示例#1
0
function jetpack_protect_get_ip()
{
    $trusted_header_data = get_site_option('trusted_ip_header');
    if (isset($trusted_header_data->trusted_header) && isset($_SERVER[$trusted_header_data->trusted_header])) {
        $ip = $_SERVER[$trusted_header_data->trusted_header];
        $segments = $trusted_header_data->segments;
        $reverse_order = $trusted_header_data->reverse;
    } else {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    $ips = explode(',', $ip);
    if (!isset($segments) || !$segments) {
        $segments = 1;
    }
    if (isset($reverse_order) && $reverse_order) {
        $ips = array_reverse($ips);
    }
    $ip_count = count($ips);
    if (1 == $ip_count) {
        return jetpack_clean_ip($ips[0]);
    } elseif ($ip_count >= $segments) {
        $the_one = $ip_count - $segments;
        return jetpack_clean_ip($ips[$the_one]);
    } else {
        return jetpack_clean_ip($_SERVER['REMOTE_ADDR']);
    }
}
示例#2
0
 /**
  * Sends a "check_key" API call once a day.  This call allows us to track IP-related
  * headers for this server via the Protect API, in order to better identify the source
  * IP for login attempts
  */
 public function maybe_update_headers()
 {
     $updated_recently = $this->get_transient('jpp_headers_updated_recently');
     // check that current user is admin so we prevent a lower level user from adding
     // a trusted header, allowing them to brute force an admin account
     if (!$updated_recently && current_user_can('update_plugins')) {
         Jetpack_Protect_Module::protect_call('check_key');
         $this->set_transient('jpp_headers_updated_recently', 1, DAY_IN_SECONDS);
         $headers = $this->get_headers();
         $trusted_header = 'REMOTE_ADDR';
         if (count($headers) == 1) {
             $trusted_header = key($headers);
         } elseif (count($headers) > 1) {
             foreach ($headers as $header => $ip) {
                 $ips = explode(', ', $ip);
                 $ip_list_has_nonprivate_ip = false;
                 foreach ($ips as $ip) {
                     $ip = jetpack_clean_ip($ip);
                     // If the IP is in a private or reserved range, return REMOTE_ADDR to help prevent spoofing
                     if ($ip == '127.0.0.1' || $ip == '::1' || jetpack_protect_ip_is_private($ip)) {
                         continue;
                     } else {
                         $ip_list_has_nonprivate_ip = true;
                         break;
                     }
                 }
                 if (!$ip_list_has_nonprivate_ip) {
                     continue;
                 }
                 // IP is not local, we'll trust this header
                 $trusted_header = $header;
                 break;
             }
         }
         update_site_option('trusted_ip_header', $trusted_header);
     }
 }
示例#3
0
function jetpack_protect_get_ip()
{
    $trusted_header = get_site_option('trusted_ip_header');
    if (isset($trusted_header) && isset($_SERVER[$trusted_header])) {
        $ip = $_SERVER[$trusted_header];
    } else {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    $ips = array_reverse(explode(', ', $ip));
    $ip_list_has_nonprivate_ip = false;
    foreach ($ips as $ip) {
        $ip = jetpack_clean_ip($ip);
        // If the IP is in a private or reserved range, keep looking
        if ($ip == '127.0.0.1' || $ip == '::1' || jetpack_protect_ip_is_private($ip)) {
            continue;
        } else {
            return $ip;
        }
    }
    return jetpack_clean_ip($_SERVER['REMOTE_ADDR']);
}