diff --git a/extension/Documentation/Manual.rst b/extension/Documentation/Manual.rst
index bea2d71ff0553fa73758f97237c8e643aec3519e..60da608150ff191bf2f499d2a52f84c705178f40 100644
--- a/extension/Documentation/Manual.rst
+++ b/extension/Documentation/Manual.rst
@@ -4834,7 +4834,7 @@ Note: :ref:`debug` information will only be shown with *showDebugInfo: yes* in c
 Inline Report editing
 ---------------------
 
-For quick changes it might be bothersome to go to the TYPO3 backend to update the page content and reload the page.
+For quick changes it can be bothersome to go to the TYPO3 backend to update the page content and reload the page.
 For this reason, QFQ offers an inline report editing feature whenever there is a TYPO3 BE user logged in. A small
 link symbol will appear on the right-hand side of each report record. Please note that the TYPO3 Frontend cache
 is also deleted upon each inline report save.
diff --git a/extension/qfq/api/save.php b/extension/qfq/api/save.php
index 71fcac1370f6e54d5946b24df78a543eada87cfb..054c54120a3bd9d9728e11d1478dd6cfa097f320 100644
--- a/extension/qfq/api/save.php
+++ b/extension/qfq/api/save.php
@@ -59,6 +59,11 @@ try {
 
         $data = $qfq->saveForm();
 
+        if (isset($data[REPORT_SAVE])) {
+            // Redirect to previous page
+            header("Location: {$_SERVER['HTTP_REFERER']}");
+        }
+
         $arr = $qfq->getForwardMode();
         $answer[API_REDIRECT] = $arr[API_REDIRECT];
         $answer[API_REDIRECT_URL] = $arr[API_REDIRECT_URL];
diff --git a/extension/qfq/api/saveReport.php b/extension/qfq/api/saveReport.php
deleted file mode 100644
index a6c3d246f2b44bae034d803a270aa17673db01a8..0000000000000000000000000000000000000000
--- a/extension/qfq/api/saveReport.php
+++ /dev/null
@@ -1,53 +0,0 @@
-<?php
-/**
- * Created by PhpStorm.
- * User: ep
- * Date: 12/23/15
- * Time: 6:16 PM
- */
-
-namespace qfq;
-
-use qfq;
-
-require_once(__DIR__ . '/../qfq/QuickFormQuery.php');
-require_once(__DIR__ . '/../qfq/store/Store.php');
-require_once(__DIR__ . '/../qfq/Constants.php');
-require_once(__DIR__ . '/../qfq/exceptions/UserFormException.php');
-require_once(__DIR__ . '/../qfq/exceptions/CodeException.php');
-require_once(__DIR__ . '/../qfq/exceptions/DbException.php');
-
-
-/**
- * Return JSON encoded answer
- */
-
-$answer = array();
-
-$answer[API_REDIRECT] = API_ANSWER_REDIRECT_AUTO;
-$answer[API_STATUS] = API_ANSWER_STATUS_ERROR;
-$answer[API_MESSAGE] = '';
-
-try {
-    try {
-        if (isset($_POST[REPORT_INLINE_BODYTEXT])) {
-            $qfq = new QuickFormQuery(['bodytext' => '']);
-            $data = $qfq->saveReport();
-        }
-        // Redirect to previous page
-        header("Location: {$_SERVER['HTTP_REFERER']}");
-        exit;
-    } catch (qfq\UserFormException $e) {
-        $answer[API_MESSAGE] = $e->formatMessage();
-    } catch (qfq\CodeException $e) {
-        $answer[API_MESSAGE] = $e->formatMessage();
-    } catch (qfq\DbException $e) {
-        $answer[API_MESSAGE] = $e->formatMessage();
-    }
-} catch (\Exception $e) {
-    $answer[API_MESSAGE] = "Generic Exception: " . $e->getMessage();
-}
-
-header("Content-Type: application/json");
-echo json_encode($answer);
-
diff --git a/extension/qfq/qfq/Constants.php b/extension/qfq/qfq/Constants.php
index bdee08404a38ffbd96584b44de2ed73f283df033..14b3947df4e0e5b7ed49e19b1b894b679a39ae9e 100644
--- a/extension/qfq/qfq/Constants.php
+++ b/extension/qfq/qfq/Constants.php
@@ -45,6 +45,8 @@ const FORM_BUTTON_DELETE = 'delete';
 const FORM_BUTTON_CLOSE = 'close';
 const FORM_BUTTON_SAVE = 'save';
 
