W3cubDocs

/WordPress

WP_Community_Events::get_unsafe_client_ip()

Determines the user’s actual IP address and attempts to partially anonymize an IP address by converting it to a network ID.

Description

Geolocating the network ID usually returns a similar location as the actual IP, but provides some privacy for the user.

$_SERVER[‘REMOTE_ADDR’] cannot be used in all cases, such as when the user is making their request through a proxy, or when the web server is behind a proxy. In those cases, $_SERVER[‘REMOTE_ADDR’] is set to the proxy address rather than the user’s actual address.

Modified from https://stackoverflow.com/a/2031935/450127, MIT license. Modified from https://github.com/geertw/php-ip-anonymizer, MIT license.

SECURITY WARNING: This function is NOT intended to be used in circumstances where the authenticity of the IP address matters. This does NOT guarantee that the returned address is valid or accurate, and it can be easily spoofed.

Return

(string|false) The anonymized address on success; the given address or false on failure.

Source

File: wp-admin/includes/class-wp-community-events.php

public static function get_unsafe_client_ip() {
		$client_ip = false;

		// In order of preference, with the best ones for this purpose first.
		$address_headers = array(
			'HTTP_CLIENT_IP',
			'HTTP_X_FORWARDED_FOR',
			'HTTP_X_FORWARDED',
			'HTTP_X_CLUSTER_CLIENT_IP',
			'HTTP_FORWARDED_FOR',
			'HTTP_FORWARDED',
			'REMOTE_ADDR',
		);

		foreach ( $address_headers as $header ) {
			if ( array_key_exists( $header, $_SERVER ) ) {
				/*
				 * HTTP_X_FORWARDED_FOR can contain a chain of comma-separated
				 * addresses. The first one is the original client. It can't be
				 * trusted for authenticity, but we don't need to for this purpose.
				 */
				$address_chain = explode( ',', $_SERVER[ $header ] );
				$client_ip     = trim( $address_chain[0] );

				break;
			}
		}

		if ( ! $client_ip ) {
			return false;
		}

		$anon_ip = wp_privacy_anonymize_ip( $client_ip, true );

		if ( '0.0.0.0' === $anon_ip || '::' === $anon_ip ) {
			return false;
		}

		return $anon_ip;
	}

Changelog

Version Description
4.8.0 Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_community_events/get_unsafe_client_ip