Ticket #9235: get_remote_ip.patch

wp-config-sample.php

@@ -88 +88 @@
 
 /** Sets up WordPress vars and included files. */
 require_once(ABSPATH . 'wp-settings.php');
+
+/**
+ * A space separated list of IP addresses used for finding the ip of the remote, instead of your proxy/balancer.
+ * Any of these addresses will be replaced with the HTTP_X_FORWARDED_FOR header value if present, which a properly
+ * configured proxy should set. Set to blank to disable.
+ */
+define('PROXY_IP', '');
+

wp-includes/comment.php

@@ -1703 +1703 @@
         $parent_status = ( 0 < $commentdata['comment_parent'] ) ? wp_get_comment_status($commentdata['comment_parent']) : '';
         $commentdata['comment_parent'] = ( 'approved' == $parent_status || 'unapproved' == $parent_status ) ? $commentdata['comment_parent'] : 0;
 
-        $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '',$_SERVER['REMOTE_ADDR'] );
+        $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', get_remote_ip() );
         $commentdata['comment_agent']     = isset( $_SERVER['HTTP_USER_AGENT'] ) ? substr( $_SERVER['HTTP_USER_AGENT'], 0, 254 ) : '';
 
         $commentdata['comment_date']     = current_time('mysql');

wp-includes/functions.php

@@ -4191 +4191 @@
 function reset_mbstring_encoding() {
         mbstring_binary_safe_encoding( true );
 }
+
+
+/** 
+ * Return the real client address if the REMOTE_ADDR we see here is known to be our proxy.
+ */
+function get_remote_ip() {
+    if ( defined('PROXY_IP')
+            && strpos( PROXY_IP, $_SERVER['REMOTE_ADDR'] ) !== false
+            && $_SERVER['HTTP_X_FORWARDED_FOR'] != null
+            && ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
+        return $_SERVER['HTTP_X_FORWARDED_FOR'];
+    }else{
+        return $_SERVER['REMOTE_ADDR'];
+    }
+}
+