WP_Community_Events::get_unsafe_client_ip() - Determines the user's actual IP address and attempts to partially anonymize an IP address by converting it to a network ID.

WP_Community_Events::get_unsafe_client_ip() – Determines the user’s actual IP address and attempts to partially anonymize an IP address by converting it to a network ID.

You appear to be a bot. Output may be restricted

Description

Determines the user's actual IP address and attempts to partially anonymize an IP address by converting it to a network ID.

Geolocating the network ID usually returns a similar location as the actual IP, but provides some privacy for the user. $_SERVER['REMOTE_ADDR'] cannot be used in all cases, such as when the user is making their request through a proxy, or when the web server is behind a proxy. In those cases, $_SERVER['REMOTE_ADDR'] is set to the proxy address rather than the user's actual address. Modified from https://stackoverflow.com/a/2031935/450127, MIT license. Modified from https://github.com/geertw/php-ip-anonymizer, MIT license. SECURITY WARNING: This function is NOT intended to be used in circumstances where the authenticity of the IP address matters. This does _NOT_ guarantee that the returned address is valid or accurate, and it can be easily spoofed.

Usage

$string|false = WP_Community_Events::get_unsafe_client_ip();

Parameters

Returns

string|false The anonymized address on success; the given address or false on failure.

Source

File name: wordpress/wp-admin/includes/class-wp-community-events.php
Lines:

1 to 40 of 40

  public static function get_unsafe_client_ip() {
    $client_ip = false;

    // In order of preference, with the best ones for this purpose first.
    $address_headers = array(
      'HTTP_CLIENT_IP',
      'HTTP_X_FORWARDED_FOR',
      'HTTP_X_FORWARDED',
      'HTTP_X_CLUSTER_CLIENT_IP',
      'HTTP_FORWARDED_FOR',
      'HTTP_FORWARDED',
      'REMOTE_ADDR',
    );

    foreach ( $address_headers as $header ) {
      if ( array_key_exists( $header, $_SERVER ) ) {
        /*
				 * HTTP_X_FORWARDED_FOR can contain a chain of comma-separated
				 * addresses. The first one is the original client. It can't be
				 * trusted for authenticity, but we don't need to for this purpose.
				 */
        $address_chain = explode( ',', $_SERVER[ $header ] );
        $client_ip     = trim( $address_chain[0] );

        break;
      }
    }

    if ( ! $client_ip ) {
      return false;
    }

    $anon_ip = wp_privacy_anonymize_ip( $client_ip, true );

    if ( '0.0.0.0' === $anon_ip || '::' === $anon_ip ) {
      return false;
    }

    return $anon_ip;
  }

View on GitHub View on Trac