use POST parameters for frontend requests

2025-12-13 21:45:55 +00:00 · 2009-12-29 18:49:27 +03:00
parent 12e55b9017
commit b4e75b2a25
18 changed files with 412 additions and 350 deletions
--- a/api/index.php
+++ b/api/index.php
@@ -269,7 +269,7 @@
 			break;
 		case "updateArticle":
-			$article_id = (int) db_escape_string($_GET["article_id"]);
+			$article_id = (int) db_escape_string($_REQUEST["article_id"]);
 			$mode = (int) db_escape_string($_REQUEST["mode"]);
 			$field_raw = (int)db_escape_string($_REQUEST["field"]);
--- a/backend.php
+++ b/backend.php
@@ -4,7 +4,7 @@
 	/* remove ill effects of magic quotes */
 	if (get_magic_quotes_gpc()) {
-		$_GET = array_map('stripslashes', $_GET);
+		$_REQUEST = array_map('stripslashes', $_REQUEST);
 		$_POST = array_map('stripslashes', $_POST);
 		$_REQUEST = array_map('stripslashes', $_REQUEST);
 		$_COOKIE = array_map('stripslashes', $_COOKIE);
@@ -13,7 +13,7 @@
 	require_once "sessions.php";
 	require_once "modules/backend-rpc.php";
-/*	if ($_GET["debug"]) {
+/*	if ($_REQUEST["debug"]) {
 		define('DEFAULT_ERROR_LEVEL', E_ALL);
 	} else {
 		define('DEFAULT_ERROR_LEVEL', E_ERROR | E_WARNING | E_PARSE);
@@ -159,9 +159,9 @@
 				ob_start("ob_gzhandler");
 			}
-			$tags = $_GET["tags"];
+			$tags = $_REQUEST["tags"];
-			$subop = $_GET["subop"];
+			$subop = $_REQUEST["subop"];
 			switch($subop) {
 				case "catchupAll":
@@ -172,7 +172,7 @@
 				break;
 				case "collapse":
-					$cat_id = db_escape_string($_GET["cid"]);
+					$cat_id = db_escape_string($_REQUEST["cid"]);
 					toggle_collapse_cat($link, $cat_id);
 					return;
 				break;
@@ -184,7 +184,7 @@
 				break;
 				case "catsort":
-					$corder = db_escape_string($_GET["corder"]);
+					$corder = db_escape_string($_REQUEST["corder"]);
 					$cats = split(",", $corder);
@@ -210,12 +210,12 @@
 		case "view":
-			$id = db_escape_string($_GET["id"]);
+			$id = db_escape_string($_REQUEST["id"]);
-			$cids = split(",", db_escape_string($_GET["cids"]));
+			$cids = split(",", db_escape_string($_REQUEST["cids"]));
-			$mode = db_escape_string($_GET["mode"]);
+			$mode = db_escape_string($_REQUEST["mode"]);
-			$omode = db_escape_string($_GET["omode"]);
+			$omode = db_escape_string($_REQUEST["omode"]);
-			$csync = $_GET["csync"];
+			$csync = $_REQUEST["csync"];
 			print "<reply>";
@@ -259,20 +259,20 @@
 			print "<reply>";
-			if ($_GET["debug"]) $timing_info = print_checkpoint("0", $timing_info);
+			if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);
-			$omode = db_escape_string($_GET["omode"]);
+			$omode = db_escape_string($_REQUEST["omode"]);
-			$feed = db_escape_string($_GET["feed"]);
+			$feed = db_escape_string($_REQUEST["feed"]);
-			$subop = db_escape_string($_GET["subop"]);
+			$subop = db_escape_string($_REQUEST["subop"]);
-			$view_mode = db_escape_string($_GET["view_mode"]);
+			$view_mode = db_escape_string($_REQUEST["view_mode"]);
-			$limit = db_escape_string($_GET["limit"]);
+			$limit = db_escape_string($_REQUEST["limit"]);
-			$cat_view = db_escape_string($_GET["cat"]);
+			$cat_view = db_escape_string($_REQUEST["cat"]);
-			$next_unread_feed = db_escape_string($_GET["nuf"]);
+			$next_unread_feed = db_escape_string($_REQUEST["nuf"]);
-			$offset = db_escape_string($_GET["skip"]);
+			$offset = db_escape_string($_REQUEST["skip"]);
-			$vgroup_last_feed = db_escape_string($_GET["vgrlf"]);
+			$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]);
-			$csync = $_GET["csync"];
+			$csync = $_REQUEST["csync"];
-			$order_by = db_escape_string($_GET["order_by"]);
+			$order_by = db_escape_string($_REQUEST["order_by"]);
 			/* Updating a label ccache means recalculating all of the caches
 			 * so for performance reasons we don't do that here */
@@ -345,7 +345,7 @@
 			print "<headlines-unread value=\"$headlines_unread\"/>";
 			printf("<disable-cache value=\"%d\"/>", $disable_cache);
-			if ($_GET["debug"]) $timing_info = print_checkpoint("10", $timing_info);
+			if ($_REQUEST["debug"]) $timing_info = print_checkpoint("10", $timing_info);
 			if (is_array($topmost_article_ids) && !get_pref($link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) {
 				print "<articles>";
@@ -355,7 +355,7 @@
 				print "</articles>";
 			}
-			if ($_GET["debug"]) $timing_info = print_checkpoint("20", $timing_info);
+			if ($_REQUEST["debug"]) $timing_info = print_checkpoint("20", $timing_info);
 //			if (get_pref($link, "SYNC_COUNTERS") ||				
@@ -375,7 +375,7 @@
 				}
 			}
-			if ($_GET["debug"]) $timing_info = print_checkpoint("30", $timing_info);
+			if ($_REQUEST["debug"]) $timing_info = print_checkpoint("30", $timing_info);
 			print_runtime_info($link);
@@ -432,8 +432,8 @@
 		break; // pref-feed-browser
 		case "publish":
-			$key = db_escape_string($_GET["key"]);
+			$key = db_escape_string($_REQUEST["key"]);
-			$limit = (int)db_escape_string($_GET["limit"]);
+			$limit = (int)db_escape_string($_REQUEST["limit"]);
 			$result = db_query($link, "SELECT login, owner_uid 
 				FROM ttrss_user_prefs, ttrss_users WHERE
@@ -453,15 +453,15 @@
 		break; // publish
 		case "rss":
-			$feed = db_escape_string($_GET["id"]);
+			$feed = db_escape_string($_REQUEST["id"]);
-			$user = db_escape_string($_GET["user"]);
+			$user = db_escape_string($_REQUEST["user"]);
-			$pass = db_escape_string($_GET["pass"]);
+			$pass = db_escape_string($_REQUEST["pass"]);
-			$is_cat = $_GET["is_cat"] != false;
+			$is_cat = $_REQUEST["is_cat"] != false;
-			$limit = (int)db_escape_string($_GET["limit"]);
+			$limit = (int)db_escape_string($_REQUEST["limit"]);
-			$search = db_escape_string($_GET["q"]);
+			$search = db_escape_string($_REQUEST["q"]);
-			$match_on = db_escape_string($_GET["m"]);
+			$match_on = db_escape_string($_REQUEST["m"]);
-			$search_mode = db_escape_string($_GET["smode"]);
+			$search_mode = db_escape_string($_REQUEST["smode"]);
 			if (SINGLE_USER_MODE) {
 				authenticate_user($link, "admin", null);
@@ -480,7 +480,7 @@
 		break; // rss
 		case "getUnread":
-			$login = db_escape_string($_GET["login"]);
+			$login = db_escape_string($_REQUEST["login"]);
 			header("Content-Type: text/plain; charset=utf-8");
--- a/feedlist.js
+++ b/feedlist.js
@@ -172,7 +172,7 @@ function viewfeed(feed, subop, is_cat, subop_param, skip_history, offset) {
 			toolbar_form.query.value = "";
 		}
-		var query = "backend.php?op=viewfeed&feed=" + feed + "&" +
+		var query = "?op=viewfeed&feed=" + feed + "&" +
 			toolbar_query + "&subop=" + param_escape(subop);
 		if ($("search_form")) {
@@ -349,7 +349,8 @@ function viewfeed(feed, subop, is_cat, subop_param, skip_history, offset) {
 				}
 			}
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					headlines_callback2(transport, page_offset); 
 				} });
@@ -392,8 +393,9 @@ function toggleCollapseCat(cat) {
 		Effect.toggle('FCATLIST-' + cat, 'blind', { duration: 0.5,
 			afterFinish: toggleCollapseCat_af });
-		new Ajax.Request("backend.php?op=feeds&subop=collapse&cid=" + 
+		new Ajax.Request("backend.php", 
-			param_escape(cat));
+			{ parameters: "backend.php?op=feeds&subop=collapse&cid=" + 
 				param_escape(cat) } );
 		local_collapse_cat(cat);
@@ -417,12 +419,12 @@ function feedlist_dragsorted(ctr) {
 		if (ordered_cats.length > 0) {
-			var query = "backend.php?op=feeds&subop=catsort&corder=" + 
+			var query = "?op=feeds&subop=catsort&corder=" + 
 				param_escape(ordered_cats.toString());
 			debug(query);
-			new Ajax.Request(query);
+			new Ajax.Request("backend.php", { parameters: query });
 		}
 	} catch (e) {
@@ -663,7 +665,7 @@ function request_counters_real() {
 		debug("requesting counters...");
-		var query = "backend.php?op=rpc&subop=getAllCounters";
+		var query = "?op=rpc&subop=getAllCounters";
 		if (tagsAreDisplayed()) {
 			query = query + "&omode=tl";
@@ -671,7 +673,8 @@ function request_counters_real() {
 			query = query + "&omode=flc";
 		}
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				try {
 					all_counters_callback2(transport, true);
--- a/functions.js
+++ b/functions.js
@@ -1319,10 +1319,11 @@ function displayDlg(id, param) {
 	disableHotkeys();
-	var query = "backend.php?op=dlg&id=" +
+	var query = "?op=dlg&id=" +
 		param_escape(id) + "&param=" + param_escape(param);
-	new Ajax.Request(query, {
+	new Ajax.Request("backend.php", {
 		parameters: query,
 		onComplete: function (transport) {
