-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve client IP resolution for Stream logs #1459
Changes from 1 commit
4d086cc
868957b
970121b
5578066
54150d6
2a00ddf
c637256
fb0f093
c10f996
d18e872
3d11efd
d9fa985
4afe6ec
f0a5e20
a136099
560baf1
94e17bd
9daaaa8
1b9068d
38683c1
f6c799b
85bdc4d
9bcc490
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -90,6 +90,13 @@ class Plugin { | |
*/ | ||
public $locations = array(); | ||
|
||
/** | ||
* IP address for the current request to be associated with the log entry. | ||
* | ||
* @var null|false|string | ||
*/ | ||
protected $client_ip_address; | ||
|
||
/** | ||
* Class constructor | ||
*/ | ||
|
@@ -138,6 +145,9 @@ public function __construct() { | |
// Load logger class. | ||
$this->log = apply_filters( 'wp_stream_log_handler', new Log( $this ) ); | ||
|
||
// Set the IP address for the current request. | ||
$this->client_ip_address = wp_stream_filter_input( INPUT_SERVER, 'REMOTE_ADDR', FILTER_VALIDATE_IP ); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Make the main plugin class responsible for knowing properties of the current request. Expose the knowledge via a helper method. |
||
|
||
// Load settings and connectors after widgets_init and before the default init priority. | ||
add_action( 'init', array( $this, 'init' ), 9 ); | ||
|
||
|
@@ -315,4 +325,48 @@ public function is_mustuse() { | |
|
||
return false; | ||
} | ||
|
||
/** | ||
* Get the IP address for the current request. | ||
* | ||
* @return false|null|string | ||
*/ | ||
public function get_client_ip_address() { | ||
return apply_filters( 'wp_stream_client_ip_address', $this->client_ip_address ); | ||
} | ||
|
||
/** | ||
* Get the client IP address from the HTTP request headers. | ||
* | ||
* There is no guarantee that this is the real IP address of the client. | ||
* | ||
* @return string|null | ||
*/ | ||
protected function get_unsafe_client_ip_address() { | ||
// List of $_SERVER keys that could contain the client IP address. | ||
$address_headers = array( | ||
'HTTP_X_FORWARDED_FOR', | ||
'HTTP_FORWARDED_FOR', | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. RFC 7239 proposes a new standard It is still a comma-separated list, but contains prefixes in front of the IP address and other directives, like so:
Not sure it's worthwhile adding support for that upcoming standard as of yet, though, as it doesn't seem to be widely supported => https://c960657.github.io/forwarded.html There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah, let's leave this to a separate pull request. |
||
); | ||
|
||
foreach ( $address_headers as $header ) { | ||
if ( ! empty( $_SERVER[ $header ] ) ) { | ||
$header_client_ip = $_SERVER[ $header ]; | ||
|
||
// Account for multiple IPs in case of multiple proxies. | ||
if ( false !== strpos( $header_client_ip, ',' ) ) { | ||
$header_client_ips = explode( ',', $header_client_ip ); | ||
$header_client_ip = $header_client_ips[0]; | ||
} | ||
|
||
$client_ip = filter_var( trim( $header_client_ip ), FILTER_VALIDATE_IP ); | ||
|
||
if ( ! empty( $client_ip ) ) { | ||
return $client_ip; | ||
} | ||
} | ||
} | ||
|
||
return null; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the intention behind having three different types here?
From what I can gather in the PR here, we have:
string
false
null
As mixed types always offer extra surface for bugs, just covering the bases here:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is just mirroring the output types of
filter_input()
. This is the canonical state of theREMOTE_ADDR
value and the methods can use these values as needed.