fix: scoped HTMX file validation, add validation to TFE/PeerTube inputs

- Wrap file-field.php validation in <form> to scope hx-include (fixes
  cross-field contamination where cover change triggered note_intention
  validation)
- Add inline MIME/size validation to upload-tfe-file.php
- Add inline validation to PeerTube video/audio and direct video/audio
  file inputs in format-extras-block
- Fallback in validate-file-fragment-shared.php: if field_name doesn't
  match any $_FILES key, try the first uploaded file (handles
  PeerTube inputs where name differs from field_name)
- Fix file-field.php admin_mode using $adminMode variable instead of
  undefined ADMIN_MODE constant

TODO.md

@@ -1,16 +1,7 @@
 # TODO
 
-- [x] Simplify file-upload-queue.js — drop Sortable, keep only single-file previews
+- [x] Fix cross-field validation contamination — wrap file-field.php in <form> to scope hx-include
-- [x] Create session-based upload flow (upload-tfe-file.php, remove-tfe-file.php, tfe-queue-helper.php)
+- [x] Add inline MIME/size validation to upload-tfe-file.php
-- [x] Create admin wrappers for upload/remove endpoints
+- [x] Add inline validation wrappers to PeerTube video/audio and direct video/audio inputs
-- [x] Register new routes in partage/index.php
+- [x] Fix validator fallback: if field_name key missing in $_FILES, try first available file
-- [x] Update fichiers-fragment.php — HTMX-powered file input + server-rendered queue + progress bar
+- [x] Fix file-field.php admin_mode using $adminMode variable instead of undefined ADMIN_MODE constant
-- [x] Update ThesisCreateController — read TFE files from session temp
-- [x] Update ThesisEditController — read TFE files from session temp
-- [x] Add handleTfeFilesFromSession + writeTfeFileFromSrc + cleanupSessionUploads to ThesisFileHandler trait
-- [x] Remove sortable.min.js script tags from add.php, edit.php, index.php
-- [x] Clean up form.php — remove drag handles, sortable hints
-- [x] Clean up fieldset-files.php — remove sortable references
-- [x] Clean up CSS — remove .fq-drag-handle, .fq-ghost, .sortable-ghost
-- [x] Fix closure syntax (use before return type) in tfe-queue-helper.php
-- [x] Commit

app/public/.htaccess

@@ -1,16 +1,20 @@
 # PHP upload limits for large thesis files (PDFs, video, audio)
+# TFE files are uploaded incrementally via HTMX (one at a time).
+# PeerTube/direct video/audio uploads + couverture + note_intention
+# are submitted in the final form POST — post_max_size must accommodate
+# the largest combination.
 <IfModule mod_php.c>
     php_value upload_max_filesize 512M
-    php_value post_max_size       520M
+    php_value post_max_size       1024M
-    php_value memory_limit        256M
+    php_value memory_limit        512M
-    php_value max_execution_time  300
+    php_value max_execution_time  600
 </IfModule>
 # mod_php8 variant
 <IfModule mod_php8.c>
     php_value upload_max_filesize 512M
-    php_value post_max_size       520M
+    php_value post_max_size       1024M
-    php_value memory_limit        256M
+    php_value memory_limit        512M
-    php_value max_execution_time  300
+    php_value max_execution_time  600
 </IfModule>
 
 # Prevent directory listing

app/templates/admin/acces.php

@@ -233,6 +233,19 @@
 +%%%%%%% diff from: somsyvxz 249f7943 "Bulk bar anti-shift, tags icons, AP no-wrap, credits reorder" (rebased revision)
 +\\\\\\\        to: mxvvqust 0a424ac8 "refactor: session-based incremental TFE upload via HTMX, drop SortableJS" (rebased revision)
 ++                        $linkName = $link['name'] ?? '';
+++                        $linkExpiresVal = $link['expires_at'] ? date('Y-m-d\TH:i', strtotime($link['expires_at'])) : '';
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% diff from: mxvvqust 0a424ac8 "refactor: session-based incremental TFE upload via HTMX, drop SortableJS" (rebased revision)
+\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\        to: somsyvxz 249f7943 "Bulk bar anti-shift, tags icons, AP no-wrap, credits reorder" (rebased revision)
+-                        $linkName = $link['name'] ?? '';
+-                        $linkExpiresVal = $link['expires_at'] ? date('Y-m-d\TH:i', strtotime($link['expires_at'])) : '';
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% diff from: somsyvxz 14a3cd10 "Bulk bar anti-shift, tags icons, AP no-wrap, credits reorder" (rebase destination)
+\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\        to: yrpmtrsy b15e8131 "fix: scoped HTMX file validation, add validation to TFE/PeerTube inputs" (rebased revision)
+                         $linkName = $link['name'] ?? '';
+                         $linkExpiresVal = $link['expires_at'] ? date('Y-m-d\TH:i', strtotime($link['expires_at'])) : '';
+                         $linkLockedYear = $link['locked_year'] ?? null;
++%%%%%%% diff from: somsyvxz 249f7943 "Bulk bar anti-shift, tags icons, AP no-wrap, credits reorder" (rebased revision)
++\\\\\\\        to: yrpmtrsy 21452e6f "fix: scoped HTMX file validation, add validation to TFE/PeerTube inputs" (rebased revision)
+++                        $linkName = $link['name'] ?? '';
 ++                        $linkExpiresVal = $link['expires_at'] ? date('Y-m-d\TH:i', strtotime($link['expires_at'])) : '';
                     ?>
                     <tr class="admin-table-row" onclick="event.stopPropagation(); window.open('/partage/<?= urlencode($link['slug']) ?>', '_blank')" style="cursor:pointer">