From cd4f2f68f06147c68e789ae464dc3fa14567d2b5 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Tue, 12 Dec 2023 10:51:59 +0000
Subject: fixes #3550

Closes #3550

Merge request studip/studip!2438
---
 app/controllers/accessibility/forms.php            | 25 +++++++++++++++++
 ....3.22_add_report_barrier_mode_configuration.php | 31 ++++++++++++++++++++++
 lib/navigation/FooterNavigation.php                | 26 +++++++++++-------
 resources/assets/stylesheets/studip.scss           |  7 +++++
 templates/forms/datetimepicker_input.php           |  2 +-
 templates/forms/i18n_formatted_input.php           |  2 +-
 templates/forms/i18n_text_input.php                |  2 +-
 templates/forms/i18n_textarea_input.php            |  2 +-
 templates/forms/multiselect_input.php              |  2 +-
 templates/forms/quicksearch_input.php              |  2 +-
 templates/forms/select_input.php                   |  2 +-
 templates/forms/text_input.php                     |  2 +-
 templates/forms/wysiwyg_input.php                  |  2 +-
 13 files changed, 89 insertions(+), 18 deletions(-)
 create mode 100644 db/migrations/5.3.22_add_report_barrier_mode_configuration.php

diff --git a/app/controllers/accessibility/forms.php b/app/controllers/accessibility/forms.php
index 6217b91..f4f9adf 100644
--- a/app/controllers/accessibility/forms.php
+++ b/app/controllers/accessibility/forms.php
@@ -91,6 +91,24 @@ class Accessibility_FormsController extends StudipController
             )
         );
 
+        // Add a honeypot value and timestamp
+        $personal_data_part->addInput(
+            new \Studip\Forms\TextInput(
+                'homepage',
+                _('Homepage'),
+                '',
+                [
+                    'aria-hidden' => 'true',
+                    'class'       => 'sr-only',
+                    'placeholder' => _('Dieses Feld nicht ausfüllen'),
+                    'title'       => _('Dieses Feld nicht ausfüllen'),
+                ]
+            )
+        );
+        $this->form->addInput(
+            new \Studip\Forms\HiddenInput('time', '', time())
+        );
+
         $personal_data_part->addText(sprintf('<p>%s</p>',
             _('Informationen zum Datenschutz dieses Formulars finden Sie in der Datenschutzerklärung.')));
 
@@ -118,6 +136,13 @@ class Accessibility_FormsController extends StudipController
         $this->form->setURL($this->report_barrierURL());
         $this->form->addStoreCallback(
             function ($form, $form_values) {
+                if (
+                    $form_values['time'] >= time() - 2
+                    || !empty($form_values['homepage'])
+                ) {
+                    return 0;
+                }
+
                 $recipients = Config::get()->ACCESSIBILITY_RECEIVER_EMAIL;
                 if (empty($recipients)) {
                     //Fallback: Use the UNI_CONTACT mail address:
diff --git a/db/migrations/5.3.22_add_report_barrier_mode_configuration.php b/db/migrations/5.3.22_add_report_barrier_mode_configuration.php
new file mode 100644
index 0000000..8acccd3
--- /dev/null
+++ b/db/migrations/5.3.22_add_report_barrier_mode_configuration.php
@@ -0,0 +1,31 @@
+<?php
+final class AddReportBarrierModeConfiguration extends Migration
+{
+    public function description()
+    {
+        return 'Adds the configuration option REPORT_BARRIER_MODE';
+    }
+
+    protected function up()
+    {
+        $query = "INSERT IGNORE INTO `config` (
+                    `field`, `value`, `type`, `range`,
+                    `section`, `description`,
+                    `mkdate`, `chdate`
+                  ) VALUES (
+                    'REPORT_BARRIER_MODE', 'on', 'string', 'global',
+                    'accessibility', 'Einstellungen zum Formular zu Melden einer Barriere (\"on\" = immer an, \"logged-in\" = nur für angemeldete Personen, \"off\" = ausgeschaltet)',
+                    UNIX_TIMESTAMP(), UNIX_TIMESTAMP()
+                  )";
+        DBManager::get()->exec($query);
+    }
+
+    protected function down()
+    {
+        $query = "DELETE config, config_values
+                  FROM `config`
+                  LEFT JOIN `config_values` USING(`field`)
+                  WHERE `field` = 'REPORT_BARRIER_MODE'";
+        DBManager::get()->exec($query);
+    }
+}
diff --git a/lib/navigation/FooterNavigation.php b/lib/navigation/FooterNavigation.php
index 5485872..462c83a 100644
--- a/lib/navigation/FooterNavigation.php
+++ b/lib/navigation/FooterNavigation.php
@@ -62,16 +62,24 @@ class FooterNavigation extends Navigation
             );
         }
 
