feat: Comment edit/delete, auto-link URLs, markdown tables, mobile fixes

- Add comment edit/delete functionality (owner or admin can modify)
- Add edit/delete buttons to comments in TicketView
- Create update_comment.php and delete_comment.php API endpoints
- Add updateComment() and deleteComment() methods to CommentModel
- Show "(edited)" indicator on modified comments
- Add migration script for updated_at column

- Auto-link URLs in plain text comments (non-markdown)
- Add markdown table support with proper HTML rendering
- Preserve code blocks during markdown parsing

- Fix mobile UI elements showing on desktop (add display:none defaults)
- Add mobile styles for CreateTicketView form elements
- Stack status-priority-row on mobile devices

- Update cache busters to v20260124e
- Update Claude.md and README.md documentation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

api/delete_comment.php

@@ -0,0 +1,105 @@
+<?php
+/**
+ * API endpoint for deleting a comment
+ */
+
+// Disable error display in the output
+ini_set('display_errors', 0);
+error_reporting(E_ALL);
+
+// Apply rate limiting
+require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
+RateLimitMiddleware::apply('api');
+
+// Start output buffering
+ob_start();
+
+try {
+    require_once dirname(__DIR__) . '/config/config.php';
+    require_once dirname(__DIR__) . '/models/CommentModel.php';
+    require_once dirname(__DIR__) . '/models/AuditLogModel.php';
+
+    // Check authentication via session
+    session_start();
+    if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
+        throw new Exception("Authentication required");
+    }
+
+    // CSRF Protection
+    require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
+    $csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
+    if (!CsrfMiddleware::validateToken($csrfToken)) {
+        http_response_code(403);
+        header('Content-Type: application/json');
+        echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
+        exit;
+    }
+
+    $currentUser = $_SESSION['user'];
+    $userId = $currentUser['user_id'];
+    $isAdmin = $currentUser['is_admin'] ?? false;
+
+    // Create database connection
+    $conn = new mysqli(
+        $GLOBALS['config']['DB_HOST'],
+        $GLOBALS['config']['DB_USER'],
+        $GLOBALS['config']['DB_PASS'],
+        $GLOBALS['config']['DB_NAME']
+    );
+
+    if ($conn->connect_error) {
+        throw new Exception("Database connection failed");
+    }
+
+    // Get data - support both POST body and query params
+    $data = json_decode(file_get_contents('php://input'), true);
+
+    if (!$data || !isset($data['comment_id'])) {
+        // Try query params
+        if (isset($_GET['comment_id'])) {
+            $data = ['comment_id' => $_GET['comment_id']];
+        } else {
+            throw new Exception("Missing required field: comment_id");
+        }
+    }
+
+    $commentId = (int)$data['comment_id'];
+
+    // Initialize models
+    $commentModel = new CommentModel($conn);
+    $auditLog = new AuditLogModel($conn);
+
+    // Get comment before deletion for audit log
+    $comment = $commentModel->getCommentById($commentId);
+
+    // Delete comment
+    $result = $commentModel->deleteComment($commentId, $userId, $isAdmin);
+
+    // Log the deletion if successful
+    if ($result['success'] && $comment) {
+        $auditLog->log(
+            $userId,
+            'delete',
+            'comment',
+            (string)$commentId,
+            [
+                'ticket_id' => $comment['ticket_id'],
+                'comment_text_preview' => substr($comment['comment_text'], 0, 100)
+            ]
+        );
+    }
+
+    // Discard any unexpected output
+    ob_end_clean();
+
+    header('Content-Type: application/json');
+    echo json_encode($result);
+
+} catch (Exception $e) {
+    ob_end_clean();
+    header('Content-Type: application/json');
+    echo json_encode([
+        'success' => false,
+        'error' => $e->getMessage()
+    ]);
+}

api/update_comment.php

@@ -0,0 +1,102 @@
+<?php
+/**
+ * API endpoint for updating a comment
+ */
+
+// Disable error display in the output
+ini_set('display_errors', 0);
+error_reporting(E_ALL);
+
+// Apply rate limiting
+require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
+RateLimitMiddleware::apply('api');
+
+// Start output buffering
+ob_start();
+
+try {
+    require_once dirname(__DIR__) . '/config/config.php';
+    require_once dirname(__DIR__) . '/models/CommentModel.php';
+    require_once dirname(__DIR__) . '/models/AuditLogModel.php';
+
+    // Check authentication via session
+    session_start();
+    if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
+        throw new Exception("Authentication required");
+    }
+
+    // CSRF Protection
+    require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
+    if ($_SERVER['REQUEST_METHOD'] === 'POST' || $_SERVER['REQUEST_METHOD'] === 'PUT') {
+        $csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
+        if (!CsrfMiddleware::validateToken($csrfToken)) {
+            http_response_code(403);
+            header('Content-Type: application/json');
+            echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
+            exit;
+        }
+    }
+
+    $currentUser = $_SESSION['user'];
+    $userId = $currentUser['user_id'];
+    $isAdmin = $currentUser['is_admin'] ?? false;
+
+    // Create database connection
+    $conn = new mysqli(
+        $GLOBALS['config']['DB_HOST'],
+        $GLOBALS['config']['DB_USER'],
+        $GLOBALS['config']['DB_PASS'],
+        $GLOBALS['config']['DB_NAME']
+    );
+
+    if ($conn->connect_error) {
+        throw new Exception("Database connection failed");
+    }
+
+    // Get POST/PUT data
+    $data = json_decode(file_get_contents('php://input'), true);
+
+    if (!$data || !isset($data['comment_id']) || !isset($data['comment_text'])) {
+        throw new Exception("Missing required fields: comment_id, comment_text");
+    }
+
+    $commentId = (int)$data['comment_id'];
+    $commentText = trim($data['comment_text']);
+    $markdownEnabled = isset($data['markdown_enabled']) && $data['markdown_enabled'];
+
+    if (empty($commentText)) {
+        throw new Exception("Comment text cannot be empty");
+    }
+
+    // Initialize models
+    $commentModel = new CommentModel($conn);
+    $auditLog = new AuditLogModel($conn);
+
+    // Update comment
+    $result = $commentModel->updateComment($commentId, $commentText, $markdownEnabled, $userId, $isAdmin);
+
+    // Log the update if successful
+    if ($result['success']) {
+        $auditLog->log(
+            $userId,
+            'update',
+            'comment',
+            (string)$commentId,
+            ['comment_text_preview' => substr($commentText, 0, 100)]
+        );
+    }
+
+    // Discard any unexpected output
+    ob_end_clean();
+
+    header('Content-Type: application/json');
+    echo json_encode($result);
+
+} catch (Exception $e) {
+    ob_end_clean();
+    header('Content-Type: application/json');
+    echo json_encode([
+        'success' => false,
+        'error' => $e->getMessage()
+    ]);
+}