Merge branch 'dev' (1.7.4) into 1.8

CONTRIBUTING.md

@@ -7,14 +7,16 @@ As of version 1.6.3, all development of [Question2Answer][Home] will take place
 
 If you find a bug (error) with Question2Answer, please [submit an issue here][Issues]. Be as descriptive as possible: include exactly what you did to make the bug appear, what you expect to happen, and what happened instead. Also include your PHP version and MySQL version. Remember to check for similar issues already reported.
 
+If you think you've found a security issue, you can responsibly disclose it to us using the [contact form here](http://www.question2answer.org/feedback.php).
+
 Note that general troubleshooting issues such as installation or how to use a feature should continue to be asked on the [Question2Answer Q&A][QA].
 
 
 ## Pull requests
 
-If you have found the cause of the bug in the Q2A code, you can submit the patch back to the Q2A repository. Create a fork of the repo, make the changes in your fork, then submit a pull request. **All pull requests must be made to the `dev` branch of Q2A.** The `master` branch is the current, stable release version.
+If you have found the cause of the bug in the Q2A code, you can submit the patch back to the Q2A repository. Create a fork of the repo, make the changes in your fork, then submit a pull request. Bug fix pull requessts must be made to the `dev` branch. PRs for new features must be made to the next version branch, for example `1.8`.
 
-If you wish to implement a feature, you should start a discussion on the [Question2Answer Q&A][QA] first. We welcome all ideas but they may not be appropriate for the Q2A core.
+If you wish to implement a feature, you should start a discussion on the [Question2Answer Q&A][QA] first. We welcome all ideas but they may not be appropriate for the Q2A core. Consider whether your idea could be developed as a plugin.
 
 
 ## Coding style
@@ -33,12 +35,11 @@ However, **please keep style-only changes to a separate commit!** For example if
 - Operators (`=`, `+` etc) should have a space either side.
 - Control structure keywords (`if`, `else`, `foreach` etc) should have a space between them and the opening parenthesis.
 - Opening braces for classes and functions should be on the next line.
-- Opening braces for control structures should be on the same line.
-- Optional braces may be omitted only when the statement spans only one line.
+- Opening braces for control structures should be on the same line. All control structures should use braces.
 
 ### Examples
 
-Here is an example of the old style. Even though the braces are technically optional (the foreach contains only one statement), the statement spans several lines so brances should be used here for clarity.
+Here is an example of the old style. Even though the braces are technically optional (the foreach contains only one statement), they should be used here for clarity.
 
 	foreach ($thingarray as $thing)
 		if (isset($thing['id']))
@@ -53,16 +54,17 @@ It should be rewritten as:
 
 	foreach ($thingarray as $thing) {
 		if (isset($thing['id'])) {
-			if (strpos($thing['id'], 'Hello') === 0)
+			if (strpos($thing['id'], 'Hello') === 0) {
 				$newthing = 'Goodbye';
-			elseif ($thing['id'] == 'World')
+			} elseif ($thing['id'] == 'World') {
 				$newerthing = 'Galaxy';
-		}
-		else
+			}
+		} else {
 			return null;
+		}
 	}
 
-Here is a class example showing the placement of braces, operators, and an advanced DocBlock comment.
+Here is a class example showing the placement of braces, operators, and a DocBlock comment.
 
 	class qa_example
 	{

VERSION.txt

-1.7.3
\ No newline at end of file
+1.7.4
\ No newline at end of file

qa-include/ajax/version.php

@@ -21,6 +21,12 @@
 */
 
 	require_once QA_INCLUDE_DIR.'app/admin.php';
+	require_once QA_INCLUDE_DIR.'app/users.php';
+
+	if (qa_get_logged_in_level() < QA_USER_LEVEL_ADMIN) {
+		echo "QA_AJAX_RESPONSE\n0\n" . qa_lang_html('admin/no_privileges');
+		return;
+	}
 
 	$uri = qa_post_text('uri');
 	$version = qa_post_text('version');

qa-include/app/emails.php

@@ -142,8 +142,18 @@
 			$mailer->Host=qa_opt('smtp_address');
 			$mailer->Port=qa_opt('smtp_port');
 
-			if (qa_opt('smtp_secure'))
+			if (qa_opt('smtp_secure')){
 				$mailer->SMTPSecure=qa_opt('smtp_secure');
+			}
+			else {
+				$mailer->SMTPOptions=array(
+					'ssl' => array(
+						'verify_peer' => false,
+						'verify_peer_name' => false,
+						'allow_self_signed' => true
+					)
+				);
+			}
 
 			if (qa_opt('smtp_authenticate')) {
 				$mailer->SMTPAuth=true;
@@ -152,7 +162,11 @@
 			}
 		}
 
-		return $mailer->Send();
+		$send_status = $mailer->Send();
+		if(!$send_status){
+			@error_log('PHP Question2Answer email send error: '.$mailer->ErrorInfo);
+		}
+		return $send_status;
 	}
 
