[Release] Image-Scaling, Error-Handling, Anti-Spam

* feat: add anti-spam measures to form submission

- Added honeypot field (hidden 'fax' input) to catch bots that fill all fields
- Implemented time-based validation to detect submissions that are too fast (minimum 2 seconds between first interaction and submit)

* [L10N] Update translations (#253)

Co-authored-by: Michael-Schaer <Michael-Schaer@users.noreply.github.com>

* Improve responsive image sizing for cover images

- Increase JPEG quality from 85 to 90 for better image quality
- Add `data-cover` attribute support to detect cover images (object-fit: cover)
- Set `sizes` attribute to `200vw` for cover images to account for ~2x zoom from aspect ratio mismatch
- Remove JavaScript-based dynamic sizes calculation in favor of static sizing

* Fix: SyncProcessor missing form id

* feat: improve Mailchimp error handling and queue processing logging

- Added response body logging to Mailchimp API errors for better debugging
- Implemented graceful handling of Mailchimp compliance state errors (unsubscribed, bounced emails) to prevent unnecessary retries
- Improved queue processing error logging to show retry message instead of reporting all errors
- Enhanced max attempts notification email with readable JSON format and extracted CrmFieldData values
- Added helper method to extract readable key

Author: Michael-Schaer

wordpress/wp-config.php

@@ -97,6 +97,7 @@
 define( 'BLOG_ID_CURRENT_SITE', 1 );
 
 define( 'SUPT_FORM_ASYNC', ! ( (bool) getenv( 'WORDPRESS_DEBUG' ) ) );
+define( 'SUPT_FORM_MIN_SUBMIT_TIME', 2 ); // Minimum seconds between first interaction and submit
 
 // Mailchimp-Service configuration (leave empty to disable integration)
 define( 'MAILCHIMP_SERVICE_ENDPOINT', getenv('MAILCHIMP_SERVICE_ENDPOINT') ?: '' );

wordpress/wp-content/themes/les-verts/languages/de_DE.mo

@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: 2018gruenech\n"
 "POT-Creation-Date: 2025-07-15 13:27+0200\n"
-"PO-Revision-Date: 2025-07-15 11:58\n"
+"PO-Revision-Date: 2026-02-12 16:25\n"
 "Last-Translator: Cyrill Bolliger <bolliger@gmx.ch>\n"
 "Language-Team: German\n"
 "MIME-Version: 1.0\n"
@@ -2885,7 +2885,7 @@ msgstr "Symbol Schließen"
 #: templates/molecules/m-person.twig:48
 #, php-format
 msgid "Visit the Bluesky profile of %s"
-msgstr "Besuche das Twitterprofil von %s"
+msgstr "Besuche das Blueskyprofil von %s"
 
 #: templates/molecules/m-person.twig:55
 #, php-format

wordpress/wp-content/themes/les-verts/languages/de_DE.po

@@ -36,11 +36,32 @@ public static function send_to_mailchimp($data) {
 
         $status_code = wp_remote_retrieve_response_code($response);
         if ($status_code < 200 || $status_code >= 300) {
-            Util::debug_log("msg=Mailchimp API error: HTTP " . $status_code . " - " . wp_remote_retrieve_response_message($response));
+            $response_body = wp_remote_retrieve_body($response);
+            Util::debug_log("msg=Mailchimp API error: HTTP " . $status_code . " - " . wp_remote_retrieve_response_message($response) . " - Response body: " . $response_body);
+
+            // Handle compliance state errors gracefully (don't retry)
+            if ($status_code === 400 && self::is_compliance_state_error($response_body)) {
+                Util::debug_log("msg=Mailchimp compliance state error (expected, not retrying)");
+                return;
+            }
+
             throw new \Exception('Mailchimp API error: HTTP ' . $status_code . ' - ' . wp_remote_retrieve_response_message($response));
         }
     }
 
+    /**
+     * Check if the error is due to email compliance state (unsubscribed, bounced, etc.)
+     * These are expected errors and should not trigger retries
+     *
+     * @param string $response_body The response body from Mailchimp
+     * @return bool True if this is a compliance state error
+     */
+    private static function is_compliance_state_error($response_body) {
+        return stripos($response_body, 'compliance state') !== false ||
+               stripos($response_body, 'unsubscribe') !== false ||
+               stripos($response_body, 'bounce') !== false;
+    }
+
     public static function has_mailchimp_api_key() {
         return defined('MAILCHIMP_SERVICE_ENDPOINT') && MAILCHIMP_SERVICE_ENDPOINT;
     }

wordpress/wp-content/themes/les-verts/lib/form/include/MailchimpSaver.php

@@ -9,6 +9,7 @@
 require_once __DIR__ . '/QueueDao.php';
 require_once __DIR__ . '/CrmQueueItem.php';
 require_once __DIR__ . '/CrmMaxSyncsException.php';
+require_once __DIR__ . '/FormModel.php';
 
 class SyncProcessor {
     const CRON_HOOK_CRM_MC_SAVE = 'supt_form_save_to_crm';
@@ -78,7 +79,8 @@ public static function process_queue() {
                 }
 
                 if (!$item->has_data()) {
-                    Util::report_form_error('sync queue process', $item, new \Exception(self::MSG_ITEM_NO_DATA), null);
+                    $form = $processor->get_form_from_item($item);
+                    Util::report_form_error('sync queue process', $item, new \Exception(self::MSG_ITEM_NO_DATA), $form);
                     $processor->remove_from_queue($item);
                     continue;
                 }
@@ -93,7 +95,7 @@ public static function process_queue() {
                     Util::debug_log("submissionId=" . $item->get_submission_id() . " msg=Too many CRM syncs per run. Ending this run.");
                     return;
                 } catch (\Exception $e) {
-                    Util::report_form_error('sync queue process', $item, $e, null);
+                    Util::debug_log("submissionId=" . $item->get_submission_id() . " msg=Processing failed, will retry: " . $e->getMessage());
                     $processor->update_queue($item);
                 }
             }
@@ -123,6 +125,24 @@ public static function get_queue(): QueueDao {
         return new QueueDao(SyncEnqueuer::QUEUE_KEY);
     }
 
+    /**
+     * Get the form object from a CrmQueueItem, or null if it can't be retrieved
+     *
+     * @param CrmQueueItem $item The queue item
+     * @return FormModel|null The form object or null if not found
+     */
+    private function get_form_from_item(CrmQueueItem $item): ?FormModel {
+        try {
+            $form_id = $item->get_form_id();
+            if ($form_id && $form_id !== CrmQueueItem::ID_INVALID_FORM) {
+                return new FormModel($form_id);
+            }
+        } catch (\Exception $e) {
+            // Form can't be retrieved, return null
+        }
+        return null;
+    }
+
     /**
      * Try to acquire the processing lock
      *
@@ -169,9 +189,13 @@ private function restructure_field_data(array $crm_field_data_objects): array {
     private function too_many_attempts(CrmQueueItem $item) {
         if ( $item->get_attempts() >= self::MAX_SAVE_ATTEMPTS ) {
             $this->remove_from_queue($item);
+
+            // Extract readable data from CrmFieldData objects for the email
+            $readable_data = $this->extract_readable_data($item->get_data());
+
             Util::send_mail_to_admin(
-                self::SUBJECT_ITEM_MAX_ATTEMPTS . "id=" . $item->get_submission_id(),
-                self::MSG_ITEM_MAX_ATTEMPTS . "\n\n" . json_encode($item->get_data())
+                self::SUBJECT_ITEM_MAX_ATTEMPTS . " id=" . $item->get_submission_id(),
+                self::MSG_ITEM_MAX_ATTEMPTS . "\n\n" . json_encode($readable_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE)
             );
             Util::debug_log("submissionId=" . $item->get_submission_id() . " msg=Too many attempts. Removed from queue.");
             return true;
@@ -180,6 +204,22 @@ private function too_many_attempts(CrmQueueItem $item) {
         return false;
     }
 
+    /**
+     * Extract readable key-value data from CrmFieldData objects
+     *
+     * @param array $crm_field_data_objects Array of CrmFieldData objects
+     * @return array Simple key-value array with actual values
+     */
+    private function extract_readable_data(array $crm_field_data_objects): array {
+        $data = array();
+        foreach ($crm_field_data_objects as $crm_field_data) {
+            if ($crm_field_data instanceof CrmFieldData) {
+                $data[$crm_field_data->get_key()] = $crm_field_data->get_value();
+            }
+        }
+        return $data;
+    }
+
     /**
      * Check if the item should be skipped because it was processed too recently
      *

wordpress/wp-content/themes/les-verts/lib/form/include/SyncProcessor.php

@@ -175,6 +175,8 @@ public static function save_to_crm_or_mc() {
 	 */
 	public function handle_submit() {
 		$this->abort_if_limit_exceeded();
+		$this->abort_if_honeypot_filled();
+		$this->abort_if_too_fast();
 		$this->add_submission_metadata();
 		$this->abort_if_invalid_header();
 		$this->abort_if_invalid_nonce();
@@ -190,6 +192,39 @@ public function handle_submit() {
 		$this->send_response();
 	}
 
