fixes #3550

Closes #3550 Merge request studip/studip!2438

fixes #3550
260f0ce2 · Jan-Hendrik Willms · Jan-Hendrik Willms · 21a10257 · 260f0ce2 · 260f0ce2
Commit 260f0ce2 authored 1 year ago by Jan-Hendrik Willms Committed by Jan-Hendrik Willms 1 year ago
--- a/app/controllers/accessibility/forms.php
+++ b/app/controllers/accessibility/forms.php
@@ -91,6 +91,24 @@ class Accessibility_FormsController extends StudipController
            )
        );
+        // Add a honeypot value and timestamp
+        $personal_data_part->addInput(
+            new \Studip\Forms\TextInput(
+                'homepage',
+                _('Homepage'),
+                '',
+                [
+                    'aria-hidden' => 'true',
+                    'class'       => 'sr-only',
+                    'placeholder' => _('Dieses Feld nicht ausfüllen'),
+                    'title'       => _('Dieses Feld nicht ausfüllen'),
+                ]
+            )
+        );
+        $this->form->addInput(
+            new \Studip\Forms\HiddenInput('time', '', time())
+        );
        $personal_data_part->addText(sprintf('<p>%s</p>',
            _('Informationen zum Datenschutz dieses Formulars finden Sie in der Datenschutzerklärung.')));
@@ -118,6 +136,13 @@ class Accessibility_FormsController extends StudipController
        $this->form->setURL($this->report_barrierURL());
        $this->form->addStoreCallback(
            function ($form, $form_values) {
+                if (
+                    $form_values['time'] >= time() - 2
+                    || !empty($form_values['homepage'])
+                ) {
+                    return 0;
+                }
                $recipients = Config::get()->ACCESSIBILITY_RECEIVER_EMAIL;
                if (empty($recipients)) {
                    //Fallback: Use the UNI_CONTACT mail address:

--- a/db/migrations/5.3.22_add_report_barrier_mode_configuration.php
+++ b/db/migrations/5.3.22_add_report_barrier_mode_configuration.php
+<?php
+final class AddReportBarrierModeConfiguration extends Migration
+{
+    public function description()
+    {
+        return 'Adds the configuration option REPORT_BARRIER_MODE';
+    }
+    protected function up()
+    {
+        $query = "INSERT IGNORE INTO `config` (
+                    `field`, `value`, `type`, `range`,
+                    `section`, `description`,
+                    `mkdate`, `chdate`
+                  ) VALUES (
+                    'REPORT_BARRIER_MODE', 'on', 'string', 'global',
+                    'accessibility', 'Einstellungen zum Formular zu Melden einer Barriere (\"on\" = immer an, \"logged-in\" = nur für angemeldete Personen, \"off\" = ausgeschaltet)',
+                    UNIX_TIMESTAMP(), UNIX_TIMESTAMP()
+                  )";
+        DBManager::get()->exec($query);
+    }
+    protected function down()
+    {
+        $query = "DELETE config, config_values
+                  FROM `config`
+                  LEFT JOIN `config_values` USING(`field`)
+                  WHERE `field` = 'REPORT_BARRIER_MODE'";
+        DBManager::get()->exec($query);
+    }
+}
--- a/lib/navigation/FooterNavigation.php
+++ b/lib/navigation/FooterNavigation.php
@@ -60,15 +60,23 @@ class FooterNavigation extends Navigation
            );
        }
-        $this->addSubNavigation(
+        if (
-            'report_barrier',
+            Config::get()->REPORT_BARRIER_MODE === 'on'
-            new Navigation(
+            || (
-                _('Barriere melden'),
+                Config::get()->REPORT_BARRIER_MODE === 'logged-in'
-                URLHelper::getURL(
+                && User::findCurrent()
-                    'dispatch.php/accessibility/forms/report_barrier',
-                    ['page' => Request::url(), 'cancel_login' => '1']
-                )
            )
-        );
+        ) {
+            $this->addSubNavigation(
+                'report_barrier',
+                new Navigation(
+                    _('Barriere melden'),
+                    URLHelper::getURL(
+                        'dispatch.php/accessibility/forms/report_barrier',
+                        ['page' => Request::url(), 'cancel_login' => '1']
+                    )
+                )
+            );
+        }
    }
 }
--- a/resources/assets/stylesheets/studip.scss
+++ b/resources/assets/stylesheets/studip.scss
@@ -139,3 +139,10 @@ div.indent { margin-left: 2em; }
        }
    }
 }
+// Hide honeypot field from report barrier form
+body#accessibility-forms-report_barrier {
+    .formpart[data-form-input-for="homepage"] {
+        @extend .sr-only;
+    }
+}
--- a/templates/forms/datetimepicker_input.php
+++ b/templates/forms/datetimepicker_input.php
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
    <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
        <span class="textlabel">
            <?= htmlReady($this->title) ?>

--- a/templates/forms/i18n_formatted_input.php
+++ b/templates/forms/i18n_formatted_input.php
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
    <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
        <span class="textlabel">
            <?= htmlReady($this->title) ?>

--- a/templates/forms/i18n_text_input.php
+++ b/templates/forms/i18n_text_input.php
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
    <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
        <span class="textlabel">
            <?= htmlReady($this->title) ?>

--- a/templates/forms/i18n_textarea_input.php
+++ b/templates/forms/i18n_textarea_input.php
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
    <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
        <span class="textlabel">
            <?= htmlReady($this->title) ?>

--- a/templates/forms/multiselect_input.php
+++ b/templates/forms/multiselect_input.php
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
    <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
        <span class="textlabel">
            <?= htmlReady($this->title) ?>

--- a/templates/forms/quicksearch_input.php
+++ b/templates/forms/quicksearch_input.php
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
    <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
        <span class="textlabel">
            <?= htmlReady($this->title) ?>

--- a/templates/forms/select_input.php
+++ b/templates/forms/select_input.php
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
    <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
        <span class="textlabel">
            <?= htmlReady($this->title) ?>

--- a/templates/forms/text_input.php
+++ b/templates/forms/text_input.php
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
    <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
        <span class="textlabel">
            <?= htmlReady($this->title) ?>

--- a/templates/forms/wysiwyg_input.php
+++ b/templates/forms/wysiwyg_input.php
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
    <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
        <span class="textlabel">
            <?= htmlReady($this->title) ?>