From 260f0ce288a46bd075e3860150c341eb4c1dca32 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Tue, 12 Dec 2023 10:51:59 +0000
Subject: [PATCH] fixes #3550
Closes #3550
Merge request studip/studip!2438
---
app/controllers/accessibility/forms.php | 25 +++++++++++++++
..._add_report_barrier_mode_configuration.php | 31 +++++++++++++++++++
lib/navigation/FooterNavigation.php | 26 ++++++++++------
resources/assets/stylesheets/studip.scss | 7 +++++
templates/forms/datetimepicker_input.php | 2 +-
templates/forms/i18n_formatted_input.php | 2 +-
templates/forms/i18n_text_input.php | 2 +-
templates/forms/i18n_textarea_input.php | 2 +-
templates/forms/multiselect_input.php | 2 +-
templates/forms/quicksearch_input.php | 2 +-
templates/forms/select_input.php | 2 +-
templates/forms/text_input.php | 2 +-
templates/forms/wysiwyg_input.php | 2 +-
13 files changed, 89 insertions(+), 18 deletions(-)
create mode 100644 db/migrations/5.3.22_add_report_barrier_mode_configuration.php
diff --git a/app/controllers/accessibility/forms.php b/app/controllers/accessibility/forms.php
index 6217b91c53e..f4f9adf7ef7 100644
--- a/app/controllers/accessibility/forms.php
+++ b/app/controllers/accessibility/forms.php
@@ -91,6 +91,24 @@ class Accessibility_FormsController extends StudipController
)
);
+ // Add a honeypot value and timestamp
+ $personal_data_part->addInput(
+ new \Studip\Forms\TextInput(
+ 'homepage',
+ _('Homepage'),
+ '',
+ [
+ 'aria-hidden' => 'true',
+ 'class' => 'sr-only',
+ 'placeholder' => _('Dieses Feld nicht ausfüllen'),
+ 'title' => _('Dieses Feld nicht ausfüllen'),
+ ]
+ )
+ );
+ $this->form->addInput(
+ new \Studip\Forms\HiddenInput('time', '', time())
+ );
+
$personal_data_part->addText(sprintf('<p>%s</p>',
_('Informationen zum Datenschutz dieses Formulars finden Sie in der Datenschutzerklärung.')));
@@ -118,6 +136,13 @@ class Accessibility_FormsController extends StudipController
$this->form->setURL($this->report_barrierURL());
$this->form->addStoreCallback(
function ($form, $form_values) {
+ if (
+ $form_values['time'] >= time() - 2
+ || !empty($form_values['homepage'])
+ ) {
+ return 0;
+ }
+
$recipients = Config::get()->ACCESSIBILITY_RECEIVER_EMAIL;
if (empty($recipients)) {
//Fallback: Use the UNI_CONTACT mail address:
diff --git a/db/migrations/5.3.22_add_report_barrier_mode_configuration.php b/db/migrations/5.3.22_add_report_barrier_mode_configuration.php
new file mode 100644
index 00000000000..8acccd3cc75
--- /dev/null
+++ b/db/migrations/5.3.22_add_report_barrier_mode_configuration.php
@@ -0,0 +1,31 @@
+<?php
+final class AddReportBarrierModeConfiguration extends Migration
+{
+ public function description()
+ {
+ return 'Adds the configuration option REPORT_BARRIER_MODE';
+ }
+
+ protected function up()
+ {
+ $query = "INSERT IGNORE INTO `config` (
+ `field`, `value`, `type`, `range`,
+ `section`, `description`,
+ `mkdate`, `chdate`
+ ) VALUES (
+ 'REPORT_BARRIER_MODE', 'on', 'string', 'global',
+ 'accessibility', 'Einstellungen zum Formular zu Melden einer Barriere (\"on\" = immer an, \"logged-in\" = nur für angemeldete Personen, \"off\" = ausgeschaltet)',
+ UNIX_TIMESTAMP(), UNIX_TIMESTAMP()
+ )";
+ DBManager::get()->exec($query);
+ }
+
+ protected function down()
+ {
+ $query = "DELETE config, config_values
+ FROM `config`
+ LEFT JOIN `config_values` USING(`field`)
+ WHERE `field` = 'REPORT_BARRIER_MODE'";
+ DBManager::get()->exec($query);
+ }
+}
diff --git a/lib/navigation/FooterNavigation.php b/lib/navigation/FooterNavigation.php
index 800da377d59..e9e41c84d1b 100644
--- a/lib/navigation/FooterNavigation.php
+++ b/lib/navigation/FooterNavigation.php
@@ -60,15 +60,23 @@ class FooterNavigation extends Navigation
);
}
- $this->addSubNavigation(
- 'report_barrier',
- new Navigation(
- _('Barriere melden'),
- URLHelper::getURL(
- 'dispatch.php/accessibility/forms/report_barrier',
- ['page' => Request::url(), 'cancel_login' => '1']
- )
+ if (
+ Config::get()->REPORT_BARRIER_MODE === 'on'
+ || (
+ Config::get()->REPORT_BARRIER_MODE === 'logged-in'
+ && User::findCurrent()
)
- );
