diff --git a/wp-includes/comment.php b/wp-includes/comment.php index 170f45500..f6422c187 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -321,7 +321,7 @@ function wp_insert_comment($commentdata) { extract($commentdata); if ( ! isset($comment_author_IP) ) - $comment_author_IP = $_SERVER['REMOTE_ADDR']; + $comment_author_IP = preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ); if ( ! isset($comment_date) ) $comment_date = current_time('mysql'); if ( ! isset($comment_date_gmt) ) @@ -365,7 +365,7 @@ function wp_new_comment( $commentdata ) { $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID']; $commentdata['user_ID'] = (int) $commentdata['user_ID']; - $commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; + $commentdata['comment_author_IP'] = preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ); $commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT']; $commentdata['comment_date'] = current_time('mysql'); diff --git a/wp-includes/functions.php b/wp-includes/functions.php index b0e389e9c..302886e0f 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -1012,6 +1012,7 @@ function wp_check_filetype($filename, $mimes = null) { function wp_proxy_check($ipnum) { if ( get_option('open_proxy_check') && isset($ipnum) ) { + $ipnum = preg_replace( '/([0-9]{1,3})\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/', '$1', $ipnum ); $rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) ); $lookup = $rev_ip . '.sbl-xbl.spamhaus.org.'; if ( $lookup != gethostbyname( $lookup ) ) diff --git a/wp-includes/vars.php b/wp-includes/vars.php index 2573b27eb..beec34cbc 100644 --- a/wp-includes/vars.php +++ b/wp-includes/vars.php @@ -34,11 +34,6 @@ $is_IE = (($is_macIE) || ($is_winIE)); $is_apache = ( strstr($_SERVER['SERVER_SOFTWARE'], 'Apache') || strstr($_SERVER['SERVER_SOFTWARE'], 'LiteSpeed') ) ? 1 : 0; $is_IIS = strstr($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') ? 1 : 0; -// On OS X Server, $_SERVER['REMOTE_ADDR'] is the server's address. Workaround this -// by using $_SERVER['HTTP_PC_REMOTE_ADDR'], which *is* the remote address. -if ( isset($_SERVER['HTTP_PC_REMOTE_ADDR']) ) - $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_PC_REMOTE_ADDR']; - // if the config file does not provide the smilies array, let's define it here if (!isset($wpsmiliestrans)) { $wpsmiliestrans = array(