- Timestamp:
- 04/12/2018 09:19:24 PM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/class-wp-community-events.php
r42968 r42971 235 235 public static function get_unsafe_client_ip() { 236 236 $client_ip = false; 237 $ip_prefix = '';238 237 239 238 // In order of preference, with the best ones for this purpose first. … … 266 265 } 267 266 268 // Detect what kind of IP address this is. 269 $is_ipv6 = substr_count( $client_ip, ':' ) > 1; 270 $is_ipv4 = ( 3 === substr_count( $client_ip, '.' ) ); 271 272 if ( $is_ipv6 && $is_ipv4 ) { 273 // IPv6 compatibility mode, temporarily strip the IPv6 part, and treat it like IPv4. 274 $ip_prefix = '::ffff:'; 275 $client_ip = preg_replace( '/^\[?[0-9a-f:]*:/i', '', $client_ip ); 276 $client_ip = str_replace( ']', '', $client_ip ); 277 $is_ipv6 = false; 278 } 279 280 if ( $is_ipv6 ) { 281 // IPv6 addresses will always be enclosed in [] if there's a port. 282 $left_bracket = strpos( $client_ip, '[' ); 283 $right_bracket = strpos( $client_ip, ']' ); 284 $percent = strpos( $client_ip, '%' ); 285 $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; 286 287 // Strip the port (and [] from IPv6 addresses), if they exist. 288 if ( false !== $left_bracket && false !== $right_bracket ) { 289 $client_ip = substr( $client_ip, $left_bracket + 1, $right_bracket - $left_bracket - 1 ); 290 } elseif ( false !== $left_bracket || false !== $right_bracket ) { 291 // The IP has one bracket, but not both, so it's malformed. 292 return false; 293 } 294 295 // Strip the reachability scope. 296 if ( false !== $percent ) { 297 $client_ip = substr( $client_ip, 0, $percent ); 298 } 299 300 // No invalid characters should be left. 301 if ( preg_match( '/[^0-9a-f:]/i', $client_ip ) ) { 302 return false; 303 } 304 305 // Partially anonymize the IP by reducing it to the corresponding network ID. 306 if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) { 307 $client_ip = inet_ntop( inet_pton( $client_ip ) & inet_pton( $netmask ) ); 308 } 309 } elseif ( $is_ipv4 ) { 310 // Strip any port and partially anonymize the IP. 311 $last_octet_position = strrpos( $client_ip, '.' ); 312 $client_ip = substr( $client_ip, 0, $last_octet_position ) . '.0'; 313 } else { 267 $anon_ip = wp_privacy_anonymize_ip( $client_ip, true ); 268 269 if ( '0.0.0.0' === $anon_ip || '::' === $anon_ip ) { 314 270 return false; 315 271 } 316 272 317 // Restore the IPv6 prefix to compatibility mode addresses. 318 return $ip_prefix . $client_ip; 273 return $anon_ip; 319 274 } 320 275
Note: See TracChangeset
for help on using the changeset viewer.