Changeset 42968
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/class-wp-community-events.php
r42826 r42968 234 234 */ 235 235 public static function get_unsafe_client_ip() { 236 $client_ip = $netmask =false;236 $client_ip = false; 237 237 $ip_prefix = ''; 238 238 … … 280 280 if ( $is_ipv6 ) { 281 281 // IPv6 addresses will always be enclosed in [] if there's a port. 282 $ip_start = 1; 283 $ip_end = (int) strpos( $client_ip, ']' ) - 1; 284 $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; 282 $left_bracket = strpos( $client_ip, '[' ); 283 $right_bracket = strpos( $client_ip, ']' ); 284 $percent = strpos( $client_ip, '%' ); 285 $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; 285 286 286 287 // Strip the port (and [] from IPv6 addresses), if they exist. 287 if ( $ip_end > 0 ) { 288 $client_ip = substr( $client_ip, $ip_start, $ip_end ); 288 if ( false !== $left_bracket && false !== $right_bracket ) { 289 $client_ip = substr( $client_ip, $left_bracket + 1, $right_bracket - $left_bracket - 1 ); 290 } elseif ( false !== $left_bracket || false !== $right_bracket ) { 291 // The IP has one bracket, but not both, so it's malformed. 292 return false; 293 } 294 295 // Strip the reachability scope. 296 if ( false !== $percent ) { 297 $client_ip = substr( $client_ip, 0, $percent ); 298 } 299 300 // No invalid characters should be left. 301 if ( preg_match( '/[^0-9a-f:]/i', $client_ip ) ) { 302 return false; 289 303 } 290 304 -
trunk/tests/phpunit/tests/admin/includesCommunityEvents.php
r42726 r42968 503 503 false, 504 504 ), 505 // Invalid IP. Sometimes proxies add things like this, or other arbitrary strings. 506 array( 507 'or=\"[1000:0000:0000:0000:0000:0000:0000:0001', 508 false, 509 ), 510 // Invalid IP. Sometimes proxies add things like this, or other arbitrary strings. 511 array( 512 'or=\"1000:0000:0000:0000:0000:0000:0000:0001', 513 false, 514 ), 515 // Invalid IP. Sometimes proxies add things like this, or other arbitrary strings. 516 array( 517 '1000:0000:0000:0000:0000:0000:0000:0001or=\"', 518 false, 519 ), 520 // Malformed string with valid IP substring. Sometimes proxies add things like this, or other arbitrary strings. 521 array( 522 'or=\"[1000:0000:0000:0000:0000:0000:0000:0001]:400', 523 '1000::', 524 ), 525 // Malformed string with valid IP substring. Sometimes proxies add things like this, or other arbitrary strings. 526 array( 527 'or=\"[1000:0000:0000:0000:0000:0000:0000:0001]', 528 '1000::', 529 ), 530 // Malformed string with valid IP substring. Sometimes proxies add things like this, or other arbitrary strings. 531 array( 532 'or=\"[1000:0000:0000:0000:0000:0000:0000:0001]400', 533 '1000::', 534 ), 535 // Malformed string with valid IP substring. Sometimes proxies add things like this, or other arbitrary strings. 536 array( 537 '[1000:0000:0000:0000:0000:0000:0000:0001]:235\"or=', 538 '1000::', 539 ), 505 540 // IPv4, no port 506 541 array( … … 570 605 // IPv6, port, compatibility mode 571 606 array( 572 '[:: ffff:10.15.20.25]:30000',607 '[::FFFF:10.15.20.25]:30000', 573 608 '::ffff:10.15.20.0', 574 609 ), … … 583 618 '::ffff:127.0.0.0', 584 619 ), 620 // IPv6 with reachability scope 621 array( 622 'fe80::b059:65f4:e877:c40%16', 623 'fe80::', 624 ), 625 // IPv6 with reachability scope 626 array( 627 'FE80::B059:65F4:E877:C40%eth0', 628 'fe80::', 629 ), 585 630 ); 586 631 }
Note: See TracChangeset
for help on using the changeset viewer.