WordPress.org

Make WordPress Core

Ticket #41083: 41083.9.diff

File 41083.9.diff, 1.4 KB (added by soulseekah, 22 months ago)

Based on 41083.8.diff, fails on bad characters

  • src/wp-admin/includes/class-wp-community-events.php

    diff --git src/wp-admin/includes/class-wp-community-events.php src/wp-admin/includes/class-wp-community-events.php
    index e3fac7a..7242f23 100644
    class WP_Community_Events { 
    279279
    280280                if ( $is_ipv6 ) {
    281281                        // IPv6 addresses will always be enclosed in [] if there's a port.
    282                         $ip_start = 1;
    283                         $ip_end   = (int) strpos( $client_ip, ']' ) - 1;
     282                        $left_bracket  = strpos( $client_ip, '[' );
     283                        $right_bracket = strpos( $client_ip, ']' );
    284284                        $netmask  = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000';
    285285
    286286                        // Strip the port (and [] from IPv6 addresses), if they exist.
    287                         if ( $ip_end > 0 ) {
    288                                 $client_ip = substr( $client_ip, $ip_start, $ip_end );
     287                        if ( false !== $left_bracket && false !== $right_bracket ) {
     288                                $client_ip = substr( $client_ip, $left_bracket + 1, $right_bracket - $left_bracket - 1 );
     289                        } elseif ( false !== $left_bracket || false !== $right_bracket ) {
     290                                // The IP has one bracket, but not both, so it's malformed.
     291                                return false;
     292                        }
     293
     294                        // Strip the reachability scope
     295                        if ( ( $percent = strpos( $client_ip, '%' ) ) !== false ) {
     296                                $client_ip = substr( $client_ip, 0, $percent );
     297                        }
     298
     299                        // No invalid characters should be left
     300                        if ( preg_match( '/[^0-9a-f:]/i', $client_ip ) ) {
     301                                return false;
    289302                        }
    290303
    291304                        // Partially anonymize the IP by reducing it to the corresponding network ID.