 			infobox_callback2(transport);
 		} });
@@ -1656,9 +1657,10 @@ function filterDlgCheckDate() {
 		var reg_exp = form.reg_exp.value;
-		var query = "backend.php?op=rpc&subop=checkDate&date=" + reg_exp;
+		var query = "?op=rpc&subop=checkDate&date=" + reg_exp;
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				var form = document.forms["filter_add_form"];
@@ -1733,7 +1735,7 @@ function openArticleInNewWindow(id) {
 	try {
 		debug("openArticleInNewWindow: " + id);
-		var query = "backend.php?op=rpc&subop=getArticleLink&id=" + id;
+		var query = "?op=rpc&subop=getArticleLink&id=" + id;
 		var wname = "ttrss_article_" + id;
 		debug(query + " " + wname);
@@ -1742,7 +1744,8 @@ function openArticleInNewWindow(id) {
 		if (!w) notify_error("Failed to open window for the article");
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				open_article_callback(transport); 
 			} });
@@ -1810,10 +1813,11 @@ function labelTest() {
 		notify_progress("Loading, please wait...");
-		var query = "backend.php?op=pref-labels&subop=test&expr=" +
+		var query = "?op=pref-labels&subop=test&expr=" +
 			param_escape(sql_exp) + "&descr=" + param_escape(description);
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function (transport) {
 				labeltest_callback(transport);
 			} });
@@ -2047,7 +2051,7 @@ function getSelectedFeedsFromBrowser() {
 function updateFeedBrowser() {
 	try {
-		var query = "backend.php?op=rpc&subop=feedBrowser";
+		var query = "?op=rpc&subop=feedBrowser";
 		var search = $("feed_browser_search");
 		var limit = $("feed_browser_limit");
@@ -2064,7 +2068,8 @@ function updateFeedBrowser() {
 		Element.show('feed_browser_spinner');
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				notify('');
@@ -2099,11 +2104,12 @@ function browseFeeds(limit) {
 	try {
-		var query = "backend.php?op=pref-feeds&subop=browse";
+		var query = "?op=pref-feeds&subop=browse";
 		notify_progress("Loading, please wait...", true);
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				infobox_callback2(transport);
 			} });
--- a/functions.php
+++ b/functions.php
@@ -1,6 +1,6 @@
 <?php
-/*	if ($_GET["debug"]) {
+/*	if ($_REQUEST["debug"]) {
 		define('DEFAULT_ERROR_LEVEL', E_ALL);
 	} else {
 		define('DEFAULT_ERROR_LEVEL', E_ERROR | E_WARNING | E_PARSE);
@@ -505,11 +505,11 @@
 	function update_rss_feed($link, $feed_url, $feed, $ignore_daemon = false) {
-		if (!$_GET["daemon"] && !$ignore_daemon) {
+		if (!$_REQUEST["daemon"] && !$ignore_daemon) {
 			return false;
 		}
-		if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+		if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 			_debug("update_rss_feed: start");
 		}
@@ -534,7 +534,7 @@
 		}
 		if (db_num_rows($result) == 0) {
-			if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+			if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 				_debug("update_rss_feed: feed $feed [$feed_url] NOT FOUND/SKIPPED");
 			}		
 			return false;
@@ -560,7 +560,7 @@
 			$use_simplepie = ENABLE_SIMPLEPIE;
 		}
-		if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+		if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 			_debug("use simplepie: $use_simplepie (feed setting: $update_method)\n");
 		}
@@ -588,11 +588,11 @@
 		}
-		if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+		if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 			_debug("update_rss_feed: fetching [$fetch_url]...");
 		}
-		if (!defined('DAEMON_EXTENDED_DEBUG') && !$_GET['xdebug']) {
+		if (!defined('DAEMON_EXTENDED_DEBUG') && !$_REQUEST['xdebug']) {
 			error_reporting(0);
 		}
@@ -610,14 +610,14 @@
 			$rss->set_output_encoding('UTF-8');
 			if (SIMPLEPIE_CACHE_IMAGES && $cache_images) {
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("enabling image cache");
 				}
 				$rss->set_image_handler('./image.php', 'i');
 			}
-			if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+			if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 				_debug("feed update interval (sec): " .
 					get_feed_update_interval($link, $feed)*60);
 			}
@@ -632,7 +632,7 @@
 //		print_r($rss);
-		if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+		if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 			_debug("update_rss_feed: fetch done, parsing...");
 		} else {
 			error_reporting (DEFAULT_ERROR_LEVEL);
@@ -648,7 +648,7 @@
 		if ($fetch_ok) {
-			if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+			if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 				_debug("update_rss_feed: processing feed data...");
 			}
@@ -670,7 +670,7 @@
 			}
 			if (get_pref($link, 'ENABLE_FEED_ICONS', $owner_uid, false)) {	
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: checking favicon...");
 				}
@@ -685,7 +685,7 @@
 					$feed_title = db_escape_string($rss->channel["title"]);
 				}
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: registering title: $feed_title");
 				}
@@ -716,7 +716,7 @@
 				db_query($link, "UPDATE ttrss_feeds SET icon_url = '$icon_url' WHERE id = '$feed'");
 			}
-			if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+			if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 				_debug("update_rss_feed: loading filters...");
 			}
@@ -738,7 +738,7 @@
 				// clear any errors and mark feed as updated if fetched okay
 				// even if it's blank
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: entry iterator is not an array, no articles?");
 				}
@@ -748,13 +748,13 @@
 				return; // no articles
 			}
-			if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+			if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 				_debug("update_rss_feed: processing articles...");
 			}
 			foreach ($iterator as $item) {
-				if ($_GET['xdebug'] == 2) {
+				if ($_REQUEST['xdebug'] == 2) {
 					print_r($item);
 				}
@@ -772,7 +772,7 @@
 					if (!$entry_guid) $entry_guid = make_guid_from_title($item["title"]);
 				}
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: guid $entry_guid");
 				}
@@ -802,7 +802,7 @@
 				$entry_timestamp_fmt = strftime("%Y/%m/%d %H:%M:%S", $entry_timestamp);
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: date $entry_timestamp [$entry_timestamp_fmt]");
 				}
@@ -820,7 +820,7 @@
 					if (!$entry_link) $entry_link = $item["link"];
 				}
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: title $entry_title");
 				}
@@ -856,7 +856,7 @@
 					} 
 				}
-				if ($_GET["xdebug"] == 2) {
+				if ($_REQUEST["xdebug"] == 2) {
 					print "update_rss_feed: content: ";
 					print_r(htmlspecialchars($entry_content));
 				}
@@ -934,7 +934,7 @@
 						}
 					}
-					if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+					if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 						_debug("update_rss_feed: category tags:");
 						print_r($additional_tags);
 					}
@@ -1049,7 +1049,7 @@
 				$entry_content = sanitize_article_content($entry_content);
 				$entry_title = sanitize_article_content($entry_title);
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: done collecting data [TITLE:$entry_title]");
 				}
@@ -1057,7 +1057,7 @@
 				if (db_num_rows($result) == 0) {
-					if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+					if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 						_debug("update_rss_feed: base guid not found");
 					}
@@ -1116,7 +1116,7 @@
 				if (db_num_rows($result) == 1) {
-					if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+					if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 						_debug("update_rss_feed: base guid found, checking for user record");
 					}
@@ -1144,7 +1144,7 @@
 					$article_filters = get_article_filters($filters, $entry_title, 
 							$entry_content, $entry_link, $entry_timestamp);
-					if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+					if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 						_debug("update_rss_feed: article filters: ");
 						if (count($article_filters) != 0) {
 							print_r($article_filters);
@@ -1160,7 +1160,7 @@
 					$score = calculate_article_score($article_filters);
-					if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+					if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 						_debug("update_rss_feed: initial score: $score");
 					}
@@ -1168,14 +1168,14 @@
 							ref_id = '$ref_id' AND owner_uid = '$owner_uid'
 							$dupcheck_qpart";
-//					if ($_GET["xdebug"]) print "$query\n";
