WP_Community_Events::get_unsafe_client_ip() WordPress Method

The Wordpress WP_Community_Events::get_unsafe_client_ip() method is used to get the IP address of the user making a request to a Wordpress site. This information is then used to determine the user's location. This method is considered unsafe because it can be used to track a user's location. It is important to note that this method should only be used if absolutely necessary, and if possible, a more secure method should be used instead.

WP_Community_Events::get_unsafe_client_ip() #

Determines the user’s actual IP address and attempts to partially anonymize an IP address by converting it to a network ID.

Contents

Description

Geolocating the network ID usually returns a similar location as the actual IP, but provides some privacy for the user.

$_SERVER[‘REMOTE_ADDR’] cannot be used in all cases, such as when the user is making their request through a proxy, or when the web server is behind a proxy. In those cases, $_SERVER[‘REMOTE_ADDR’] is set to the proxy address rather than the user’s actual address.

Modified from https://stackoverflow.com/a/2031935/450127, MIT license. Modified from https://github.com/geertw/php-ip-anonymizer, MIT license.

SECURITY WARNING: This function is NOT intended to be used in circumstances where the authenticity of the IP address matters. This does NOT guarantee that the returned address is valid or accurate, and it can be easily spoofed.

Top ↑

Return

(string|false) The anonymized address on success; the given address or false on failure.

Top ↑

Source

File: wp-admin/includes/class-wp-community-events.php

	public static function get_unsafe_client_ip() {
		$client_ip = false;

		// In order of preference, with the best ones for this purpose first.
		$address_headers = array(
			'HTTP_CLIENT_IP',
			'HTTP_X_FORWARDED_FOR',
			'HTTP_X_FORWARDED',
			'HTTP_X_CLUSTER_CLIENT_IP',
			'HTTP_FORWARDED_FOR',
			'HTTP_FORWARDED',
			'REMOTE_ADDR',
		);

		foreach ( $address_headers as $header ) {
			if ( array_key_exists( $header, $_SERVER ) ) {
				/*
				 * HTTP_X_FORWARDED_FOR can contain a chain of comma-separated
				 * addresses. The first one is the original client. It can't be
				 * trusted for authenticity, but we don't need to for this purpose.
				 */
				$address_chain = explode( ',', $_SERVER[ $header ] );
				$client_ip     = trim( $address_chain[0] );

				break;
			}
		}

		if ( ! $client_ip ) {
			return false;
		}

		$anon_ip = wp_privacy_anonymize_ip( $client_ip, true );

		if ( '0.0.0.0' === $anon_ip || '::' === $anon_ip ) {
			return false;
		}

		return $anon_ip;
	}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Changelog

Changelog
VersionDescription
4.8.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.