feat: extract MediaController, wire into Dispatcher, delete media.php

app/public/admin/actions/edit.php

@@ -0,0 +1,53 @@
+<?php
+// Bootstrap application
+require_once __DIR__ . "/../../../bootstrap.php";
+require_once __DIR__ . '/../../../src/AdminAuth.php';
+
+// PHP-level auth guard (defence-in-depth behind nginx Basic Auth)
+AdminAuth::requireLogin();
+
+// Only handle POST requests
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    header('Location: ../index.php');
+    exit();
+}
+
+// Verify CSRF token
+if (!isset($_POST['csrf_token']) || !isset($_SESSION['csrf_token']) ||
+    !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
+    error_log("CSRF token validation failed in edit action");
+    die("Erreur de sécurité : token invalide. Veuillez recharger le formulaire.");
+}
+
+$thesisId = isset($_POST['thesis_id']) ? intval($_POST['thesis_id']) : 0;
+if ($thesisId <= 0) {
+    die("ID de TFE invalide.");
+}
+
+require_once APP_ROOT . '/src/Controllers/ThesisEditController.php';
+
+try {
+    $ctrl = ThesisEditController::create();
+    $ctrl->save($thesisId, $_POST, $_FILES);
+
+    // Regenerate CSRF token after successful save
+    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+
+    App::flash('success', "TFE mis à jour avec succès!");
+    header('Location: ../edit.php?id=' . $thesisId);
+    exit();
+
+} catch (Exception $e) {
+    error_log("Edit action error: " . $e->getMessage());
+
+    App::flash('error', $e->getMessage());
+
+    // WCAG 3.3.1 — map error message to field name for autofocus on re-render.
+    $autofocusField = ThesisEditController::autofocusFieldForError($e->getMessage());
+    if ($autofocusField !== null) {
+        App::flashAutofocus($autofocusField);
+    }
+
+    header('Location: ../edit.php?id=' . $thesisId);
+    exit();
+}