+//					if ($_REQUEST["xdebug"]) print "$query\n";
 					$result = db_query($link, $query);
 					// okay it doesn't exist - create user entry
 					if (db_num_rows($result) == 0) {
-						if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+						if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 							_debug("update_rss_feed: user record not found, creating...");
 						}
@@ -1215,7 +1215,7 @@
 							$entry_int_id = db_fetch_result($result, 0, "int_id");
 						}
 					} else {
-						if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+						if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 							_debug("update_rss_feed: user record FOUND");
 						}
@@ -1223,7 +1223,7 @@
 						$entry_int_id = db_fetch_result($result, 0, "int_id");
 					}
-					if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+					if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 						_debug("update_rss_feed: RID: $entry_ref_id, IID: $entry_int_id");
 					}
@@ -1278,18 +1278,18 @@
 				db_query($link, "COMMIT");
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: assigning labels...");
 				}
 				assign_article_to_labels($link, $entry_ref_id, $article_filters,
 					$owner_uid);
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: looking for enclosures...");
 				}
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					print_r($enclosures);
 				}
@@ -1312,7 +1312,7 @@
 				db_query($link, "COMMIT");
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: looking for tags...");
 				}
@@ -1359,7 +1359,7 @@
 //				print "<p>TAGS: "; print_r($entry_tags); print "</p>";
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					print_r($entry_tags);
 				}
@@ -1391,20 +1391,20 @@
 					db_query($link, "COMMIT");
 				} 
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: article processed");
 				}
 			} 
 			if (!$last_updated) {
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: new feed, catching it up...");
 				}
 				catchup_feed($link, $feed, false, $owner_uid);
 			}
 			if (!$hidden) {
-				if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+				if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 					_debug("update_rss_feed: updating counters cache...");
 				}
@@ -1427,7 +1427,7 @@
 				$error_msg = mb_substr(magpie_error(), 0, 250);
 			}
-			if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+			if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 				_debug("update_rss_feed: error fetching feed: $error_msg");
 			}
@@ -1442,7 +1442,7 @@
 			unset($rss);
 		}
-		if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) {
+		if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) {
 			_debug("update_rss_feed: done");
 		}
@@ -3520,7 +3520,7 @@
 					$query_strategy_part ORDER BY $order_by
 					$limit_query_part $offset_query_part";
-				if ($_GET["debug"]) print $query;
+				if ($_REQUEST["debug"]) print $query;
 				$result = db_query($link, $query);
@@ -4339,7 +4339,7 @@
 			$result = db_query($link, $query);
-			$actid = $_GET["actid"];
+			$actid = $_REQUEST["actid"];
 			/* real feeds */
@@ -4360,7 +4360,7 @@
 				$feed_id = $line["id"];	  
 				$unread = $line["unread"];
-				$subop = $_GET["subop"];
+				$subop = $_REQUEST["subop"];
 				if (get_pref($link, 'HEADLINES_SMART_DATE')) {
 					$last_updated = smart_date_time(strtotime($line["last_updated_noms"]));
@@ -4931,8 +4931,8 @@
 		$subop_split = split(":", $subop);
 		if ($subop == "CatchupSelected") {
-			$ids = split(",", db_escape_string($_GET["ids"]));
+			$ids = split(",", db_escape_string($_REQUEST["ids"]));
-			$cmode = sprintf("%d", $_GET["cmode"]);
+			$cmode = sprintf("%d", $_REQUEST["cmode"]);
 			catchupArticlesById($link, $ids, $cmode);
 		}
@@ -4991,14 +4991,14 @@
 		/// START /////////////////////////////////////////////////////////////////////////////////
-		$search = db_escape_string($_GET["query"]);
+		$search = db_escape_string($_REQUEST["query"]);
 		if ($search) { 
 			$disable_cache = true;
 		}
-		$search_mode = db_escape_string($_GET["search_mode"]);
+		$search_mode = db_escape_string($_REQUEST["search_mode"]);
-		$match_on = db_escape_string($_GET["match_on"]);
+		$match_on = db_escape_string($_REQUEST["match_on"]);
 		if (!$match_on) {
 			$match_on = "both";
@@ -5006,12 +5006,12 @@
 		$real_offset = $offset * $limit;
-		if ($_GET["debug"]) $timing_info = print_checkpoint("H0", $timing_info);
+		if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info);
 		$qfh_ret = queryFeedHeadlines($link, $feed, $limit, $view_mode, $cat_view, 
 			$search, $search_mode, $match_on, $override_order, $real_offset);
-		if ($_GET["debug"]) $timing_info = print_checkpoint("H1", $timing_info);
+		if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H1", $timing_info);
 		$result = $qfh_ret[0];
 		$feed_title = $qfh_ret[1];
--- a/manifest.json.php
+++ b/manifest.json.php
@@ -16,7 +16,8 @@
      "images/c1.png",
      "images/c2.png",
      "images/c3.png",
-      "images/c4.png",
+		"images/c4.png",
 		"images/archive.png",
      "images/cat-collapse.png",
      "images/down_arrow.png",
      "images/footer.png",
--- a/modules/backend-rpc.php
+++ b/modules/backend-rpc.php
@@ -1,7 +1,7 @@
 <?php
 	function handle_rpc_request($link) {
-		$subop = $_GET["subop"];
+		$subop = $_REQUEST["subop"];
 		if ($subop == "setpref") {
 			if (WEB_DEMO_MODE) {
@@ -10,8 +10,8 @@
 			print "<rpc-reply>";
-			$key = db_escape_string($_GET["key"]);
+			$key = db_escape_string($_REQUEST["key"]);
-			$value = db_escape_string($_GET["value"]);
+			$value = db_escape_string($_REQUEST["value"]);
 			set_pref($link, $key, $value);
@@ -23,7 +23,7 @@
 		}
 		if ($subop == "getLabelCounters") {
-			$aid = $_GET["aid"];		
+			$aid = $_REQUEST["aid"];		
 			print "<rpc-reply>";
 			print "<counters>";
 			getLabelCounters($link);
@@ -50,7 +50,7 @@
 			print "<rpc-reply>";			
 			print "<counters>";
-			$omode = $_GET["omode"];
+			$omode = $_REQUEST["omode"];
 			getAllCounters($link, $omode);
 			print "</counters>";
@@ -61,8 +61,8 @@
 		}
 		if ($subop == "mark") {
-			$mark = $_GET["mark"];
+			$mark = $_REQUEST["mark"];
-			$id = db_escape_string($_GET["id"]);
+			$id = db_escape_string($_REQUEST["id"]);
 			if ($mark == "1") {
 				$mark = "true";
@@ -87,7 +87,7 @@
 		}
 		if ($subop == "delete") {
-			$ids = db_escape_string($_GET["ids"]);
+			$ids = db_escape_string($_REQUEST["ids"]);
 			$result = db_query($link, "DELETE FROM ttrss_user_entries 				
 				WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
@@ -103,7 +103,7 @@
 		}
 		if ($subop == "unarchive") {
-			$ids = db_escape_string($_GET["ids"]);
+			$ids = db_escape_string($_REQUEST["ids"]);
 			$result = db_query($link, "UPDATE ttrss_user_entries 
 				SET feed_id = orig_feed_id, orig_feed_id = NULL
@@ -120,7 +120,7 @@
 		}
 		if ($subop == "archive") {
-			$ids = split(",", db_escape_string($_GET["ids"]));
+			$ids = split(",", db_escape_string($_REQUEST["ids"]));
 			foreach ($ids as $id) {
 				archive_article($link, $id, $_SESSION["uid"]);
@@ -183,7 +183,7 @@
 		}
 		if ($subop == "updateFeed") {
-			$feed_id = db_escape_string($_GET["feed"]);
+			$feed_id = db_escape_string($_REQUEST["feed"]);
 			$result = db_query($link, 
 				"SELECT feed_url FROM ttrss_feeds WHERE id = '$feed_id'
@@ -205,7 +205,7 @@
 		if ($subop == "forceUpdateAllFeeds" || $subop == "updateAllFeeds") {
-			$global_unread_caller = sprintf("%d", $_GET["uctr"]);
+			$global_unread_caller = sprintf("%d", $_REQUEST["uctr"]);
 			$global_unread = getGlobalUnread($link);
 			print "<rpc-reply>";
@@ -214,7 +214,7 @@
 			if ($global_unread_caller != $global_unread) {
-	 			$omode = $_GET["omode"];
+	 			$omode = $_REQUEST["omode"];
 	 			if (!$omode) $omode = "tflc";
@@ -251,7 +251,7 @@
 			print "<rpc-reply>";
 			print "<counters>";
-			getAllCounters($link, $_GET["omode"]);
+			getAllCounters($link, $_REQUEST["omode"]);
 			print "</counters>";
 			print_runtime_info($link);
 			print "</rpc-reply>";
@@ -261,14 +261,14 @@
 		if ($subop == "markSelected") {
-			$ids = split(",", db_escape_string($_GET["ids"]));
+			$ids = split(",", db_escape_string($_REQUEST["ids"]));
-			$cmode = sprintf("%d", $_GET["cmode"]);
+			$cmode = sprintf("%d", $_REQUEST["cmode"]);
 			markArticlesById($link, $ids, $cmode);
 			print "<rpc-reply>";
 			print "<counters>";