 

qa-include/qa-base.php

@@ -21,8 +21,8 @@
 */
 
 
-	define('QA_VERSION', '1.7.3'); // also used as suffix for .js and .css requests
-	define('QA_BUILD_DATE', '2016-01-29');
+	define('QA_VERSION', '1.7.4'); // also used as suffix for .js and .css requests
+	define('QA_BUILD_DATE', '2016-03-14');
 
 
 	/**
@@ -1589,6 +1589,11 @@
 	{
 		if (qa_to_override(__FUNCTION__)) { $args=func_get_args(); return qa_call_override(__FUNCTION__, $args); }
 
+		// ensure we're fetching a remote URL
+		if (!preg_match('#^https?://#', $url)) {
+			return '';
+		}
+
 		$contents=@file_get_contents($url);
 
 		if ((!strlen($contents)) && function_exists('curl_exec')) { // try curl as a backup (if allow_url_fopen not set)

qa-include/qa-db.php

@@ -59,10 +59,26 @@
 		if ($qa_db_connection instanceof mysqli)
 			return;
 
+		$host = QA_FINAL_MYSQL_HOSTNAME;
+		$port = null;
+
+		if (defined('QA_FINAL_WORDPRESS_INTEGRATE_PATH')) {
+			// Wordpress allows setting port inside DB_HOST constant, like 127.0.0.1:3306
+			$host_and_port = explode(':', $host);
+			if (count($host_and_port) >= 2) {
+				$host = $host_and_port[0];
+				$port = $host_and_port[1];
+			}
+		} elseif (defined('QA_FINAL_MYSQL_PORT')) {
+			$port = QA_FINAL_MYSQL_PORT;
+		}
+
+		if (QA_PERSISTENT_CONN_DB)
+			$host = 'p:'.$host;
+
 		// in mysqli we connect and select database in constructor
-		$host = QA_PERSISTENT_CONN_DB ? 'p:'.QA_FINAL_MYSQL_HOSTNAME : QA_FINAL_MYSQL_HOSTNAME;
-		if (defined('QA_FINAL_MYSQL_PORT'))
-			$db = new mysqli($host, QA_FINAL_MYSQL_USERNAME, QA_FINAL_MYSQL_PASSWORD, QA_FINAL_MYSQL_DATABASE, QA_FINAL_MYSQL_PORT);
+		if ($port !== null)
+			$db = new mysqli($host, QA_FINAL_MYSQL_USERNAME, QA_FINAL_MYSQL_PASSWORD, QA_FINAL_MYSQL_DATABASE, $port);
 		else
 			$db = new mysqli($host, QA_FINAL_MYSQL_USERNAME, QA_FINAL_MYSQL_PASSWORD, QA_FINAL_MYSQL_DATABASE);
 

qa-theme/SnowFlat/qa-styles-rtl.css

@@ -370,7 +370,7 @@ h1 {
 	}
 
 	.qa-a-item-main {
-		float: right;
+		float: left;
 		margin: 0 20px 0 0;
 	}
 }

qa-theme/SnowFlat/qa-styles.css

@@ -44,7 +44,7 @@
 	font-family: "fontello";
 	src: url("fonts/fontello.eot?70015067") format("embedded-opentype"),
 		url("fonts/fontello.eot?70015067#iefix") format("embedded-opentype"),
-		url("fonts/fontello2.woff?70015067") format("woff"),
+		url("fonts/fontello.woff?70015067") format("woff"),
 		url("fonts/fontello.ttf?70015067") format("truetype"),
 		url("fonts/fontello.svg?70015067#fontello") format("svg");
   font-weight: normal;
@@ -1015,14 +1015,18 @@ blockquote p {
 		display: none;
 	}
 }
+.qa-template-user-activity .qa-q-item-stats {
+	width: 65px;
+}
+.qa-template-user-answers .qa-q-item-stats {
+	width: 68px;
+}
 @media (min-width: 241px) and (max-width: 799px) {
-	.qa-q-item-stats {
+	.qa-template-user-activity .qa-q-item-stats {
 		width: 60px;
 	}
-}
-@media (min-width: 800px) {
-	.qa-q-item-stats {
-		width: 133px;
+	.qa-template-user-answers .qa-q-item-stats {
+		width: 60px;
 	}
 }
 
@@ -2543,6 +2547,10 @@ input[type="submit"], button {
 		line-height: 1.71429em;
 	}
 
+	.qa-a-item-avatar-meta {
+		margin-top: 70px;
+	}
+
 	.qa-a-selection {
 		left: 100px;
 		top: 20px;
@@ -2550,7 +2558,7 @@ input[type="submit"], button {
 }
 @media (min-width: 980px) {
 	.qa-a-item-main {
-		float: left;
+		float: right;
 		margin: 0 0 0 20px;
 		width: 86%;
 	}