Mahesh Waghmare

Developer Resources, Tips, Tricks, Tutorials and Much more.

WP_Community_Events::get_unsafe_client_ip

Reading time
1 Minute to Read
Published
Join the Conversation
Leave a Comment on WP_Community_Events::get_unsafe_client_ip

Advertisement

Show Other References
1 Minute to Read

Summery Summery

Determines the user’s actual IP address and attempts to partially anonymize an IP address by converting it to a network ID.

Syntax Syntax

WP_Community_Events::get_unsafe_client_ip()

Description Description

Geolocating the network ID usually returns a similar location as the actual IP, but provides some privacy for the user.

$_SERVER[‘REMOTE_ADDR’] cannot be used in all cases, such as when the user is making their request through a proxy, or when the web server is behind a proxy. In those cases, $_SERVER[‘REMOTE_ADDR’] is set to the proxy address rather than the user’s actual address.

Modified from https://stackoverflow.com/a/2031935/450127, MIT license. Modified from https://github.com/geertw/php-ip-anonymizer, MIT license.

SECURITY WARNING: This function is NOT intended to be used in circumstances where the authenticity of the IP address matters. This does NOT guarantee that the returned address is valid or accurate, and it can be easily spoofed.

Return Return

(string|false) The anonymized address on success; the given address or false on failure.

Source Source

File: wp-admin/includes/class-wp-community-events.php 

	public static function get_unsafe_client_ip() {
		$client_ip = false;

		// In order of preference, with the best ones for this purpose first.
		$address_headers = array(
			'HTTP_CLIENT_IP',
			'HTTP_X_FORWARDED_FOR',
			'HTTP_X_FORWARDED',
			'HTTP_X_CLUSTER_CLIENT_IP',
			'HTTP_FORWARDED_FOR',
			'HTTP_FORWARDED',
			'REMOTE_ADDR',
		);

		foreach ( $address_headers as $header ) {
			if ( array_key_exists( $header, $_SERVER ) ) {
				/*
				 * HTTP_X_FORWARDED_FOR can contain a chain of comma-separated
				 * addresses. The first one is the original client. It can't be
				 * trusted for authenticity, but we don't need to for this purpose.
				 */
				$address_chain = explode( ',', $_SERVER[ $header ] );
				$client_ip     = trim( $address_chain[0] );

				break;
			}
		}

		if ( ! $client_ip ) {
			return false;
		}

		$anon_ip = wp_privacy_anonymize_ip( $client_ip, true );

		if ( '0.0.0.0' === $anon_ip || '::' === $anon_ip ) {
			return false;
		}

		return $anon_ip;
	}

Advertisement

Changelog Changelog

Changelog
Version Description
4.8.0 Introduced.

Advertisement

Leave a Reply