-			getAllCounters($link, $_GET["omode"]);
+			getAllCounters($link, $_REQUEST["omode"]);
 			print "</counters>";
 			print_runtime_info($link);
 			print "</rpc-reply>";
@@ -278,14 +278,14 @@
 		if ($subop == "publishSelected") {
-			$ids = split(",", db_escape_string($_GET["ids"]));
+			$ids = split(",", db_escape_string($_REQUEST["ids"]));
-			$cmode = sprintf("%d", $_GET["cmode"]);
+			$cmode = sprintf("%d", $_REQUEST["cmode"]);
 			publishArticlesById($link, $ids, $cmode);
 			print "<rpc-reply>";
 			print "<counters>";
-			getAllCounters($link, $_GET["omode"]);
+			getAllCounters($link, $_REQUEST["omode"]);
 			print "</counters>";
 			print_runtime_info($link);
 			print "</rpc-reply>";
@@ -301,7 +301,7 @@
 				print_runtime_info($link);
 				# assign client-passed params to session
-				$_SESSION["client.userAgent"] = $_GET["ua"];
+				$_SESSION["client.userAgent"] = $_REQUEST["ua"];
 			}
 			print "</rpc-reply>";
@@ -320,7 +320,7 @@
 		if ($subop == "getArticleLink") {
-			$id = db_escape_string($_GET["id"]);
+			$id = db_escape_string($_REQUEST["id"]);
 			$result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries
 				WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'");
@@ -337,9 +337,9 @@
 		if ($subop == "setArticleTags") {
-			$id = db_escape_string($_GET["id"]);
+			$id = db_escape_string($_REQUEST["id"]);
-			$tags_str = db_escape_string($_GET["tags_str"]);
+			$tags_str = db_escape_string($_REQUEST["tags_str"]);
 			$tags = array_unique(trim_array(split(",", $tags_str)));
@@ -426,8 +426,8 @@
 		}
 		if ($subop == "purge") {
-			$ids = split(",", db_escape_string($_GET["ids"]));
+			$ids = split(",", db_escape_string($_REQUEST["ids"]));
-			$days = sprintf("%d", $_GET["days"]);
+			$days = sprintf("%d", $_REQUEST["days"]);
 			print "<rpc-reply>";
--- a/modules/help.php
+++ b/modules/help.php
@@ -1,7 +1,7 @@
 <?php
 	function module_help($link) {
-		if (!$_GET["noheaders"]) {
+		if (!$_REQUEST["noheaders"]) {
 			print "<html><head>
 				<title>".__('Help')."</title>
 				<link rel=\"stylesheet\" href=\"utility.css\" type=\"text/css\">
@@ -9,7 +9,7 @@
 				</head><body>";
 		}
-		$tid = sprintf("%d", $_GET["tid"]);
+		$tid = sprintf("%d", $_REQUEST["tid"]);
 		if (file_exists("help/$tid.php")) {
 			include("help/$tid.php");
@@ -21,7 +21,7 @@
 			onclick=\"javascript:window.close()\" 
 			value=\"".__('Close this window')."\"></div>";
-		if (!$_GET["noheaders"]) { 
+		if (!$_REQUEST["noheaders"]) { 
 			print "</body></html>";
 		}
 	}
--- a/modules/popup-dialog.php
+++ b/modules/popup-dialog.php
@@ -1,7 +1,7 @@
 <?php
 	function module_popup_dialog($link) {
-		$id = $_GET["id"];
+		$id = $_REQUEST["id"];
-		$param = db_escape_string($_GET["param"]);
+		$param = db_escape_string($_REQUEST["param"]);
 		if ($id == "explainError") {
@@ -142,9 +142,9 @@
 			print "<form id='search_form'  onsubmit='return false'>";
-			#$active_feed_id = db_escape_string($_GET["param"]);
+			#$active_feed_id = db_escape_string($_REQUEST["param"]);
-			$params = split(":", db_escape_string($_GET["param"]));
+			$params = split(":", db_escape_string($_REQUEST["param"]));
 			$active_feed_id = sprintf("%d", $params[0]);
 			$is_cat = $params[1] == "true";
@@ -221,7 +221,7 @@
 		if ($id == "quickAddFilter") {
-			$active_feed_id = db_escape_string($_GET["param"]);
+			$active_feed_id = db_escape_string($_REQUEST["param"]);
 			print "<div id=\"infoBoxTitle\">".__('Create Filter')."</div>";
 			print "<div class=\"infoBoxContents\">";
--- a/modules/pref-feeds.php
+++ b/modules/pref-feeds.php
@@ -15,7 +15,7 @@
 		$quiet = $_REQUEST["quiet"];
 		if ($subop == "massSubscribe") {
-			$ids = split(",", db_escape_string($_GET["ids"]));
+			$ids = split(",", db_escape_string($_REQUEST["ids"]));
 			$subscribed = array();
@@ -64,7 +64,7 @@
 			print "<div class=\"infoBoxContents\">";
-			$browser_search = db_escape_string($_GET["search"]);
+			$browser_search = db_escape_string($_REQUEST["search"]);
 			//print "<p>".__("Showing top 25 registered feeds, sorted by popularity:")."</p>";
@@ -726,7 +726,7 @@
 		if ($subop == "remove") {
-			$ids = split(",", db_escape_string($_GET["ids"]));
+			$ids = split(",", db_escape_string($_REQUEST["ids"]));
 			foreach ($ids as $id) {
 				remove_feed($link, $id, $_SESSION["uid"]);
@@ -734,12 +734,12 @@
 		}
 		if ($subop == "clear") {
-			$id = db_escape_string($_GET["id"]);
+			$id = db_escape_string($_REQUEST["id"]);
 			clear_feed_articles($link, $id);
 		}
 		if ($subop == "rescore") {
-			$ids = split(",", db_escape_string($_GET["ids"]));
+			$ids = split(",", db_escape_string($_REQUEST["ids"]));
 			foreach ($ids as $id) {
@@ -901,9 +901,9 @@
 			if (!WEB_DEMO_MODE) {
-				$ids = split(",", db_escape_string($_GET["ids"]));
+				$ids = split(",", db_escape_string($_REQUEST["ids"]));
-				$cat_id = db_escape_string($_GET["cat_id"]);
+				$cat_id = db_escape_string($_REQUEST["cat_id"]);
 				if ($cat_id == 0) {
 					$cat_id_qpart = 'NULL';
@@ -938,7 +938,7 @@
 			if ($action == "save") {
 				$cat_title = db_escape_string(trim($_REQUEST["value"]));
-				$cat_id = db_escape_string($_GET["cid"]);
+				$cat_id = db_escape_string($_REQUEST["cid"]);
 				db_query($link, "BEGIN");
@@ -977,7 +977,7 @@
 				if (!WEB_DEMO_MODE) {
-					$feed_cat = db_escape_string(trim($_GET["cat"]));
+					$feed_cat = db_escape_string(trim($_REQUEST["cat"]));
 					$result = db_query($link,
 						"SELECT id FROM ttrss_feed_categories
@@ -1000,7 +1000,7 @@
 			if ($action == "remove") {
-				$ids = split(",", db_escape_string($_GET["ids"]));
+				$ids = split(",", db_escape_string($_REQUEST["ids"]));
 				foreach ($ids as $id) {
 					remove_feed_category($link, $id, $_SESSION["uid"]);
@@ -1111,9 +1111,9 @@
 				__('Some feeds have update errors (click for details)')."</a>");
 		}
-		$feed_search = db_escape_string($_GET["search"]);
+		$feed_search = db_escape_string($_REQUEST["search"]);
-		if (array_key_exists("search", $_GET)) {
+		if (array_key_exists("search", $_REQUEST)) {
 			$_SESSION["prefs_feed_search"] = $feed_search;
 		} else {
 			$feed_search = $_SESSION["prefs_feed_search"];
@@ -1138,7 +1138,7 @@
 				onclick=\"javascript:browseFeeds()\" value=\"".__('More Feeds')."\">";
 		}
-		$feeds_sort = db_escape_string($_GET["sort"]);
+		$feeds_sort = db_escape_string($_REQUEST["sort"]);
 		if (!$feeds_sort || $feeds_sort == "undefined") {
 			$feeds_sort = $_SESSION["pref_sort_feeds"];			
@@ -1171,7 +1171,7 @@
 		$show_last_article_checked = "";
 		$show_last_article_qpart = "";
-		if ($_GET["slat"] == "true") {
+		if ($_REQUEST["slat"] == "true") {
 			$show_last_article_info = true;
 			$show_last_article_checked = "checked";
 			$show_last_article_qpart = ", (SELECT ".SUBSTRING_FOR_DATE."(MAX(updated),1,16) FROM ttrss_user_entries,
--- a/modules/pref-filters.php
+++ b/modules/pref-filters.php
@@ -1,11 +1,11 @@
 <?php
 	function module_pref_filters($link) {
-		$subop = $_GET["subop"];
+		$subop = $_REQUEST["subop"];
-		$quiet = $_GET["quiet"];
+		$quiet = $_REQUEST["quiet"];
 		if ($subop == "edit") {
-			$filter_id = db_escape_string($_GET["id"]);
+			$filter_id = db_escape_string($_REQUEST["id"]);
 			$result = db_query($link, 
 				"SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
@@ -173,18 +173,18 @@
 		if ($subop == "editSave") {
-			$reg_exp = db_escape_string(trim($_GET["reg_exp"]));
+			$reg_exp = db_escape_string(trim($_REQUEST["reg_exp"]));
-			$filter_type = db_escape_string(trim($_GET["filter_type"]));
+			$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
-			$filter_id = db_escape_string($_GET["id"]);
+			$filter_id = db_escape_string($_REQUEST["id"]);
-			$feed_id = db_escape_string($_GET["feed_id"]);
+			$feed_id = db_escape_string($_REQUEST["feed_id"]);
-			$action_id = db_escape_string($_GET["action_id"]); 
+			$action_id = db_escape_string($_REQUEST["action_id"]); 
-			$action_param = db_escape_string($_GET["action_param"]); 
+			$action_param = db_escape_string($_REQUEST["action_param"]); 
-			$action_param_label = db_escape_string($_GET["action_param_label"]); 
+			$action_param_label = db_escape_string($_REQUEST["action_param_label"]); 
-			$enabled = checkbox_to_sql_bool(db_escape_string($_GET["enabled"]));
+			$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
-			$inverse = checkbox_to_sql_bool(db_escape_string($_GET["inverse"]));
