diff options
-rw-r--r-- | backend.php | 22 | ||||
-rw-r--r-- | prefs.js | 20 |
2 files changed, 27 insertions, 15 deletions
diff --git a/backend.php b/backend.php index 4645759ea..183cacbcd 100644 --- a/backend.php +++ b/backend.php @@ -2427,12 +2427,10 @@ if ($subop == "editSave") { - $sql_exp = trim($_GET["s"]); - $descr = trim($_GET["d"]); + $sql_exp = trim($_GET["sql_exp"]); + $descr = db_escape_string(trim($_GET["description"])); $label_id = db_escape_string($_GET["id"]); -// print "$sql_exp : $descr : $label_id"; - $result = db_query($link, "UPDATE ttrss_labels SET sql_exp = '$sql_exp', description = '$descr' @@ -2486,6 +2484,8 @@ if (db_num_rows($result) != 0) { + print "<form id=\"label_edit_form\">"; + print "<p><table width=\"100%\" cellspacing=\"0\" class=\"prefLabelList\" id=\"prefLabelList\">"; @@ -2548,12 +2548,18 @@ } else { - print "<td align='center'><input disabled=\"true\" type=\"checkbox\" checked></td>"; + print "<td align='center'><input disabled=\"true\" type=\"checkbox\" checked>"; + + print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">"; + print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">"; + print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">"; + + print "</td>"; - print "<td><input id=\"iedit_expr\" value=\"".$line["sql_exp"]. + print "<td><input class=\"iedit\" name=\"sql_exp\" value=\"".$line["sql_exp"]. "\"></td>"; - print "<td><input id=\"iedit_descr\" value=\"".$line["description"]. + print "<td><input class=\"iedit\" name=\"description\" value=\"".$line["description"]. "\"></td>"; } @@ -2568,6 +2574,8 @@ } print "</table>"; + + print "</form>"; print "<p id=\"labelOpToolbar\">"; @@ -734,11 +734,13 @@ function feedCatEditSave() { function labelTest() { - var sqlexp = document.getElementById("iedit_expr").value; - var descr = document.getElementById("iedit_descr").value; + var form = document.forms['label_edit_form']; + + var sql_exp = form.sql_exp.value; + var description = form.description.value; xmlhttp.open("GET", "backend.php?op=pref-labels&subop=test&expr=" + - param_escape(sqlexp) + "&descr=" + param_escape(descr), true); + param_escape(sql_exp) + "&descr=" + param_escape(description), true); xmlhttp.onreadystatechange=infobox_callback; xmlhttp.send(null); @@ -815,7 +817,7 @@ function labelEditSave() { return } - var sqlexp = document.getElementById("iedit_expr").value; +/* var sqlexp = document.getElementById("iedit_expr").value; var descr = document.getElementById("iedit_descr").value; // notify("Saving label " + sqlexp + ": " + descr); @@ -828,15 +830,17 @@ function labelEditSave() { if (descr.length == 0) { notify("Caption cannot be blank."); return; - } + } */ + + // FIXME: input validation notify("Saving label..."); active_label = false; - xmlhttp.open("GET", "backend.php?op=pref-labels&subop=editSave&id=" + - label + "&s=" + param_escape(sqlexp) + "&d=" + param_escape(descr), - true); + query = Form.serialize("label_edit_form"); + + xmlhttp.open("GET", "backend.php?" + query, true); xmlhttp.onreadystatechange=labellist_callback; xmlhttp.send(null); |