- Timestamp:
- 04/10/2018 11:18:04 PM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/class-wp-community-events.php
r42826 r42968 234 234 */ 235 235 public static function get_unsafe_client_ip() { 236 $client_ip = $netmask =false;236 $client_ip = false; 237 237 $ip_prefix = ''; 238 238 … … 280 280 if ( $is_ipv6 ) { 281 281 // IPv6 addresses will always be enclosed in [] if there's a port. 282 $ip_start = 1; 283 $ip_end = (int) strpos( $client_ip, ']' ) - 1; 284 $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; 282 $left_bracket = strpos( $client_ip, '[' ); 283 $right_bracket = strpos( $client_ip, ']' ); 284 $percent = strpos( $client_ip, '%' ); 285 $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; 285 286 286 287 // Strip the port (and [] from IPv6 addresses), if they exist. 287 if ( $ip_end > 0 ) { 288 $client_ip = substr( $client_ip, $ip_start, $ip_end ); 288 if ( false !== $left_bracket && false !== $right_bracket ) { 289 $client_ip = substr( $client_ip, $left_bracket + 1, $right_bracket - $left_bracket - 1 ); 290 } elseif ( false !== $left_bracket || false !== $right_bracket ) { 291 // The IP has one bracket, but not both, so it's malformed. 292 return false; 293 } 294 295 // Strip the reachability scope. 296 if ( false !== $percent ) { 297 $client_ip = substr( $client_ip, 0, $percent ); 298 } 299 300 // No invalid characters should be left. 301 if ( preg_match( '/[^0-9a-f:]/i', $client_ip ) ) { 302 return false; 289 303 } 290 304
Note: See TracChangeset
for help on using the changeset viewer.