[wp-hackers] WordPress IPv6 bug

Peter Westwood peter.westwood at ftwr.co.uk
Fri Sep 28 08:11:56 GMT 2007


On Fri, September 28, 2007 8:03 am, Kimmo Suominen wrote:
> Hi!
>
> I have a comment from 2007-03-03 with a good IP address logged:
>
>     2001:14b8:1ee:0:211:11ff:fe98:edf1
>
> But on another comment from 2007-09-13 I have this:
>
>     20011481021111981
>
> It appears to be the same address (my workstation), but with all
> the colons and non-digit characters removed.
>
> It seems this has already been reported on trac:
>
>     #4579: IPv6 IPs
>     #3987: IPv6 support
>
> The culprit appears to be in changeset 3990:
>
>     http://trac.wordpress.org/changeset/3990
>
> I think the changes made to wp-includes/comment.php should just
> be reversed.  The data in $_SERVER['REMOTE_ADDR'] is filled in by
> the web server using information from the socket structure, so it
> seems to me there is little need to further "sanitize" it.
>
> I've attached a patch to ticket #4579 to revert the change.
>
> The change in wp-includes/functions.php is fine, since Spamhaus
> does not support IPv6.  It might be good to check for the case
> that $ipnum has become empty after calling preg_replace().
>
>

I think the best solution here would be to move the checks to a
sanitization function and allow plugins to override it.

We could then add IPv6 support to the santization function (or to start
with it could be provided by a plugin)

westi
-- 
Peter Westwood <peter.westwood at ftwr.co.uk>
http://blog.ftwr.co.uk


More information about the wp-hackers mailing list