+	/**
+	 * Check if the honeypot field was filled (only bots fill hidden fields).
+	 */
+	private function abort_if_honeypot_filled() {
+		if ( ! empty( $_POST['fax'] ) ) {
+			$this->respond_with_general_error( 400, 'Submission not valid.' );
+		}
+	}
+
+	/**
+	 * Check if the form was submitted too quickly (bots submit in milliseconds).
+	 *
+	 * The hidden field is populated by JS on first user interaction.
+	 * If the field is empty or missing, JS didn't run (likely a bot).
+	 * If the time delta is too small, the form was filled inhumanly fast.
+	 */
+	private function abort_if_too_fast() {
+		$interaction_time = isset( $_POST['form_interaction_duration'] )
+			? (int) $_POST['form_interaction_duration']
+			: 0;
+
+		if ( ! $interaction_time ) {
+			$this->respond_with_general_error( 400, 'Submission not valid.' );
+
+			return;
+		}
+
+		$min_time = defined( 'SUPT_FORM_MIN_SUBMIT_TIME' ) ? \SUPT_FORM_MIN_SUBMIT_TIME : 2;
+		if ( $interaction_time < $min_time ) {
+			$this->respond_with_general_error( 400, 'Submission not valid.' );
+		}
+	}
+
 	/**
 	 * Limit form submissions per ip and ip user agent combination.
 	 *

wordpress/wp-content/themes/les-verts/lib/form/submission.php

@@ -96,7 +96,6 @@ private function buildHtmlAttributes(Image $image, $src, $size, $attr) {
             'src' => esc_url($src),
             'srcset' => $srcset,        // Standard srcset for non-lazy images
             'data-srcset' => $srcset,   // Data-srcset for lazy loading JavaScript
-            'sizes' => '100vw',
             'loading' => 'lazy',
             'alt' => !empty($attr['alt']) ? $attr['alt'] : ''
         ];
@@ -106,6 +105,16 @@ private function buildHtmlAttributes(Image $image, $src, $size, $attr) {
 
         $attributes = array_merge($attributes, $attr);
 
+        // For cover images (object-fit: cover), use 200vw to account for ~2x zoom from aspect ratio mismatch
+        // This ensures browser downloads high enough resolution before cropping
+        // Set this AFTER merge to prevent it from being overwritten
+        $sizes_value = !empty($attr['data-cover']) ? '200vw' : '100vw';
+        $attributes['sizes'] = $sizes_value;
+        $attributes['data-sizes'] = $sizes_value;  // Also set data-sizes for lazy loading script
+
+        // Remove data-cover from final attributes (it's only used for logic, not as HTML attribute)
+        unset($attributes['data-cover']);
+
         $html_attributes = [];
         foreach ($attributes as $name => $value) {
             if ($value !== null && $value !== '') {

wordpress/wp-content/themes/les-verts/lib/twig/functions/image-filters.php

@@ -87,8 +87,8 @@ function les_verts_image_handling_setup() {
     add_image_size('wpseo-opengraph', 1200, 630, true);
 
     // Set default image quality
-    add_filter('jpeg_quality', function() { return 85; });
-    add_filter('wp_editor_set_quality', function() { return 85; });
+    add_filter('jpeg_quality', function() { return 90; });
+    add_filter('wp_editor_set_quality', function() { return 90; });
 }
 
 /**
@@ -141,8 +141,8 @@ function skip_png_scaling($sizes, $metadata) {
 
     $twig->addFilter(
         new TwigFilter( 'get_timber_image_responsive',
-            function (Environment $env, $image, $size = 'medium') use ($image_filters) {
-                return $image_filters->getTimberImageResponsive($env, $image, $size);
+            function (Environment $env, $image, $size = 'medium', $attr = []) use ($image_filters) {
+                return $image_filters->getTimberImageResponsive($env, $image, $size, $attr);
             },
             ['needs_environment' => true]
         )

wordpress/wp-content/themes/les-verts/lib/twig/functions/image-handling.php

@@ -2,7 +2,7 @@
  * Theme Name: Les Verts
  * Description: Custom theme for the GREENS of Switzerland. Designed by superhuit.ch, built by gruene.ch on top of superhuit's stack.
  * Author: superhuit.ch & gruene.ch
- * Version: 0.42.0
+* Version: 0.42.2
  * Requires PHP: 7.4
  * Requires at least: 5.0
  * Theme URI: https://github.com/grueneschweiz/2018.gruene.ch/

wordpress/wp-content/themes/les-verts/style.css

@@ -22,7 +22,6 @@ export default class AImageCover extends BaseView {
 		super.bind();
 
 		this.on( 'afterReplaceImage', () => {
-			this.setSizes();
 			this.objectFit();
 		} );
 	}
@@ -75,15 +74,4 @@ export default class AImageCover extends BaseView {
 
 		return '';
 	}
-
-	setSizes() {
-		const img = this.getScopedElement( COVER_IMAGE_SELECTOR );
-		const cDims = this.element.getBoundingClientRect();
-		const cRatio = cDims.width / cDims.height;
-		const iRatio = img.naturalWidth / img.naturalHeight;
-
-		const zoom = iRatio > cRatio ? iRatio / cRatio : cRatio / iRatio;
-
-		img.sizes = Math.min(cDims.width * zoom, window.innerWidth) + 'px';
-	}
 }