function jetpack_protect_get_ip() { $trusted_header_data = get_site_option('trusted_ip_header'); if (isset($trusted_header_data->trusted_header) && isset($_SERVER[$trusted_header_data->trusted_header])) { $ip = $_SERVER[$trusted_header_data->trusted_header]; $segments = $trusted_header_data->segments; $reverse_order = $trusted_header_data->reverse; } else { $ip = $_SERVER['REMOTE_ADDR']; } $ips = explode(',', $ip); if (!isset($segments) || !$segments) { $segments = 1; } if (isset($reverse_order) && $reverse_order) { $ips = array_reverse($ips); } $ip_count = count($ips); if (1 == $ip_count) { return jetpack_clean_ip($ips[0]); } elseif ($ip_count >= $segments) { $the_one = $ip_count - $segments; return jetpack_clean_ip($ips[$the_one]); } else { return jetpack_clean_ip($_SERVER['REMOTE_ADDR']); } }
/** * Sends a "check_key" API call once a day. This call allows us to track IP-related * headers for this server via the Protect API, in order to better identify the source * IP for login attempts */ public function maybe_update_headers() { $updated_recently = $this->get_transient('jpp_headers_updated_recently'); // check that current user is admin so we prevent a lower level user from adding // a trusted header, allowing them to brute force an admin account if (!$updated_recently && current_user_can('update_plugins')) { Jetpack_Protect_Module::protect_call('check_key'); $this->set_transient('jpp_headers_updated_recently', 1, DAY_IN_SECONDS); $headers = $this->get_headers(); $trusted_header = 'REMOTE_ADDR'; if (count($headers) == 1) { $trusted_header = key($headers); } elseif (count($headers) > 1) { foreach ($headers as $header => $ip) { $ips = explode(', ', $ip); $ip_list_has_nonprivate_ip = false; foreach ($ips as $ip) { $ip = jetpack_clean_ip($ip); // If the IP is in a private or reserved range, return REMOTE_ADDR to help prevent spoofing if ($ip == '127.0.0.1' || $ip == '::1' || jetpack_protect_ip_is_private($ip)) { continue; } else { $ip_list_has_nonprivate_ip = true; break; } } if (!$ip_list_has_nonprivate_ip) { continue; } // IP is not local, we'll trust this header $trusted_header = $header; break; } } update_site_option('trusted_ip_header', $trusted_header); } }
function jetpack_protect_get_ip() { $trusted_header = get_site_option('trusted_ip_header'); if (isset($trusted_header) && isset($_SERVER[$trusted_header])) { $ip = $_SERVER[$trusted_header]; } else { $ip = $_SERVER['REMOTE_ADDR']; } $ips = array_reverse(explode(', ', $ip)); $ip_list_has_nonprivate_ip = false; foreach ($ips as $ip) { $ip = jetpack_clean_ip($ip); // If the IP is in a private or reserved range, keep looking if ($ip == '127.0.0.1' || $ip == '::1' || jetpack_protect_ip_is_private($ip)) { continue; } else { return $ip; } } return jetpack_clean_ip($_SERVER['REMOTE_ADDR']); }