WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/02/2018 12:48:23 AM (17 months ago)
Author:
SergeyBiryukov
Message:

Privacy: add helper function for anonymizing data in a standardized way.

Props jesperher, allendav, iandunn, birgire, azaozz, joemcgill.
Merges [42971] and [43081] to the 4.9 branch.
Fixes #43545.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-admin/includes/class-wp-community-events.php

    r42016 r43082  
    235235    public static function get_unsafe_client_ip() {
    236236        $client_ip = $netmask = false;
    237         $ip_prefix = '';
    238237
    239238        // In order of preference, with the best ones for this purpose first.
     
    266265        }
    267266
    268         // Detect what kind of IP address this is.
    269         $is_ipv6 = substr_count( $client_ip, ':' ) > 1;
    270         $is_ipv4 = ( 3 === substr_count( $client_ip, '.' ) );
    271 
    272         if ( $is_ipv6 && $is_ipv4 ) {
    273             // IPv6 compatibility mode, temporarily strip the IPv6 part, and treat it like IPv4.
    274             $ip_prefix = '::ffff:';
    275             $client_ip = preg_replace( '/^\[?[0-9a-f:]*:/i', '', $client_ip );
    276             $client_ip = str_replace( ']', '', $client_ip );
    277             $is_ipv6   = false;
    278         }
    279 
    280         if ( $is_ipv6 ) {
    281             // IPv6 addresses will always be enclosed in [] if there's a port.
    282             $ip_start = 1;
    283             $ip_end   = (int) strpos( $client_ip, ']' ) - 1;
    284             $netmask  = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000';
    285 
    286             // Strip the port (and [] from IPv6 addresses), if they exist.
    287             if ( $ip_end > 0 ) {
    288                 $client_ip = substr( $client_ip, $ip_start, $ip_end );
    289             }
    290 
    291             // Partially anonymize the IP by reducing it to the corresponding network ID.
    292             if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) {
    293                 $client_ip = inet_ntop( inet_pton( $client_ip ) & inet_pton( $netmask ) );
    294             }
    295         } elseif ( $is_ipv4 ) {
    296             // Strip any port and partially anonymize the IP.
    297             $last_octet_position = strrpos( $client_ip, '.' );
    298             $client_ip           = substr( $client_ip, 0, $last_octet_position ) . '.0';
    299         } else {
     267        $anon_ip = wp_privacy_anonymize_ip( $client_ip, true );
     268
     269        if ( '0.0.0.0' === $anon_ip || '::' === $anon_ip ) {
    300270            return false;
    301271        }
    302272
    303         // Restore the IPv6 prefix to compatibility mode addresses.
    304         return $ip_prefix . $client_ip;
     273        return $anon_ip;
    305274    }
    306275
Note: See TracChangeset for help on using the changeset viewer.