Move photo deletion from ViewPhoto to EditAsset

Removes the intermediate confirmation page, instead using JavaScript for confirmation.

Fixes an XSS issue, in that the previous method was not passing or checking the session (!)

templates/EditAssetForm.php

@@ -23,7 +23,10 @@ class EditAssetForm extends Template
 			<form id="asset_form" action="" method="post" enctype="multipart/form-data">
 				<div class="content-box">
 					<div class="float-end">
-						<a class="btn btn-danger" href="', BASEURL, '/', $this->asset->getSlug(), '?delete_confirmed">Delete asset</a>
+						<a class="btn btn-danger" href="', $this->asset->getDeleteUrl(), '&',
+							Session::getSessionTokenKey(), '=', Session::getSessionToken(),
+						'" onclick="return confirm(\'Are you sure you want to delete this asset?\');">',
+						'Delete asset</a>
 						<button class="btn btn-primary" type="submit">Save asset data</button>
 					</div>
 					<h2>Edit asset \'', $this->asset->getTitle(), '\' (', $this->asset->getFilename(), ')</h2>