WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard: Strip more extraneous IP parts to prevent PHP warnings. 

This iterates on earlier versions of the code, in order to handle more edge cases. An arbitrary string like `or=\"` will now be stripped, as well as reachability scopes like `%eth0`.

Props eamax, soulseekah, iandunn.
Fixes #41083.

Built from https://develop.svn.wordpress.org/trunk@42968


git-svn-id: http://core.svn.wordpress.org/trunk@42797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
iandunn 2018-04-10 23:19:30 +00:00
parent 108578a8ec
commit 057cef802a
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
wp-admin/includes/class-wp-community-events.php
View File

@ -233,7 +233,7 @@ class WP_Community_Events {
* or false on failure.
*/
public static function get_unsafe_client_ip() {
$client_ip = $netmask = false;
$client_ip = false;
$ip_prefix = '';
// In order of preference, with the best ones for this purpose first.
@ -279,13 +279,27 @@ class WP_Community_Events {
if ( $is_ipv6 ) {
// IPv6 addresses will always be enclosed in [] if there's a port.
$ip_start = 1;
$ip_end = (int) strpos( $client_ip, ']' ) - 1;
$netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000';
$left_bracket = strpos( $client_ip, '[' );
$right_bracket = strpos( $client_ip, ']' );
$percent = strpos( $client_ip, '%' );
$netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000';
// Strip the port (and [] from IPv6 addresses), if they exist.
if ( $ip_end > 0 ) {
$client_ip = substr( $client_ip, $ip_start, $ip_end );
if ( false !== $left_bracket && false !== $right_bracket ) {
$client_ip = substr( $client_ip, $left_bracket + 1, $right_bracket - $left_bracket - 1 );
} elseif ( false !== $left_bracket || false !== $right_bracket ) {
// The IP has one bracket, but not both, so it's malformed.
return false;
}
// Strip the reachability scope.
if ( false !== $percent ) {
$client_ip = substr( $client_ip, 0, $percent );
}
// No invalid characters should be left.
if ( preg_match( '/[^0-9a-f:]/i', $client_ip ) ) {
return false;
}
// Partially anonymize the IP by reducing it to the corresponding network ID.

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.0-alpha-42967';
$wp_version = '5.0-alpha-42968';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.