+			$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
 			# for the time being, no other filters use params anyway...
-			$filter_param = db_escape_string($_GET["filter_date_modifier"]);
+			$filter_param = db_escape_string($_REQUEST["filter_date_modifier"]);
 			if (!$feed_id) {
 				$feed_id = 'NULL';
@@ -218,7 +218,7 @@
 		if ($subop == "remove") {
-			$ids = split(",", db_escape_string($_GET["ids"]));
+			$ids = split(",", db_escape_string($_REQUEST["ids"]));
 			foreach ($ids as $id) {
 				db_query($link, "DELETE FROM ttrss_filters WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
@@ -227,16 +227,16 @@
 		if ($subop == "add") {
-			$regexp = db_escape_string(trim($_GET["reg_exp"]));
+			$regexp = db_escape_string(trim($_REQUEST["reg_exp"]));
-			$filter_type = db_escape_string(trim($_GET["filter_type"]));
+			$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
-			$feed_id = db_escape_string($_GET["feed_id"]);
+			$feed_id = db_escape_string($_REQUEST["feed_id"]);
-			$action_id = db_escape_string($_GET["action_id"]); 
+			$action_id = db_escape_string($_REQUEST["action_id"]); 
-			$action_param = db_escape_string($_GET["action_param"]); 
+			$action_param = db_escape_string($_REQUEST["action_param"]); 
-			$action_param_label = db_escape_string($_GET["action_param_label"]); 
+			$action_param_label = db_escape_string($_REQUEST["action_param_label"]); 
-			$inverse = checkbox_to_sql_bool(db_escape_string($_GET["inverse"]));
+			$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
 			# for the time being, no other filters use params anyway...
-			$filter_param = db_escape_string($_GET["filter_date_modifier"]);
+			$filter_param = db_escape_string($_REQUEST["filter_date_modifier"]);
 			if (!$regexp) return;
@@ -271,7 +271,7 @@
 		set_pref($link, "_PREFS_ACTIVE_TAB", "filterConfig");
-		$sort = db_escape_string($_GET["sort"]);
+		$sort = db_escape_string($_REQUEST["sort"]);
 		if (!$sort || $sort == "undefined") {
 			$sort = "reg_exp";
@@ -290,9 +290,9 @@
 		}
-		$filter_search = db_escape_string($_GET["search"]);
+		$filter_search = db_escape_string($_REQUEST["search"]);
-		if (array_key_exists("search", $_GET)) {
+		if (array_key_exists("search", $_REQUEST)) {
 			$_SESSION["prefs_filter_search"] = $filter_search;
 		} else {
 			$filter_search = $_SESSION["prefs_filter_search"];
@@ -388,7 +388,7 @@
 				$class = ($lnum % 2) ? "even" : "odd";
 				$filter_id = $line["id"];
-				$edit_filter_id = $_GET["id"];
+				$edit_filter_id = $_REQUEST["id"];
 				$enabled = sql_bool_to_bool($line["enabled"]);
 				$inverse = sql_bool_to_bool($line["inverse"]);
--- a/modules/pref-labels.php
+++ b/modules/pref-labels.php
@@ -1,7 +1,7 @@
 <?php
 	function module_pref_labels($link) {
-		$subop = $_GET["subop"];
+		$subop = $_REQUEST["subop"];
 		if ($subop == "color-set") {
 			$kind = db_escape_string($_REQUEST["kind"]);
@@ -84,7 +84,7 @@
 		if ($subop == "remove") {
-			$ids = split(",", db_escape_string($_GET["ids"]));
+			$ids = split(",", db_escape_string($_REQUEST["ids"]));
 			foreach ($ids as $id) {
 				label_remove($link, $id, $_SESSION["uid"]);
@@ -94,7 +94,7 @@
 		if ($subop == "add") {
-			$caption = db_escape_string($_GET["caption"]);
+			$caption = db_escape_string($_REQUEST["caption"]);
 			if ($caption) {
@@ -109,15 +109,15 @@
 		set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig");
-		$sort = db_escape_string($_GET["sort"]);
+		$sort = db_escape_string($_REQUEST["sort"]);
 		if (!$sort || $sort == "undefined") {
 			$sort = "caption";
 		}
-		$label_search = db_escape_string($_GET["search"]);
+		$label_search = db_escape_string($_REQUEST["search"]);
-		if (array_key_exists("search", $_GET)) {
+		if (array_key_exists("search", $_REQUEST)) {
 			$_SESSION["prefs_label_search"] = $label_search;
 		} else {
 			$label_search = $_SESSION["prefs_label_search"];
--- a/modules/pref-prefs.php
+++ b/modules/pref-prefs.php
@@ -120,7 +120,7 @@
 		} else if ($subop == "getHelp") {
-			$pref_name = db_escape_string($_GET["pn"]);
+			$pref_name = db_escape_string($_REQUEST["pn"]);
 			$result = db_query($link, "SELECT help_text FROM ttrss_prefs
 				WHERE pref_name = '$pref_name'");
--- a/modules/pref-users.php
+++ b/modules/pref-users.php
@@ -12,7 +12,7 @@
 		if ($subop == "user-details") {
-			$uid = sprintf("%d", $_GET["id"]);
+			$uid = sprintf("%d", $_REQUEST["id"]);
 			print "<div id=\"infoBoxTitle\">".__('User details')."</div>";
@@ -103,7 +103,7 @@
 		if ($subop == "edit") {
-			$id = db_escape_string($_GET["id"]);
+			$id = db_escape_string($_REQUEST["id"]);
 			print "<div id=\"infoBoxTitle\">".__('User Editor')."</div>";
@@ -213,7 +213,7 @@
 			if ($_SESSION["access_level"] >= 10) {
-				$ids = split(",", db_escape_string($_GET["ids"]));
+				$ids = split(",", db_escape_string($_REQUEST["ids"]));
 				foreach ($ids as $id) {
 					if ($id != $_SESSION["uid"]) {
@@ -227,7 +227,7 @@
 			if ($_SESSION["access_level"] >= 10) {
-				$login = db_escape_string(trim($_GET["login"]));
+				$login = db_escape_string(trim($_REQUEST["login"]));
 				$tmp_user_pwd = make_password(8);
 				$pwd_hash = encrypt_password($tmp_user_pwd, $login);
@@ -266,7 +266,7 @@
 			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
-				$uid = db_escape_string($_GET["id"]);
+				$uid = db_escape_string($_REQUEST["id"]);
 				$result = db_query($link, "SELECT login,email 
 					FROM ttrss_users WHERE id = '$uid'");
@@ -346,9 +346,9 @@
 		set_pref($link, "_PREFS_ACTIVE_TAB", "userConfig");
-		$user_search = db_escape_string($_GET["search"]);
+		$user_search = db_escape_string($_REQUEST["search"]);
-		if (array_key_exists("search", $_GET)) {
+		if (array_key_exists("search", $_REQUEST)) {
 			$_SESSION["prefs_user_search"] = $user_search;
 		} else {
 			$user_search = $_SESSION["prefs_user_search"];
@@ -363,7 +363,7 @@
 				onclick=\"javascript:updateUsersList()\" value=\"".__('Search')."\">
 			</div>";
-		$sort = db_escape_string($_GET["sort"]);
+		$sort = db_escape_string($_REQUEST["sort"]);
 		if (!$sort || $sort == "undefined") {
 			$sort = "login";
@@ -427,7 +427,7 @@
 			$class = ($lnum % 2) ? "even" : "odd";
 			$uid = $line["id"];
-			$edit_uid = $_GET["id"];
+			$edit_uid = $_REQUEST["id"];
 			if ($subop == "edit" && $uid != $edit_uid) {
 				$class .= "Grayed";
--- a/offline.js
+++ b/offline.js
@@ -854,7 +854,7 @@ function update_offline_data(stage) {
 		if (!db || offline_mode || getInitParam("offline_enabled") != "1") return;
-		var query = "backend.php?op=rpc&subop=download";
+		var query = "?op=rpc&subop=download";
 		var rs = db.execute("SELECT MAX(id), MIN(id) FROM articles");
@@ -877,10 +877,10 @@ function update_offline_data(stage) {
 		var to_sync = prepare_local_sync_data();
 		if (to_sync != "") {
-			to_sync = "?sync=" + param_escape(to_sync);
+			to_sync = "&sync=" + param_escape(to_sync);
 		}
-		debug(query + "/" + to_sync);
+		query = query + to_sync;
 		var pic = $("offlineModePic");
@@ -896,8 +896,10 @@ function update_offline_data(stage) {
 		sync_in_progress = true;
-		new Ajax.Request(query, {
+		debug(query);
-			parameters: to_sync,
+
 		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				offline_download_parse(stage, transport);				
 			} });
--- a/prefs.js
+++ b/prefs.js
@@ -226,12 +226,13 @@ function updateFeedList(sort_key) {
 		slat_checked = slat.checked;
 	}
-	var query = "backend.php?op=pref-feeds" +
+	var query = "?op=pref-feeds" +
 		"&sort=" + param_escape(sort_key) + 
 		"&slat=" + param_escape(slat_checked) +
 		"&search=" + param_escape(search);
-	new Ajax.Request(query, {
+	new Ajax.Request("backend.php", {
 		parameters: query,
 		onComplete: function(transport) { 
 			feedlist_callback2(transport); 
 		} });
@@ -248,11 +249,12 @@ function updateUsersList(sort_key) {
 		var search = "";
 		if (user_search) { search = user_search.value; }
-		var query = "backend.php?op=pref-users&sort="
+		var query = "?op=pref-users&sort="
 			+ param_escape(sort_key) +
 			"&search=" + param_escape(search);
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				userlist_callback2(transport); 
 			} });
@@ -280,10 +282,11 @@ function addLabel() {
 		// we can be called from some other tab
 		active_tab = "labelConfig";
-		query = "backend.php?op=pref-labels&subop=add&caption=" + 
+		query = "?op=pref-labels&subop=add&caption=" + 
 			param_escape(caption);
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) {
 					infobox_submit_callback2(transport);
 				} });
@@ -306,10 +309,11 @@ function addFeed() {
 		} else {
 			notify_progress("Adding feed...");
-			var query = "backend.php?op=pref-feeds&subop=add&from=tt-rss&feed_url=" +
+			var query = "?op=pref-feeds&subop=add&from=tt-rss&feed_url=" +
 				param_escape(link.value);
-			new Ajax.Request(query,	{
+			new Ajax.Request("backend.php",	{
 				parameters: query,
 				onComplete: function(transport) {
 						feedlist_callback2(transport);
 					} });
@@ -333,10 +337,11 @@ function addFeedCat() {
 	} else {
 		notify_progress("Adding feed category...");
-		var query = "backend.php?op=pref-feeds&subop=editCats&action=add&cat=" +
+		var query = "?op=pref-feeds&subop=editCats&action=add&cat=" +
 			param_escape(cat.value);
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 			parameters: query,
 			onComplete: function(transport) {
 					infobox_feed_cat_callback2(transport);
 				} });
@@ -363,10 +368,11 @@ function addUser() {
 		notify_progress("Adding user...");
-		var query = "backend.php?op=pref-users&subop=add&login=" +
+		var query = "?op=pref-users&subop=add&login=" +
 			param_escape(login);
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				userlist_callback2(transport); 
 			} });
@@ -389,10 +395,11 @@ function editUser(id) {
 		disableContainerChildren("userOpToolbar", false);
-		var query = "backend.php?op=pref-users&subop=edit&id=" +
+		var query = "?op=pref-users&subop=edit&id=" +
 			param_escape(id);
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 			parameters: query,
 			onComplete: function(transport) {
 					infobox_callback2(transport);
 				} });
@@ -416,10 +423,11 @@ function editFilter(id) {
 		selectTableRowsByIdPrefix('prefFilterList', 'FILRR-', 'FICHK-', false);
 		selectTableRowById('FILRR-'+id, 'FICHK-'+id, true);
-		var query = "backend.php?op=pref-filters&subop=edit&id=" + 
+		var query = "?op=pref-filters&subop=edit&id=" + 
 			param_escape(id);
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 			parameters: query,
 			onComplete: function(transport) {
 					infobox_callback2(transport);
 				} });
@@ -442,10 +450,11 @@ function editFeed(feed) {
 		disableContainerChildren("feedOpToolbar", false);
-		var query = "backend.php?op=pref-feeds&subop=editfeed&id=" +
+		var query = "?op=pref-feeds&subop=editfeed&id=" +
 			param_escape(feed);
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) {
 					infobox_callback2(transport);
 				} });
@@ -487,10 +496,11 @@ function removeSelectedLabels() {
 		if (ok) {
 			notify_progress("Removing selected labels...");
-			var query = "backend.php?op=pref-labels&subop=remove&ids="+
+			var query = "?op=pref-labels&subop=remove&ids="+
 				param_escape(sel_rows.toString());
-			new Ajax.Request(query,	{
+			new Ajax.Request("backend.php",	{
 				parameters: query,
 				onComplete: function(transport) {
 						labellist_callback2(transport);
 					} });
@@ -516,10 +526,11 @@ function removeSelectedUsers() {
 			if (ok) {
 				notify_progress("Removing selected users...");
-				var query = "backend.php?op=pref-users&subop=remove&ids="+
+				var query = "?op=pref-users&subop=remove&ids="+
 					param_escape(sel_rows.toString());
-				new Ajax.Request(query, {
+				new Ajax.Request("backend.php", {
 					parameters: query,
 					onComplete: function(transport) { 
 						userlist_callback2(transport); 
 					} });
@@ -550,10 +561,11 @@ function removeSelectedFilters() {
 			if (ok) {
 				notify_progress("Removing selected filters...");
-				var query = "backend.php?op=pref-filters&subop=remove&ids="+
+				var query = "?op=pref-filters&subop=remove&ids="+
 					param_escape(sel_rows.toString());
-				new Ajax.Request(query,	{
+				new Ajax.Request("backend.php",	{
 						parameters: query,
 						onComplete: function(transport) {
 								filterlist_callback2(transport);
 					} });
@@ -585,10 +597,11 @@ function removeSelectedFeeds() {
 				notify_progress("Unsubscribing from selected feeds...");
-				var query = "backend.php?op=pref-feeds&subop=remove&ids="+
+				var query = "?op=pref-feeds&subop=remove&ids="+
 					param_escape(sel_rows.toString());
-				new Ajax.Request(query,	{
+				new Ajax.Request("backend.php",	{
 					parameters: query,
 					onComplete: function(transport) {
 							feedlist_callback2(transport);
 						} });
@@ -643,12 +656,13 @@ function purgeSelectedFeeds() {
 		if (pr != undefined) {
 			notify_progress("Purging selected feed...");
-			var query = "backend.php?op=rpc&subop=purge&ids="+
+			var query = "?op=rpc&subop=purge&ids="+
 				param_escape(sel_rows.toString()) + "&days=" + pr;
 			debug(query);
-			new Ajax.Request(query,	{
+			new Ajax.Request("prefs.php",	{
 				parameters: query,
 				onComplete: function(transport) {
 					notify('');
 				} });
@@ -674,10 +688,11 @@ function removeSelectedFeedCats() {
 		if (ok) {
 			notify_progress("Removing selected categories...");
-			var query = "backend.php?op=pref-feeds&subop=editCats&action=remove&ids="+
+			var query = "?op=pref-feeds&subop=editCats&action=remove&ids="+
 				param_escape(sel_rows.toString());
-			new Ajax.Request(query,	{
+			new Ajax.Request("backend.php",	{
 				parameters: query,
 				onComplete: function(transport) {
 					infobox_feed_cat_callback2(transport);
 				} });
@@ -792,13 +807,14 @@ function filterEditSave() {
 		notify_progress("Saving filter...");
-		var query = "backend.php?" + Form.serialize("filter_edit_form");
+		var query = "?" + Form.serialize("filter_edit_form");
 		closeInfoBox();
 		$("create_filter_btn").disabled = false;
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 				parameters: query,
 				onComplete: function(transport) {
 						filterlist_callback2(transport);
 			} });
@@ -852,10 +868,11 @@ function resetSelectedUserPass() {
 			var id = rows[0];
-			var query = "backend.php?op=pref-users&subop=resetPass&id=" +
+			var query = "?op=pref-users&subop=resetPass&id=" +
 				param_escape(id);
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					userlist_callback2(transport); 
 				} });
@@ -887,9 +904,10 @@ function selectedUserDetails() {
 		var id = rows[0];
-		var query = "backend.php?op=pref-users&subop=user-details&id=" + id;
+		var query = "?op=pref-users&subop=user-details&id=" + id;
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 			parameters: query,
 			onComplete: function(transport) {
 					infobox_callback2(transport);
 				} });
@@ -954,10 +972,11 @@ function editSelectedFeeds() {
 		notify_progress("Loading, please wait...");
-		var query = "backend.php?op=pref-feeds&subop=editfeeds&ids=" +
+		var query = "?op=pref-feeds&subop=editfeeds&ids=" +
 			param_escape(rows.toString());
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 			parameters: query,
 			onComplete: function(transport) {
 					infobox_callback2(transport);
 				} });
@@ -998,11 +1017,12 @@ function updateFilterList(sort_key) {
 		var search = "";
 		if (filter_search) { search = filter_search.value; }
-		var query = "backend.php?op=pref-filters&sort=" + 
+		var query = "?op=pref-filters&sort=" + 
 			param_escape(sort_key) + 
 			"&search=" + param_escape(search);
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 				parameters: query,
 				onComplete: function(transport) {
 						filterlist_callback2(transport);
 			} });
@@ -1021,11 +1041,12 @@ function updateLabelList(sort_key) {
 		var search = "";
 		if (label_search) { search = label_search.value; }
-		var query = "backend.php?op=pref-labels&sort=" + 
+		var query = "?op=pref-labels&sort=" + 
 			param_escape(sort_key) +
 			"&search=" + param_escape(search);
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 			parameters: query,
 			onComplete: function(transport) {
 				labellist_callback2(transport);
 			} });
@@ -1037,9 +1058,10 @@ function updateLabelList(sort_key) {
 function updatePrefsList() {
-	var query = "backend.php?op=pref-prefs";
+	var query = "?op=pref-prefs";
-	new Ajax.Request(query, {
+	new Ajax.Request("backend.php", {
 		parameters: query,
 		onComplete: function(transport) { 
 			prefslist_callback2(transport); 
 		} });
@@ -1224,9 +1246,10 @@ function init() {
 		loading_set_progress(30);
-		var query = "backend.php?op=rpc&subop=sanityCheck";
+		var query = "?op=rpc&subop=sanityCheck";
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				backend_sanity_check_callback2(transport);
 			} });
@@ -1247,10 +1270,11 @@ function categorizeSelectedFeeds() {
 		notify_progress("Changing category of selected feeds...");
-		var query = "backend.php?op=pref-feeds&subop=categorize&ids="+
+		var query = "?op=pref-feeds&subop=categorize&ids="+
 			param_escape(sel_rows.toString()) + "&cat_id=" + param_escape(cat_id);
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				feedlist_callback2(transport); 
 			} });
@@ -1297,10 +1321,11 @@ function feedBrowserSubscribe() {
 		if (selected.length > 0) {
 			closeInfoBox();
-			var query = "backend.php?op=pref-feeds&subop=massSubscribe&ids="+
+			var query = "?op=pref-feeds&subop=massSubscribe&ids="+
 				param_escape(selected.toString());
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					feedlist_callback2(transport); 
 				} });
@@ -1609,9 +1634,10 @@ function editFeedCats() {
 			// this button is not always available, no-op if not found
 		}
-		var query = "backend.php?op=pref-feeds&subop=editCats";
+		var query = "?op=pref-feeds&subop=editCats";
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 			parameters: query,
 			onComplete: function(transport) {
 				infobox_feed_cat_callback2(transport);
 			} });
@@ -1711,9 +1737,10 @@ function pubRegenKey() {
 		notify_progress("Trying to change address...");
-		var query = "backend.php?op=rpc&subop=regenPubKey";
+		var query = "?op=rpc&subop=regenPubKey";
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) {
 					replace_pubkey_callback(transport);
 				} });
@@ -1804,9 +1831,10 @@ function clearFeedArticles(feed_id) {
 	notify_progress("Clearing feed...");
-	var query = "backend.php?op=pref-feeds&quiet=1&subop=clear&id=" + feed_id;
+	var query = "?op=pref-feeds&quiet=1&subop=clear&id=" + feed_id;
-	new Ajax.Request(query,	{
+	new Ajax.Request("backend.php",	{
 		parameters: query,
 		onComplete: function(transport) {
 				notify('');
 			} });
@@ -1826,10 +1854,11 @@ function rescoreSelectedFeeds() {
 		if (ok) {
 			notify_progress("Rescoring selected feeds...", true);
-			var query = "backend.php?op=pref-feeds&subop=rescore&quiet=1&ids="+
+			var query = "?op=pref-feeds&subop=rescore&quiet=1&ids="+
 				param_escape(sel_rows.toString());
-			new Ajax.Request(query,	{
+			new Ajax.Request("backend.php",	{
 				parameters: query,
 				onComplete: function(transport) {
 						notify_callback2(transport);
 			} });
@@ -1848,9 +1877,10 @@ function rescore_all_feeds() {
 	if (ok) {
 		notify_progress("Rescoring feeds...", true);
-		var query = "backend.php?op=pref-feeds&subop=rescoreAll&quiet=1";
+		var query = "?op=pref-feeds&subop=rescoreAll&quiet=1";
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 			parameters: query,
 			onComplete: function(transport) {
 					notify_callback2(transport);
 		} });
@@ -1870,10 +1900,11 @@ function removeFilter(id, title) {
 			notify_progress("Removing filter...");
-			var query = "backend.php?op=pref-filters&subop=remove&ids="+
+			var query = "?op=pref-filters&subop=remove&ids="+
 				param_escape(id);
-			new Ajax.Request(query,	{
+			new Ajax.Request("backend.php",	{
 				parameters: query,
 				onComplete: function(transport) {
 						filterlist_callback2(transport);
 			} });
@@ -1900,10 +1931,11 @@ function unsubscribeFeed(id, title) {
 			notify_progress("Removing feed...");
-			var query = "backend.php?op=pref-feeds&subop=remove&ids="+
+			var query = "?op=pref-feeds&subop=remove&ids="+
 				param_escape(id);
-			new Ajax.Request(query,	{
+			new Ajax.Request("backend.php", {
 					parameters: query,
 					onComplete: function(transport) {
 							feedlist_callback2(transport);
 				} });
@@ -2009,10 +2041,11 @@ function labelColorReset() {
 		if (ok) {
-			var query = "backend.php?op=pref-labels&subop=color-reset&ids="+
+			var query = "?op=pref-labels&subop=color-reset&ids="+
 				param_escape(labels.toString());
-			new Ajax.Request(query,	{
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) {
 						labellist_callback2(transport);
 					} });
@@ -2036,7 +2069,7 @@ function labelColorAsk(id, kind) {
 		if (p != null) {
-			var query = "backend.php?op=pref-labels&subop=color-set&kind=" + kind +
+			var query = "?op=pref-labels&subop=color-set&kind=" + kind +
 				"&ids="+	param_escape(id) + "&color=" + param_escape(p);
 			selectPrefRows('label', false);
@@ -2051,7 +2084,7 @@ function labelColorAsk(id, kind) {
 				}
 			}
-			new Ajax.Request(query);
+			new Ajax.Request("backend.php", { parameters: query });
 		}
 	} catch (e) {
@@ -2092,7 +2125,7 @@ function colorPickerHideAll() {
 function colorPickerDo(id, fg, bg) {
 	try {
-		var query = "backend.php?op=pref-labels&subop=color-set&kind=both"+
+		var query = "?op=pref-labels&subop=color-set&kind=both"+
 			"&ids=" + param_escape(id) + "&fg=" + param_escape(fg) + 
 			"&bg=" + param_escape(bg);
@@ -2103,7 +2136,7 @@ function colorPickerDo(id, fg, bg) {
 			e.style.backgroundColor = bg;
 		}
-		new Ajax.Request(query);
+		new Ajax.Request("backend.php", { parameters: query });
 	} catch (e) {
 		exception_error("colorPickerDo", e);
--- a/tt-rss.js
+++ b/tt-rss.js
@@ -229,7 +229,8 @@ function scheduleFeedUpdate(force) {
 	debug("REFETCH query: " + query_str);
-	new Ajax.Request(query_str, {
+	new Ajax.Request("backend.php", {
 		parameters: query_str,
 		onComplete: function(transport) { 
 				refetch_callback2(transport); 
 			} });
@@ -266,7 +267,8 @@ function updateFeedList(silent, fetch) {
 	debug("updateFeedList Q=" + query_str);
-	new Ajax.Request(query_str, {
+	new Ajax.Request("backend.php", {
 		parameters: query_str,
 		onComplete: function(transport) { 
 			feedlist_callback2(transport); 
 		} });
@@ -285,7 +287,8 @@ function catchupAllFeeds() {
 		debug("catchupAllFeeds Q=" + query_str);
-		new Ajax.Request(query_str, {
+		new Ajax.Request("backend.php", {
 			parameters: query_str,
 			onComplete: function(transport) { 
 				feedlist_callback2(transport); 
 			} });
@@ -401,7 +404,8 @@ function init() {
 		loading_set_progress(30);
-		new Ajax.Request("backend.php?op=rpc&subop=sanityCheck" + params,	{
+		new Ajax.Request("backend.php",	{
 			parameters: "backend.php?op=rpc&subop=sanityCheck" + params,
 			onComplete: function(transport) {
 					backend_sanity_check_callback(transport);
 				} });
@@ -677,11 +681,12 @@ function quickMenuGo(opid) {
 			if (confirm(__("Reset category order?"))) {
-				var query = "backend.php?op=feeds&subop=catsortreset";
+				var query = "?op=feeds&subop=catsortreset";
 				notify_progress("Loading, please wait...", true);
-				new Ajax.Request(query, {
+				new Ajax.Request("backend.php", {
 					parameters: query,
 					onComplete: function(transport) { 
 						window.setTimeout('updateFeedList(false, false)', 50);
 					} });
@@ -701,9 +706,10 @@ function unsubscribeFeed(feed_id, title) {
 	if (title == undefined || confirm(msg)) {
 		notify_progress("Removing feed...");
-		var query = "backend.php?op=pref-feeds&quiet=1&subop=remove&ids=" + feed_id;
+		var query = "?op=pref-feeds&quiet=1&subop=remove&ids=" + feed_id;
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) {
 					dlg_frefresh_callback(transport, feed_id);
 				} });
@@ -840,16 +846,17 @@ function editFeedDlg(feed) {
 		var query = "";
 		if (feed > 0) {
-			query = "backend.php?op=pref-feeds&subop=editfeed&id=" +	param_escape(feed);
+			query = "?op=pref-feeds&subop=editfeed&id=" +	param_escape(feed);
 		} else {
-			query = "backend.php?op=pref-labels&subop=edit&id=" +	param_escape(-feed-11);
+			query = "?op=pref-labels&subop=edit&id=" +	param_escape(-feed-11);
 		}
 		disableHotkeys();
 		notify_progress("Loading, please wait...", true);
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				infobox_callback2(transport); 
 			} });
@@ -897,9 +904,10 @@ function clearFeedArticles(feed_id) {
 	notify_progress("Clearing feed...");
-	var query = "backend.php?op=pref-feeds&quiet=1&subop=clear&id=" + feed_id;
+	var query = "?op=pref-feeds&quiet=1&subop=clear&id=" + feed_id;
-	new Ajax.Request(query,	{
+	new Ajax.Request("backend.php",	{
 		parameters: query,
 		onComplete: function(transport) {
 				dlg_frefresh_callback(transport, feed_id);
 			} });
@@ -941,9 +949,9 @@ function collapse_feedlist() {
 				if (fc) fc.style.left = fl.offsetWidth + 40 + "px";
 			}
-			query = "backend.php?op=rpc&subop=setpref&key=_COLLAPSED_FEEDLIST&value=false";
+			query = "?op=rpc&subop=setpref&key=_COLLAPSED_FEEDLIST&value=false";
-			new Ajax.Request(query);
+			new Ajax.Request("backend.php", { parameters: query });
 		} else {
 			Element.hide(fl);
@@ -965,9 +973,9 @@ function collapse_feedlist() {
 			}
-			query = "backend.php?op=rpc&subop=setpref&key=_COLLAPSED_FEEDLIST&value=true";
+			query = "?op=rpc&subop=setpref&key=_COLLAPSED_FEEDLIST&value=true";
-			new Ajax.Request(query);
+			new Ajax.Request("backend.php", { parameters: query });
 		}
 	} catch (e) {
@@ -991,9 +999,10 @@ function viewLimitChanged() {
 		var pr = prompt(__("Assign score to article:"), score);
 		if (pr != undefined) {
-			var query = "backend.php?op=rpc&subop=setScore&id=" + id + "&score=" + pr;
+			var query = "?op=rpc&subop=setScore&id=" + id + "&score=" + pr;
-			new Ajax.Request(query,	{
+			new Ajax.Request("backend.php",	{
 			parameters: query,
 			onComplete: function(transport) {
 					viewCurrentFeed();
 				} });
@@ -1024,12 +1033,13 @@ function rescoreCurrentFeed() {
 	if (confirm(pr)) {
 		notify_progress("Rescoring articles...");
-		var query = "backend.php?op=pref-feeds&subop=rescore&quiet=1&ids=" + actid;
+		var query = "?op=pref-feeds&subop=rescore&quiet=1&ids=" + actid;
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
-		onComplete: function(transport) {
+			parameters: query,
-			viewCurrentFeed();
+			onComplete: function(transport) {
-		} });
+				viewCurrentFeed();
 			} });
 	}
 }
@@ -1456,12 +1466,13 @@ function addLabel() {
 				return false;
 			}
-			var query = "backend.php?op=pref-labels&subop=add&caption=" + 
+			var query = "?op=pref-labels&subop=add&caption=" + 
 				param_escape(caption);
 			notify_progress("Loading, please wait...", true);
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					updateFeedList();
 			} });
@@ -1491,7 +1502,8 @@ function feedBrowserSubscribe() {
 			var query =  "backend.php?op=pref-feeds&subop=massSubscribe&ids="+
 				param_escape(selected.toString());
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					updateFeedList();
 				} });
--- a/viewfeed.js
+++ b/viewfeed.js
@@ -474,7 +474,7 @@ function view(id, feed_id) {
 		//setActiveFeedId(feed_id);
-		var query = "backend.php?op=view&id=" + param_escape(id) +
+		var query = "?op=view&id=" + param_escape(id) +
 			"&feed=" + param_escape(feed_id);
 		var date = new Date();
@@ -556,7 +556,8 @@ function view(id, feed_id) {
 		last_requested_article = id;
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				article_callback2(transport, id, feed_id); 
 			} });
@@ -614,7 +615,7 @@ function toggleMark(id, client_only, no_effects) {
 	try {
-		var query = "backend.php?op=rpc&id=" + id + "&subop=mark";
+		var query = "?op=rpc&id=" + id + "&subop=mark";
 		query = query + "&afid=" + getActiveFeedId();
@@ -663,7 +664,8 @@ function toggleMark(id, client_only, no_effects) {
 		if (!client_only) {
 			debug(query);
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					all_counters_callback2(transport); 
 				} });
@@ -679,7 +681,7 @@ function togglePub(id, client_only, no_effects, note) {
 	try {
-		var query = "backend.php?op=rpc&id=" + id + "&subop=publ";
+		var query = "?op=rpc&id=" + id + "&subop=publ";
 		query = query + "&afid=" + getActiveFeedId();
@@ -721,7 +723,8 @@ function togglePub(id, client_only, no_effects, note) {
 		}
 		if (!client_only) {
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					toggle_published_callback(transport); 
 				} });
@@ -946,15 +949,13 @@ function toggleUnread(id, cmode, effect) {
 			if (cmode == undefined) cmode = 2;
-			var query = "backend.php?op=rpc&subop=catchupSelected" +
+			var query = "?op=rpc&subop=catchupSelected" +
-				"&cmode=" + param_escape(cmode);
+				"&cmode=" + param_escape(cmode) + "&ids=" + param_escape(id);
 			var ids = "?ids=" + param_escape(id);
 //			notify_progress("Loading, please wait...");
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
-				parameters: ids,
+				parameters: query,
 				onComplete: function(transport) { 
 					all_counters_callback2(transport); 
 				} });
@@ -980,14 +981,15 @@ function selectionRemoveLabel(id) {
 //		if (ok) {
-			var query = "backend.php?op=rpc&subop=removeFromLabel&ids=" +
+			var query = "?op=rpc&subop=removeFromLabel&ids=" +
 				param_escape(ids.toString()) + "&lid=" + param_escape(id);
 //			notify_progress("Loading, please wait...");
 			cache_invalidate("F:" + (-11 - id));
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					show_labels_in_headlines(transport);
 					all_counters_callback2(transport);
@@ -1017,12 +1019,13 @@ function selectionAssignLabel(id) {
 			cache_invalidate("F:" + (-11 - id));
-			var query = "backend.php?op=rpc&subop=assignToLabel&ids=" +
+			var query = "?op=rpc&subop=assignToLabel&ids=" +
 				param_escape(ids.toString()) + "&lid=" + param_escape(id);
 //			notify_progress("Loading, please wait...");
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					show_labels_in_headlines(transport);
 					all_counters_callback2(transport);
@@ -1102,15 +1105,13 @@ function selectionToggleUnread(cdm_mode, set_state, callback_func, no_error) {
 				cmode = "0";
 			}
-			var query = "backend.php?op=rpc&subop=catchupSelected" +
+			var query = "?op=rpc&subop=catchupSelected" +
-				"&cmode=" + cmode;
+				"&cmode=" + cmode + "&ids=" + param_escape(rows.toString()); 
 			var ids = "?ids=" + param_escape(rows.toString()); 
 			notify_progress("Loading, please wait...");
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
-				parameters: ids,
+				parameters: query,
 				onComplete: function(transport) { 
 					catchup_callback2(transport, callback_func); 
 				} });
@@ -1146,7 +1147,7 @@ function selectionToggleMarked(cdm_mode) {
 		if (rows.length > 0) {
-			var query = "backend.php?op=rpc&subop=markSelected&ids=" +
+			var query = "?op=rpc&subop=markSelected&ids=" +
 				param_escape(rows.toString()) + "&cmode=2";
 			query = query + "&afid=" + getActiveFeedId();
@@ -1159,7 +1160,8 @@ function selectionToggleMarked(cdm_mode) {
 			query = query + "&omode=lc";
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					all_counters_callback2(transport); 
 				} });
@@ -1193,7 +1195,7 @@ function selectionTogglePublished(cdm_mode) {
 		if (rows.length > 0) {
-			var query = "backend.php?op=rpc&subop=publishSelected&ids=" +
+			var query = "?op=rpc&subop=publishSelected&ids=" +
 				param_escape(rows.toString()) + "&cmode=2";
 			query = query + "&afid=" + getActiveFeedId();
@@ -1206,7 +1208,8 @@ function selectionTogglePublished(cdm_mode) {
 			query = query + "&omode=lc";
-			new Ajax.Request(query, {
+			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					all_counters_callback2(transport); 
 				} });
@@ -1357,11 +1360,12 @@ function deleteSelection() {
 			return;
 		}
-		query = "backend.php?op=rpc&subop=delete&ids=" + param_escape(rows);
+		query = "?op=rpc&subop=delete&ids=" + param_escape(rows);
 		debug(query);
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php",	{
 			parameters: query,
 			onComplete: function(transport) {
 					viewCurrentFeed();
 				} });
@@ -1408,7 +1412,7 @@ function archiveSelection() {
 			return;
 		}
-		query = "backend.php?op=rpc&subop="+op+"&ids=" + param_escape(rows);
+		query = "?op=rpc&subop="+op+"&ids=" + param_escape(rows);
 		debug(query);
@@ -1416,7 +1420,8 @@ function archiveSelection() {
 			cache_invalidate(rows[i]);
 		}
-		new Ajax.Request(query,	{
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) {
 					viewCurrentFeed();
 				} });
@@ -1513,11 +1518,12 @@ function editTagsSave() {
 	var query = Form.serialize("tag_edit_form");
-	query = "backend.php?op=rpc&subop=setArticleTags&" + query;
+	query = "?op=rpc&subop=setArticleTags&" + query;
 	debug(query);
-	new Ajax.Request(query,	{
+	new Ajax.Request("backend.php",	{
 		parameters: query,
 		onComplete: function(transport) {
 				tag_saved_callback(transport);
 			} });
@@ -1708,13 +1714,11 @@ function cdmWatchdog() {
 				}
 			}
-			var query = "backend.php?op=rpc&subop=catchupSelected" +
+			var query = "?op=rpc&subop=catchupSelected" +
-				"&cmode=0";
+				"&cmode=0" + "&ids=" + param_escape(ids.toString());
-			var ids = "?ids=" + param_escape(ids.toString());
+			new Ajax.Request("backend.php", {
-
+				parameters: query,
 			new Ajax.Request(query, {
 				parameters: ids,
 				onComplete: function(transport) { 
 					all_counters_callback2(transport); 
 				} });
@@ -1972,9 +1976,11 @@ function preloadArticleUnderPointer(id) {
 			cids_to_request.push(id);
-			var query = "backend.php?op=rpc&subop=getArticles&ids=" + 
+			var query = "?op=rpc&subop=getArticles&ids=" + 
 				cids_to_request.toString();
-			new Ajax.Request(query, {
+
 			new Ajax.Request("backend.php", {
 				parameters: query,
 				onComplete: function(transport) { 
 					preload_article_callback(transport);
 			} });
@@ -2092,13 +2098,11 @@ function catchupRelativeToArticle(below) {
 					e.className = e.className.replace("Unread", "");
 				}
-				var query = "backend.php?op=rpc&subop=catchupSelected" +
+				var query = "?op=rpc&subop=catchupSelected" +
-					"&cmode=0";
+					"&cmode=0" + "&ids=" + param_escape(ids_to_mark.toString()); 
-				var ids = "?ids=" + param_escape(ids_to_mark.toString()); 
+				new Ajax.Request("backend.php", {
-
+					parameters: query,
 				new Ajax.Request(query, {
 					parameters: ids,
 					onComplete: function(transport) { 
 						catchup_callback2(transport); 
 					} });
@@ -2252,11 +2256,12 @@ function zoomToArticle(id) {
 function showOriginalArticleInline(id) {
 	try {
-		var query = "backend.php?op=rpc&subop=getArticleLink&id=" + id;
+		var query = "?op=rpc&subop=getArticleLink&id=" + id;
 		notify_progress("Loading, please wait...", true);
-		new Ajax.Request(query, {
+		new Ajax.Request("backend.php", {
 			parameters: query,
 			onComplete: function(transport) { 
 				if (transport.responseXML) {