+ ) {
+ $this->addSubNavigation(
+ 'report_barrier',
+ new Navigation(
+ _('Barriere melden'),
+ URLHelper::getURL(
+ 'dispatch.php/accessibility/forms/report_barrier',
+ ['page' => Request::url(), 'cancel_login' => '1']
+ )
+ )
+ );
+ }
}
}
diff --git a/resources/assets/stylesheets/studip.scss b/resources/assets/stylesheets/studip.scss
index be72f0ab70b..bc4d3fb6121 100644
--- a/resources/assets/stylesheets/studip.scss
+++ b/resources/assets/stylesheets/studip.scss
@@ -139,3 +139,10 @@ div.indent { margin-left: 2em; }
}
}
}
+
+// Hide honeypot field from report barrier form
+body#accessibility-forms-report_barrier {
+ .formpart[data-form-input-for="homepage"] {
+ @extend .sr-only;
+ }
+}
diff --git a/templates/forms/datetimepicker_input.php b/templates/forms/datetimepicker_input.php
index f2d6b9271b9..44c6d21ef15 100644
--- a/templates/forms/datetimepicker_input.php
+++ b/templates/forms/datetimepicker_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
<label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
<span class="textlabel">
<?= htmlReady($this->title) ?>
diff --git a/templates/forms/i18n_formatted_input.php b/templates/forms/i18n_formatted_input.php
index 6466731b1a7..7a92da77747 100644
--- a/templates/forms/i18n_formatted_input.php
+++ b/templates/forms/i18n_formatted_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
<label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
<span class="textlabel">
<?= htmlReady($this->title) ?>
diff --git a/templates/forms/i18n_text_input.php b/templates/forms/i18n_text_input.php
index 5e99cd1cb51..b5189626c38 100644
--- a/templates/forms/i18n_text_input.php
+++ b/templates/forms/i18n_text_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
<label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
<span class="textlabel">
<?= htmlReady($this->title) ?>
diff --git a/templates/forms/i18n_textarea_input.php b/templates/forms/i18n_textarea_input.php
index d9b2ff3f809..01110c665aa 100644
--- a/templates/forms/i18n_textarea_input.php
+++ b/templates/forms/i18n_textarea_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
<label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
<span class="textlabel">
<?= htmlReady($this->title) ?>
diff --git a/templates/forms/multiselect_input.php b/templates/forms/multiselect_input.php
index cd9aec6391d..a01ff505ffc 100644
--- a/templates/forms/multiselect_input.php
+++ b/templates/forms/multiselect_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
<label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
<span class="textlabel">
<?= htmlReady($this->title) ?>
diff --git a/templates/forms/quicksearch_input.php b/templates/forms/quicksearch_input.php
index 5a8fadd218e..6fbaff15b0f 100644
--- a/templates/forms/quicksearch_input.php
+++ b/templates/forms/quicksearch_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
<label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
<span class="textlabel">
<?= htmlReady($this->title) ?>
diff --git a/templates/forms/select_input.php b/templates/forms/select_input.php
index 64f81400ef5..07a03ca906d 100644
--- a/templates/forms/select_input.php
+++ b/templates/forms/select_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
<label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
<span class="textlabel">
<?= htmlReady($this->title) ?>
diff --git a/templates/forms/text_input.php b/templates/forms/text_input.php
index 546a125766a..ae93758d14b 100644
--- a/templates/forms/text_input.php
+++ b/templates/forms/text_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
<label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
<span class="textlabel">
<?= htmlReady($this->title) ?>
diff --git a/templates/forms/wysiwyg_input.php b/templates/forms/wysiwyg_input.php
index 989bb5c7314..2fd0c901f15 100644
--- a/templates/forms/wysiwyg_input.php
+++ b/templates/forms/wysiwyg_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
<label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
<span class="textlabel">
<?= htmlReady($this->title) ?>
--
GitLab