Ticket #4579: 4579.liberal.diff

wp-includes/comment.php

@@ -552 +552 @@
         extract($commentdata, EXTR_SKIP);
 
         if ( ! isset($comment_author_IP) )
-                $comment_author_IP = preg_replace( '/[^0-9a-fA-F:., ]/', '',$_SERVER['REMOTE_ADDR'] );
+                $comment_author_IP = $wpdb->escape($_SERVER['REMOTE_ADDR']);
         if ( ! isset($comment_date) )
                 $comment_date = current_time('mysql');
         if ( ! isset($comment_date_gmt) )
@@ -645 +645 @@
  * @return int The ID of the comment after adding.
  */
 function wp_new_comment( $commentdata ) {
+        global $wpdb;
+
         $commentdata = apply_filters('preprocess_comment', $commentdata);
 
         $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID'];
         $commentdata['user_ID']         = (int) $commentdata['user_ID'];
 
-        $commentdata['comment_author_IP'] = preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] );
+        $commentdata['comment_author_IP'] = $wpdb->escape($_SERVER['REMOTE_ADDR']);
         $commentdata['comment_agent']     = $_SERVER['HTTP_USER_AGENT'];
 
         $commentdata['comment_date']     = current_time('mysql');