diff --git a/core/util.inc.php b/core/util.inc.php
index 94cf1eb0..1d5460f9 100644
--- a/core/util.inc.php
+++ b/core/util.inc.php
@@ -15,6 +15,16 @@ function html_escape($input) {
return htmlentities($input, ENT_QUOTES, "UTF-8");
}
+/**
+ * Unescape data that was made safe for printing into HTML
+ *
+ * @param $input
+ * @return string
+ */
+function html_unescape($input) {
+ return html_entity_decode($input, ENT_QUOTES, "UTF-8");
+}
+
/**
* Make sure some data is safe to be used in integer context
*
diff --git a/ext/comment/theme.php b/ext/comment/theme.php
index 20e963f9..f017bdb3 100644
--- a/ext/comment/theme.php
+++ b/ext/comment/theme.php
@@ -259,8 +259,6 @@ class CommentListTheme extends Themelet {
else {
$h_userlink = ''.$h_name.'';
}
- $stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50));
- $stripped_nonl = str_replace("\r", "\\r", $stripped_nonl);
$hb = ($comment->owner_class == "hellbanned" ? "hb" : "");
if($trim) {
@@ -280,9 +278,14 @@ class CommentListTheme extends Themelet {
}
$h_reply = " - Reply";
$h_ip = $user->can("view_ip") ? "
".show_ip($comment->poster_ip, "Comment posted {$comment->posted}") : "";
- $h_del = $user->can("delete_comment") ?
- ' - Del' : '';
+ $h_del = "";
+ if ($user->can("delete_comment")) {
+ $comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
+ $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
+ $h_delete_script = html_escape("return confirm($j_delete_confirm_message);");
+ $h_delete_link = make_link("comment/delete/$i_comment_id/$i_image_id");
+ $h_del = " - Del";
+ }
$html = "
$h_userlink $h_del
"; diff --git a/themes/danbooru2/comment.theme.php b/themes/danbooru2/comment.theme.php index 081537bb..a9fef1dd 100644 --- a/themes/danbooru2/comment.theme.php +++ b/themes/danbooru2/comment.theme.php @@ -101,12 +101,15 @@ class CustomCommentListTheme extends CommentListTheme { $i_image_id = int_escape($comment->image_id); $h_posted = autodate($comment->posted); - $stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50)); - $stripped_nonl = str_replace("\r", "\\r", $stripped_nonl); $h_userlink = "$h_name"; - $h_del = $user->can("delete_comment") ? - ' - Del' : ''; + $h_del = ""; + if ($user->can("delete_comment")) { + $comment_preview = substr(html_unescape($tfe->stripped), 0, 50); + $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview"); + $h_delete_script = html_escape("return confirm($j_delete_confirm_message);"); + $h_delete_link = make_link("comment/delete/$i_comment_id/$i_image_id"); + $h_del = " - Del"; + } //$h_imagelink = $trim ? ">>>\n" : ""; if($trim) { return "$h_posted
$h_comment
$h_userlink $h_del
"; diff --git a/themes/futaba/comment.theme.php b/themes/futaba/comment.theme.php index 29e0b157..bd8a97b8 100644 --- a/themes/futaba/comment.theme.php +++ b/themes/futaba/comment.theme.php @@ -70,13 +70,16 @@ class CustomCommentListTheme extends CommentListTheme { $i_comment_id = int_escape($comment->comment_id); $i_image_id = int_escape($comment->image_id); - $stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50)); - $stripped_nonl = str_replace("\r", "\\r", $stripped_nonl); $h_userlink = "$h_name"; $h_date = $comment->posted; - $h_del = $user->can("delete_comment") ? - ' - Del' : ''; + $h_del = ""; + if ($user->can("delete_comment")) { + $comment_preview = substr(html_unescape($tfe->stripped), 0, 50); + $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview"); + $h_delete_script = html_escape("return confirm($j_delete_confirm_message);"); + $h_delete_link = make_link("comment/delete/$i_comment_id/$i_image_id"); + $h_del = " - Del"; + } $h_reply = "[Reply]"; if($inner_id == 0) {$h_posted
$h_comment