- Timestamp:
- 10/25/2017 12:06:06 AM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/class-wp-community-events.php
r41605 r42016 234 234 */ 235 235 public static function get_unsafe_client_ip() { 236 $client_ip = false; 236 $client_ip = $netmask = false; 237 $ip_prefix = ''; 237 238 238 239 // In order of preference, with the best ones for this purpose first. … … 261 262 } 262 263 263 // These functions are not available on Windows until PHP 5.3. 264 if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) { 265 if ( 4 === strlen( inet_pton( $client_ip ) ) ) { 266 $netmask = '255.255.255.0'; // ipv4. 267 } else { 268 $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; // ipv6. 269 } 270 271 $client_ip = inet_ntop( inet_pton( $client_ip ) & inet_pton( $netmask ) ); 272 } 273 274 return $client_ip; 264 if ( ! $client_ip ) { 265 return false; 266 } 267 268 // Detect what kind of IP address this is. 269 $is_ipv6 = substr_count( $client_ip, ':' ) > 1; 270 $is_ipv4 = ( 3 === substr_count( $client_ip, '.' ) ); 271 272 if ( $is_ipv6 && $is_ipv4 ) { 273 // IPv6 compatibility mode, temporarily strip the IPv6 part, and treat it like IPv4. 274 $ip_prefix = '::ffff:'; 275 $client_ip = preg_replace( '/^\[?[0-9a-f:]*:/i', '', $client_ip ); 276 $client_ip = str_replace( ']', '', $client_ip ); 277 $is_ipv6 = false; 278 } 279 280 if ( $is_ipv6 ) { 281 // IPv6 addresses will always be enclosed in [] if there's a port. 282 $ip_start = 1; 283 $ip_end = (int) strpos( $client_ip, ']' ) - 1; 284 $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; 285 286 // Strip the port (and [] from IPv6 addresses), if they exist. 287 if ( $ip_end > 0 ) { 288 $client_ip = substr( $client_ip, $ip_start, $ip_end ); 289 } 290 291 // Partially anonymize the IP by reducing it to the corresponding network ID. 292 if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) { 293 $client_ip = inet_ntop( inet_pton( $client_ip ) & inet_pton( $netmask ) ); 294 } 295 } elseif ( $is_ipv4 ) { 296 // Strip any port and partially anonymize the IP. 297 $last_octet_position = strrpos( $client_ip, '.' ); 298 $client_ip = substr( $client_ip, 0, $last_octet_position ) . '.0'; 299 } else { 300 return false; 301 } 302 303 // Restore the IPv6 prefix to compatibility mode addresses. 304 return $ip_prefix . $client_ip; 275 305 } 276 306
Note: See TracChangeset
for help on using the changeset viewer.