   empty_string_or_(c->path),
 				   empty_string_or_(c->domain),
-				   c->expires, c->secure) < 0)
+				   (time_print_T) c->expires, c->secure) < 0)
 			break;
 	}
 

src/globhist/globhist.c

@@ -393,10 +393,11 @@ write_global_history(void)
 	if (!ssi) return;
 
 	foreachback (history_item, global_history.entries) {
-		if (secure_fprintf(ssi, "%s\t%s\t%ld\n",
+		if (secure_fprintf(ssi, "%s\t%s\t%"TIME_PRINT_FORMAT"\n",
 				   history_item->title,
 				   history_item->url,
-				   history_item->last_visit) < 0) break;
+				   (time_print_T) history_item->last_visit) < 0)
+			break;
 	}
 
 	if (!secure_close(ssi)) global_history.dirty = 0;

src/util/time.h

@@ -19,6 +19,11 @@ typedef long milliseconds_T;
 /* Is using atol() in this way acceptable? It seems
  * non-portable to me; time_t might not be a long. -- Miciah */
 #define str_to_time_t(s) ((time_t) atol(s))
+/* When formatting time_t values to be parsed with str_to_time_t,
+ * we first cast to time_print_T and then printf the result with
+ * TIME_PRINT_FORMAT.  */
+typedef long time_print_T;
+#define TIME_PRINT_FORMAT "ld"
 
 /* Redefine a timeval that has all fields signed so calculations
  * will be simplified on rare systems that define timeval with