+const REPORT_SAVE = 'reportSave';
+
 const F_BS_COLUMNS = 'bsColumns';
 
 const F_BS_LABEL_COLUMNS = 'bsLabelColumns';
diff --git a/extension/qfq/qfq/QuickFormQuery.php b/extension/qfq/qfq/QuickFormQuery.php
index 4850c80be01b0112c869b7b8048540d20d05bac5..165abb8d8e6be16255421d57cdfa3e63a315d455 100644
--- a/extension/qfq/qfq/QuickFormQuery.php
+++ b/extension/qfq/qfq/QuickFormQuery.php
@@ -23,6 +23,7 @@ use qfq;
 
 
 require_once(__DIR__ . '/store/Store.php');
+require_once(__DIR__ . '/store/Sip.php');
 require_once(__DIR__ . '/store/FillStoreForm.php');
 require_once(__DIR__ . '/store/Session.php');
 require_once(__DIR__ . '/Constants.php');
@@ -1356,8 +1357,6 @@ class QuickFormQuery {
         $bodytext = $this->t3data[T3DATA_BODYTEXT_RAW];
         $header = $this->t3data[T3DATA_HEADER];
 
-        $hiddenInput = "<input type='hidden' name='uid' value='$uid'>";
-
         $icon = Support::renderGlyphIcon(GLYPH_ICON_TASKS);
         $showFormJs = '$("#tt-content-edit-' . $uid . '").toggleClass("hidden")';
         $toggleBtn = Support::wrapTag("<a href='#' onclick='$showFormJs' style='float:right;'>", $icon);
@@ -1379,25 +1378,32 @@ class QuickFormQuery {
             Support::doAttribute('name', REPORT_INLINE_BODYTEXT);
         $codeBox = Support::wrapTag("<textarea $codeBoxAttributes>", $ttContentCode);
 
-        $form = join(' ', [$headerBar, $codeBox, $hiddenInput]);
+        $form = join(' ', [$headerBar, $codeBox]);
+        $sipObj = new Sip;
+        $action = $sipObj->queryStringToSip(API_DIR . "/save.php?uid=$uid&" . REPORT_SAVE . "=1");
         $formAttributes = Support::doAttribute('id', "tt-content-edit-$uid") .
             Support::doAttribute('class', 'hidden') .
             Support::doAttribute('method', 'post') .
-            Support::doAttribute('action', API_DIR . '/saveReport.php');
+            Support::doAttribute('action', $action);
         $form = Support::wrapTag("<form $formAttributes>", $form);
 
         return $toggleBtn . $form;
     }
 
     /**
-     * @return string
      * @throws CodeException
      * @throws DbException
      * @throws UserFormException
      */
     public function saveReport() {
+        $uid = $this->store->getVar(T3DATA_UID, STORE_SIP . STORE_ZERO, SANITIZE_ALLOW_DIGIT);
+        if ($uid == 0) {
+            // Check if it was called with a SIP (containing a uid)
+            // If not, this might be an attack => cancel.
+            return;
+        }
+
         $bodytext = Support::htmlEntityEncodeDecode(MODE_DECODE, $_POST[REPORT_INLINE_BODYTEXT]);
-        $uid = $_POST['uid'];
         $dbT3 = $this->store->getVar(SYSTEM_T3_DB_NAME, STORE_SYSTEM . STORE_EMPTY, SANITIZE_ALLOW_ALNUMX);
         if ($dbT3 == '') {
             $dbData = $this->store->getVar(SYSTEM_DB_NAME_DATA, STORE_SYSTEM, SANITIZE_ALLOW_ALNUMX);
@@ -1412,7 +1418,8 @@ class QuickFormQuery {
         // Need to truncate cf_cache_pages because it is used to restore page-specific cache
         $sql = "DELETE FROM $dbT3.cf_cache_pages WHERE 1";
         $this->dbArray[$this->dbIndexData]->sql($sql);
-        return '';
+
+        $this->formSpec[F_FORWARD_MODE] = 'auto';
     }
 
     /**
@@ -1426,8 +1433,13 @@ class QuickFormQuery {
      * @throws UserReportException
      */
     public function saveForm() {
-
-        $json = $this->doForm(FORM_SAVE);
+        if ($this->store->getVar(REPORT_SAVE, STORE_SIP . STORE_ZERO) == '1') {
+            $this->saveReport();
+            $json = array();
+            $json[REPORT_SAVE] = 1;
+        } else {
+            $json = $this->doForm(FORM_SAVE);
+        }
 
         return $json;
     }