Ticket #9235: 9235.2.diff

wp-settings.php

@@ -105 +105 @@
 if ( empty($PHP_SELF) )
         $_SERVER['PHP_SELF'] = $PHP_SELF = preg_replace("/(\?.*)?$/",'',$_SERVER["REQUEST_URI"]);
 
+// Correct comment's ip address with X-Forwarded-For http header if you are behind a proxy or load balancer.
+if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) ) {
+        // this one can have multiple IPs separated by a coma
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = $_SERVER['HTTP_X_FORWARDED_FOR'][0];
+}
+
+if ( function_exists('filter_var') ) {
+        if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE) )
+                $_SERVER['REMOTE_ADDR'] = filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE);
+        elseif ( isset($_SERVER['HTTP_X_REAL_IP']) && filter_var($_SERVER['HTTP_X_REAL_IP'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE) )
+                $_SERVER['REMOTE_ADDR'] = filter_var($_SERVER['HTTP_X_REAL_IP'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE);
+} else {
+        if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) )
+                $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
+        elseif ( isset($_SERVER['HTTP_X_REAL_IP']) )
+                $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];
+}
+
+
 if ( version_compare( '4.3', phpversion(), '>' ) ) {
         die( sprintf( /*WP_I18N_OLD_PHP*/'Your server is running PHP version %s but WordPress requires at least 4.3.'/*/WP_I18N_OLD_PHP*/, phpversion() ) );
 }
@@ -683 +703 @@
 // Everything is loaded and initialized.
 do_action('init');
 
-?>
+?>
+ No newline at end of file