[wp-trac] [WordPress Trac] #41083: IP with port number triggers warnings in WP_Community_Events

Fri Jul 14 23:02:32 UTC 2017

#41083: IP with port number triggers warnings in WP_Community_Events
--------------------------------------+-----------------------------
 Reporter:  EatonZ                    |       Owner:  iandunn
     Type:  defect (bug)              |      Status:  assigned
 Priority:  normal                    |   Milestone:  4.8.1
Component:  Administration            |     Version:  4.8
 Severity:  normal                    |  Resolution:
 Keywords:  good-first-bug has-patch  |     Focuses:  administration
--------------------------------------+-----------------------------

Comment (by swalker1595):

 This issue still manifest itself when using localhost.

 When localhost resolves to an IPv6 Address, [::1]:80, the error persist.

 As I am not an experienced PHP Developer, I have modified the file like
 so:

 {{{#!php
 <?php
 public static function get_unsafe_client_ip()

 {
         $client_ip = false;
         // In order of preference, with the best ones for this purpose
 first.
         $address_headers = array(
                 'HTTP_CLIENT_IP',
                 'HTTP_X_FORWARDED_FOR',
                 'HTTP_X_FORWARDED',
                 'HTTP_X_CLUSTER_CLIENT_IP',
                 'HTTP_FORWARDED_FOR',
                 'HTTP_FORWARDED',
                 'REMOTE_ADDR',
         );
         foreach($address_headers as $header) {
                 if (array_key_exists($header, $_SERVER)) {
                         /*
                         * HTTP_X_FORWARDED_FOR can contain a chain of
                         comma-separated
                         * addresses. The first one is the original client.
 It can't
                         be
                         * trusted for authenticity, but we don't need to
 for this
                         purpose.
                         */
                         $address_chain = explode(',', $_SERVER[$header]);
                         $client_ip = trim($address_chain[0]);
                         if ((strlen($client_ip) < 25) &&
 (stristr($client_ip, ":") !== FALSE)) {
                                 $client_ip = substr($client_ip, 0,
 strpos($client_ip, ":"));
                         }
                         break;
                 }
         }

         /* CUSTOM MODIFICATION */
         if (empty($client_ip)) {
                 $client_ip = '127.0.0.1';
         }
         /* END CUSTOM MODIFICATION */

         // These functions are not available on Windows until PHP 5.3.
         if (function_exists('inet_pton') && function_exists('inet_ntop'))
 {
                 if (4 === strlen(inet_pton($client_ip))) {
                         $netmask = '255.255.255.0'; // ipv4.
                 }
                 else {
                         $netmask =
 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; //
                         ipv6 .
                 }
                 $client_ip = inet_ntop(inet_pton($client_ip) &
 inet_pton($netmask));
         }
         return $client_ip;
 }
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/41083#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform