Dashboard: Strip ports from IPs to avoid PHP warnings.

Fixes #41083. Props pento, iandunn, EatonZ, birgire, dd32. Built from https://develop.svn.wordpress.org/trunk@42016 git-svn-id: http://core.svn.wordpress.org/trunk@41850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-25 06:14:58 +02:00 · 2017-10-25 00:07:46 +00:00 · 2017-10-25 00:07:46 +00:00 · 2762709d2a
commit 2762709d2a
parent 12c626c82e
2 changed files with 42 additions and 12 deletions
--- a/wp-admin/includes/class-wp-community-events.php
+++ b/wp-admin/includes/class-wp-community-events.php
@ -233,7 +233,8 @@ class WP_Community_Events {
 	 *                      or false on failure.
 	 */
 	public static function get_unsafe_client_ip() {
-		$client_ip = false;
+		$client_ip = $netmask = false;
+		$ip_prefix = '';

 		// In order of preference, with the best ones for this purpose first.
 		$address_headers = array(
@ -260,18 +261,47 @@ class WP_Community_Events {
 			}
 		}

-		// These functions are not available on Windows until PHP 5.3.
-		if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) {
-			if ( 4 === strlen( inet_pton( $client_ip ) ) ) {
-				$netmask = '255.255.255.0'; // ipv4.
-			} else {
-				$netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; // ipv6.
-			}
-
-			$client_ip = inet_ntop( inet_pton( $client_ip ) & inet_pton( $netmask ) );
+		if ( ! $client_ip ) {
+			return false;
 		}

-		return $client_ip;
+		// Detect what kind of IP address this is.
+		$is_ipv6 = substr_count( $client_ip, ':' ) > 1;
+		$is_ipv4 = ( 3 === substr_count( $client_ip, '.' ) );
+
+		if ( $is_ipv6 && $is_ipv4 ) {
+			// IPv6 compatibility mode, temporarily strip the IPv6 part, and treat it like IPv4.
+			$ip_prefix = '::ffff:';
+			$client_ip = preg_replace( '/^\[?[0-9a-f:]*:/i', '', $client_ip );
+			$client_ip = str_replace( ']', '', $client_ip );
+			$is_ipv6   = false;
+		}
+
+		if ( $is_ipv6 ) {
+			// IPv6 addresses will always be enclosed in [] if there's a port.
+			$ip_start = 1;
+			$ip_end   = (int) strpos( $client_ip, ']' ) - 1;
+			$netmask  = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000';
+
+			// Strip the port (and [] from IPv6 addresses), if they exist.
+			if ( $ip_end > 0 ) {
+				$client_ip = substr( $client_ip, $ip_start, $ip_end );
+			}
+
+			// Partially anonymize the IP by reducing it to the corresponding network ID.
+			if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) {
+				$client_ip = inet_ntop( inet_pton( $client_ip ) & inet_pton( $netmask ) );
+			}
+		} elseif ( $is_ipv4 ) {
+			// Strip any port and partially anonymize the IP.
+			$last_octet_position = strrpos( $client_ip, '.' );
+			$client_ip           = substr( $client_ip, 0, $last_octet_position ) . '.0';
+		} else {
+			return false;
+		}
+
+		// Restore the IPv6 prefix to compatibility mode addresses.
+		return $ip_prefix . $client_ip;
 	}

 	/**
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.9-beta3-42015';
+$wp_version = '4.9-beta3-42016';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.