-        $this->addSubNavigation(
-            'report_barrier',
-            new Navigation(
-                _('Barriere melden'),
-                URLHelper::getURL(
-                    'dispatch.php/accessibility/forms/report_barrier',
-                    ['page' => Request::url(), 'cancel_login' => '1']
-                )
+        if (
+            Config::get()->REPORT_BARRIER_MODE === 'on'
+            || (
+                Config::get()->REPORT_BARRIER_MODE === 'logged-in'
+                && User::findCurrent()
             )
-        );
+        ) {
+            $this->addSubNavigation(
+                'report_barrier',
+                new Navigation(
+                    _('Barriere melden'),
+                    URLHelper::getURL(
+                        'dispatch.php/accessibility/forms/report_barrier',
+                        ['page' => Request::url(), 'cancel_login' => '1']
+                    )
+                )
+            );
+        }
 
         $easy_read_url = Config::get()->EASY_READ_URL;
         if ($this->checkSiteinfoURL($easy_read_url)) {
diff --git a/resources/assets/stylesheets/studip.scss b/resources/assets/stylesheets/studip.scss
index 1ba1594..e45cdb3 100644
--- a/resources/assets/stylesheets/studip.scss
+++ b/resources/assets/stylesheets/studip.scss
@@ -138,3 +138,10 @@ div.indent { margin-left: 2em; }
         }
     }
 }
+
+// Hide honeypot field from report barrier form
+body#accessibility-forms-report_barrier {
+    .formpart[data-form-input-for="homepage"] {
+        @extend .sr-only;
+    }
+}
diff --git a/templates/forms/datetimepicker_input.php b/templates/forms/datetimepicker_input.php
index f2d6b92..44c6d21 100644
--- a/templates/forms/datetimepicker_input.php
+++ b/templates/forms/datetimepicker_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
     <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
         <span class="textlabel">
             <?= htmlReady($this->title) ?>
diff --git a/templates/forms/i18n_formatted_input.php b/templates/forms/i18n_formatted_input.php
index 425b1ae..bef667c 100644
--- a/templates/forms/i18n_formatted_input.php
+++ b/templates/forms/i18n_formatted_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
     <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
         <span class="textlabel">
             <?= htmlReady($this->title) ?>
diff --git a/templates/forms/i18n_text_input.php b/templates/forms/i18n_text_input.php
index 5e99cd1..b518962 100644
--- a/templates/forms/i18n_text_input.php
+++ b/templates/forms/i18n_text_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
     <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
         <span class="textlabel">
             <?= htmlReady($this->title) ?>
diff --git a/templates/forms/i18n_textarea_input.php b/templates/forms/i18n_textarea_input.php
index d9b2ff3..01110c6 100644
--- a/templates/forms/i18n_textarea_input.php
+++ b/templates/forms/i18n_textarea_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
     <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
         <span class="textlabel">
             <?= htmlReady($this->title) ?>
diff --git a/templates/forms/multiselect_input.php b/templates/forms/multiselect_input.php
index cd9aec6..a01ff50 100644
--- a/templates/forms/multiselect_input.php
+++ b/templates/forms/multiselect_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
     <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
         <span class="textlabel">
             <?= htmlReady($this->title) ?>
diff --git a/templates/forms/quicksearch_input.php b/templates/forms/quicksearch_input.php
index 5a8fadd..6fbaff1 100644
--- a/templates/forms/quicksearch_input.php
+++ b/templates/forms/quicksearch_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
     <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
         <span class="textlabel">
             <?= htmlReady($this->title) ?>
diff --git a/templates/forms/select_input.php b/templates/forms/select_input.php
index 64f8140..07a03ca 100644
--- a/templates/forms/select_input.php
+++ b/templates/forms/select_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
     <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
         <span class="textlabel">
             <?= htmlReady($this->title) ?>
diff --git a/templates/forms/text_input.php b/templates/forms/text_input.php
index 546a125..ae93758 100644
--- a/templates/forms/text_input.php
+++ b/templates/forms/text_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
     <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
         <span class="textlabel">
             <?= htmlReady($this->title) ?>
diff --git a/templates/forms/wysiwyg_input.php b/templates/forms/wysiwyg_input.php
index 989bb5c..2fd0c90 100644
--- a/templates/forms/wysiwyg_input.php
+++ b/templates/forms/wysiwyg_input.php
@@ -1,4 +1,4 @@
-<div class="formpart">
+<div class="formpart" data-form-input-for="<?= htmlReady($name) ?>">
     <label<?= ($this->required ? ' class="studiprequired"' : '') ?> for="<?= $id ?>">
         <span class="textlabel">
             <?= htmlReady($this->title) ?>
-- 
cgit v1.0