Make WordPress Core


Ignore:
Timestamp:
10/25/2017 12:06:06 AM (7 years ago)
Author:
iandunn
Message:

Dashboard: Strip ports from IPs to avoid PHP warnings.

Fixes #41083.
Props pento, iandunn, EatonZ, birgire, dd32.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-community-events.php

    r41605 r42016  
    234234     */
    235235    public static function get_unsafe_client_ip() {
    236         $client_ip = false;
     236        $client_ip = $netmask = false;
     237        $ip_prefix = '';
    237238
    238239        // In order of preference, with the best ones for this purpose first.
     
    261262        }
    262263
    263         // These functions are not available on Windows until PHP 5.3.
    264         if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) {
    265             if ( 4 === strlen( inet_pton( $client_ip ) ) ) {
    266                 $netmask = '255.255.255.0'; // ipv4.
    267             } else {
    268                 $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; // ipv6.
    269             }
    270 
    271             $client_ip = inet_ntop( inet_pton( $client_ip ) & inet_pton( $netmask ) );
    272         }
    273 
    274         return $client_ip;
     264        if ( ! $client_ip ) {
     265            return false;
     266        }
     267
     268        // Detect what kind of IP address this is.
     269        $is_ipv6 = substr_count( $client_ip, ':' ) > 1;
     270        $is_ipv4 = ( 3 === substr_count( $client_ip, '.' ) );
     271
     272        if ( $is_ipv6 && $is_ipv4 ) {
     273            // IPv6 compatibility mode, temporarily strip the IPv6 part, and treat it like IPv4.
     274            $ip_prefix = '::ffff:';
     275            $client_ip = preg_replace( '/^\[?[0-9a-f:]*:/i', '', $client_ip );
     276            $client_ip = str_replace( ']', '', $client_ip );
     277            $is_ipv6   = false;
     278        }
     279
     280        if ( $is_ipv6 ) {
     281            // IPv6 addresses will always be enclosed in [] if there's a port.
     282            $ip_start = 1;
     283            $ip_end   = (int) strpos( $client_ip, ']' ) - 1;
     284            $netmask  = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000';
     285
     286            // Strip the port (and [] from IPv6 addresses), if they exist.
     287            if ( $ip_end > 0 ) {
     288                $client_ip = substr( $client_ip, $ip_start, $ip_end );
     289            }
     290
     291            // Partially anonymize the IP by reducing it to the corresponding network ID.
     292            if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) {
     293                $client_ip = inet_ntop( inet_pton( $client_ip ) & inet_pton( $netmask ) );
     294            }
     295        } elseif ( $is_ipv4 ) {
     296            // Strip any port and partially anonymize the IP.
     297            $last_octet_position = strrpos( $client_ip, '.' );
     298            $client_ip           = substr( $client_ip, 0, $last_octet_position ) . '.0';
     299        } else {
     300            return false;
     301        }
     302
     303        // Restore the IPv6 prefix to compatibility mode addresses.
     304        return $ip_prefix . $client_ip;
    275305    }
    276306
Note: See TracChangeset for help on using the changeset viewer.