[wp-trac] [WordPress Trac] #4412: Get real IP address for
proxy-passed WordPress installations
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 6 02:41:55 GMT 2007
#4412: Get real IP address for proxy-passed WordPress installations
-------------------------+--------------------------------------------------
Reporter: RuddO | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Keywords:
-------------------------+--------------------------------------------------
When WordPress is proxy-passed, commenters' remote addresses appear as
127.0.0.1, which of course fucks up some antispam plugins that use this
information. Hope this patch helps those of us who are fronting WP with
Squid and the like:
Index: comment.php
===================================================================
--- comment.php (revisión: 32)
+++ comment.php (copia de trabajo)
@@ -384,7 +384,20 @@
$commentdata['user_ID'] = (int) $commentdata['user_ID'];
$commentdata['comment_author_IP'] = preg_replace( '/[^0-9., ]/',
'',$_SERVER['REMOTE_ADDR'] );
- $commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT'];
+ if ($commentdata['comment_author_IP'] == "127.0.0.1") {
+ foreach ( array(
+ "HTTP_CLIENT_IP",
+ "HTTP_X_FORWARDED_FOR",
+ "HTTP_X_FORWARDED",
+ "HTTP_FORWARDED_FOR",
+ "HTTP_FORWARDED",
+ "REMOTE_ADDR") as $addrtype ) {
+ if (!isset($_SERVER[$addrtype])) {
continue; }
+ $commentdata['comment_author_IP'] =
preg_replace( '/[^0-9., ]/', '',$_SERVER[$addrtype] );
+ if ($commentdata['comment_author_IP'])
break;
+ }
+ }
+ $commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT'];
$commentdata['comment_date'] = current_time('mysql');
$commentdata['comment_date_gmt'] = current_time('mysql', 1);
--
Ticket URL: <http://trac.wordpress.org/ticket/4412>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list