refactor: extract edit.php POST handler to actions/edit.php

edit.php was a 530-line file mixing form display, POST handling, file
uploads, and reference-data loading. This refactor splits it along the
same action-file pattern already used by formulaire.php, tag.php, and
page.php.

Changes:
- public/admin/actions/edit.php (new): standalone POST handler; auth
  guard, CSRF check, transaction, redirect with session flash messages
- public/admin/edit.php: display-only; reads edit_success/edit_error
  flash keys from session; form action points to actions/edit.php via
  a hidden thesis_id field instead of a query-string self-post
- src/Database.php: four new methods to remove all raw PDO from both
  files:
    - updateThesis(int, array): void  — UPDATE theses core fields
    - setThesisAuthors(int, array): void  — delete-then-reinsert authors
    - getThesisLanguageIds(int): array — SELECT language_id for form
    - getThesisFormatIds(int): array   — SELECT format_id for form

src/Database.php

@@ -909,6 +909,30 @@ class Database {
         }
     }
 
+    /**
+     * Return the list of language IDs currently linked to a thesis.
+     * @return int[]
+     */
+    public function getThesisLanguageIds(int $thesisId): array {
+        $stmt = $this->pdo->prepare(
+            "SELECT language_id FROM thesis_languages WHERE thesis_id = ?"
+        );
+        $stmt->execute([$thesisId]);
+        return $stmt->fetchAll(PDO::FETCH_COLUMN);
+    }
+
+    /**
+     * Return the list of format IDs currently linked to a thesis.
+     * @return int[]
+     */
+    public function getThesisFormatIds(int $thesisId): array {
+        $stmt = $this->pdo->prepare(
+            "SELECT format_id FROM thesis_formats WHERE thesis_id = ?"
+        );
+        $stmt->execute([$thesisId]);
+        return $stmt->fetchAll(PDO::FETCH_COLUMN);
+    }
+
     /**
      * Replace all tag associations for a thesis.
      * Tags are identified by name (findOrCreateTag is called for each).
@@ -1128,6 +1152,65 @@ class Database {
      *
      * @return int  The new thesis ID.
      */
+    /**
+     * Update core thesis fields.
+     * All columns except identifier, submitted_at, and file-related fields.
+     */
+    public function updateThesis(int $thesisId, array $data): void {
+        $stmt = $this->pdo->prepare("
+            UPDATE theses SET
+                title = ?,
+                subtitle = ?,
+                year = ?,
+                orientation_id = ?,
+                ap_program_id = ?,
+                finality_id = ?,
+                synopsis = ?,
+                context_note = ?,
+                file_size_info = ?,
+                baiu_link = ?,
+                license_id = ?,
+                access_type_id = ?,
+                is_published = ?,
+                updated_at = CURRENT_TIMESTAMP
+            WHERE id = ?
+        ");
+        $stmt->execute([
+            $data['title'],
+            !empty($data['subtitle'])      ? $data['subtitle']      : null,
+            (int)$data['year'],
+            (int)$data['orientation_id'],
+            (int)$data['ap_program_id'],
+            (int)$data['finality_id'],
+            $data['synopsis'],
+            !empty($data['context_note'])  ? $data['context_note']  : null,
+            !empty($data['file_size_info']) ? $data['file_size_info'] : null,
+            !empty($data['baiu_link'])      ? $data['baiu_link']      : null,
+            isset($data['license_id'])      ? $data['license_id']     : null,
+            isset($data['access_type_id'])  ? $data['access_type_id'] : null,
+            $data['is_published'] ? 1 : 0,
+            $thesisId,
+        ]);
+    }
+
+    /**
+     * Replace all author associations for a thesis (delete-then-reinsert).
+     * $authors is an array of ['name' => string, 'email' => string|null].
+     * The first entry is considered the primary author (author_order = 1).
+     */
+    public function setThesisAuthors(int $thesisId, array $authors): void {
+        $this->pdo->prepare("DELETE FROM thesis_authors WHERE thesis_id = ?")->execute([$thesisId]);
+        $stmt = $this->pdo->prepare(
+            "INSERT INTO thesis_authors (thesis_id, author_id, author_order) VALUES (?, ?, ?)"
+        );
+        foreach ($authors as $index => $author) {
+            $name = trim($author['name'] ?? '');
+            if ($name === '') continue;
+            $authorId = $this->findOrCreateAuthor($name, $author['email'] ?? null);
+            $stmt->execute([$thesisId, $authorId, $index + 1]);
+        }
+    }
+
     public function createThesis(array $data): int {
         $identifier = $this->generateThesisIdentifier((int)$data['year']);
 

src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json

@@ -1 +1 @@
-[1774712930]
+[1774717688]