diff --git src/wp-admin/includes/class-wp-community-events.php src/wp-admin/includes/class-wp-community-events.php
index e3fac7a..7242f23 100644
|
|
class WP_Community_Events { |
279 | 279 | |
280 | 280 | if ( $is_ipv6 ) { |
281 | 281 | // IPv6 addresses will always be enclosed in [] if there's a port. |
282 | | $ip_start = 1; |
283 | | $ip_end = (int) strpos( $client_ip, ']' ) - 1; |
| 282 | $left_bracket = strpos( $client_ip, '[' ); |
| 283 | $right_bracket = strpos( $client_ip, ']' ); |
284 | 284 | $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; |
285 | 285 | |
286 | 286 | // Strip the port (and [] from IPv6 addresses), if they exist. |
287 | | if ( $ip_end > 0 ) { |
288 | | $client_ip = substr( $client_ip, $ip_start, $ip_end ); |
| 287 | if ( false !== $left_bracket && false !== $right_bracket ) { |
| 288 | $client_ip = substr( $client_ip, $left_bracket + 1, $right_bracket - $left_bracket - 1 ); |
| 289 | } elseif ( false !== $left_bracket || false !== $right_bracket ) { |
| 290 | // The IP has one bracket, but not both, so it's malformed. |
| 291 | return false; |
| 292 | } |
| 293 | |
| 294 | // Strip the reachability scope |
| 295 | if ( ( $percent = strpos( $client_ip, '%' ) ) !== false ) { |
| 296 | $client_ip = substr( $client_ip, 0, $percent ); |
| 297 | } |
| 298 | |
| 299 | // No invalid characters should be left |
| 300 | if ( preg_match( '/[^0-9a-f:]/i', $client_ip ) ) { |
| 301 | return false; |
289 | 302 | } |
290 | 303 | |
291 | 304 | // Partially anonymize the IP by reducing it to the corresponding network ID. |