2 files changed, 27 insertions, 15 deletions

diff --git a/backend.php b/backend.php
index 4645759ea..183cacbcd 100644
--- a/backend.php
+++ b/backend.php
@@ -2427,12 +2427,10 @@
 
 		if ($subop == "editSave") {
 
-			$sql_exp = trim($_GET["s"]);
-			$descr = trim($_GET["d"]);
+			$sql_exp = trim($_GET["sql_exp"]);
+			$descr = db_escape_string(trim($_GET["description"]));
 			$label_id = db_escape_string($_GET["id"]);
 			
-//			print "$sql_exp : $descr : $label_id";
-			
 			$result = db_query($link, "UPDATE ttrss_labels SET 
 				sql_exp = '$sql_exp', 
 				description = '$descr'
@@ -2486,6 +2484,8 @@
 
 		if (db_num_rows($result) != 0) {
 
+			print "<form id=\"label_edit_form\">";
+
 			print "<p><table width=\"100%\" cellspacing=\"0\" 
 				class=\"prefLabelList\" id=\"prefLabelList\">";
 
@@ -2548,12 +2548,18 @@
 	
 				} else {
 	
-					print "<td align='center'><input disabled=\"true\" type=\"checkbox\" checked></td>";
+					print "<td align='center'><input disabled=\"true\" type=\"checkbox\" checked>";
+
+					print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
+					print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
+					print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
+					
+					print "</td>";
 	
-					print "<td><input id=\"iedit_expr\" value=\"".$line["sql_exp"].
+					print "<td><input class=\"iedit\" name=\"sql_exp\" value=\"".$line["sql_exp"].
 						"\"></td>";
 	
-					print "<td><input id=\"iedit_descr\" value=\"".$line["description"].
+					print "<td><input class=\"iedit\" name=\"description\" value=\"".$line["description"].
 						"\"></td>";							
 				}
 					
@@ -2568,6 +2574,8 @@
 			}
 	
 			print "</table>";
+
+			print "</form>";
 	
 			print "<p id=\"labelOpToolbar\">";
 	
diff --git a/prefs.js b/prefs.js
index 7b1e4f0bb..ec65e8399 100644
--- a/prefs.js
+++ b/prefs.js
@@ -734,11 +734,13 @@ function feedCatEditSave() {
 
 function labelTest() {
 
-	var sqlexp = document.getElementById("iedit_expr").value;
-	var descr = document.getElementById("iedit_descr").value;
+	var form = document.forms['label_edit_form'];
+
+	var sql_exp = form.sql_exp.value;
+	var description = form.description.value;
 
 	xmlhttp.open("GET", "backend.php?op=pref-labels&subop=test&expr=" +
-		param_escape(sqlexp) + "&descr=" + param_escape(descr), true);
+		param_escape(sql_exp) + "&descr=" + param_escape(description), true);
 
 	xmlhttp.onreadystatechange=infobox_callback;
 	xmlhttp.send(null);
@@ -815,7 +817,7 @@ function labelEditSave() {
 		return
 	}
 
-	var sqlexp = document.getElementById("iedit_expr").value;
+/*	var sqlexp = document.getElementById("iedit_expr").value;
 	var descr = document.getElementById("iedit_descr").value;
 
 //	notify("Saving label " + sqlexp + ": " + descr);
@@ -828,15 +830,17 @@ function labelEditSave() {
 	if (descr.length == 0) {
 		notify("Caption cannot be blank.");
 		return;
-	}
+	} */
+
+	// FIXME: input validation
 
 	notify("Saving label...");
 
 	active_label = false;
 
-	xmlhttp.open("GET", "backend.php?op=pref-labels&subop=editSave&id=" +
-		label + "&s=" + param_escape(sqlexp) + "&d=" + param_escape(descr),
-		true);
+	query = Form.serialize("label_edit_form");
+
+	xmlhttp.open("GET", "backend.php?" + query, true);
 		
 	xmlhttp.onreadystatechange=labellist_callback;
 	xmlhttp.send(null);