<?php

[0] Fix | Delete

[1] Fix | Delete

namespace WordfenceLS;

[2] Fix | Delete

[3] Fix | Delete

class Model_Request {

[4] Fix | Delete

const IP_SOURCE_AUTOMATIC = '';

[5] Fix | Delete

const IP_SOURCE_REMOTE_ADDR = 'REMOTE_ADDR';

[6] Fix | Delete

const IP_SOURCE_X_FORWARDED_FOR = 'HTTP_X_FORWARDED_FOR';

[7] Fix | Delete

const IP_SOURCE_X_REAL_IP = 'HTTP_X_REAL_IP';

[8] Fix | Delete

[9] Fix | Delete

private $_cachedIP;

[10] Fix | Delete

[11] Fix | Delete

public static function current() {

[12] Fix | Delete

return new Model_Request();

[13] Fix | Delete

}

[14] Fix | Delete

[15] Fix | Delete

public function detected_ip_preview($source = null, $trusted_proxies = null) {

[16] Fix | Delete

if ($source === null) {

[17] Fix | Delete

$source = Controller_Settings::shared()->get(Controller_Settings::OPTION_IP_SOURCE);

[18] Fix | Delete

}

[19] Fix | Delete

[20] Fix | Delete

$record = $this->_ip($source);

[21] Fix | Delete

if (is_array($record)) {

[22] Fix | Delete

list($ip, $variable) = $record;

[23] Fix | Delete

if (isset($_SERVER[$variable]) && strpos($_SERVER[$variable], ',') !== false) {

[24] Fix | Delete

$items = preg_replace('/[\s,]/', '', explode(',', $_SERVER[$variable]));

[25] Fix | Delete

$output = '';

[26] Fix | Delete

foreach ($items as $i) {

[27] Fix | Delete

if ($ip == $i) {

[28] Fix | Delete

$output .= ', <strong>' . esc_html($i) . '</strong>';

[29] Fix | Delete

}

[30] Fix | Delete

else {

[31] Fix | Delete

$output .= ', ' . esc_html($i);

[32] Fix | Delete

}

[33] Fix | Delete

}

[34] Fix | Delete

[35] Fix | Delete

return substr($output, 2);

[36] Fix | Delete

}

[37] Fix | Delete

return '<strong>' . esc_html($ip) . '</strong>';

[38] Fix | Delete

}

[39] Fix | Delete

return false;

[40] Fix | Delete

}

[41] Fix | Delete

[42] Fix | Delete

public function ip($refreshCache = false) {

[43] Fix | Delete

if (WORDFENCE_LS_FROM_CORE) {

[44] Fix | Delete

return \wfUtils::getIP($refreshCache);

[45] Fix | Delete

}

[46] Fix | Delete

[47] Fix | Delete

if (!isset($this->_cachedIP) || $refreshCache) {

[48] Fix | Delete

$this->_cachedIP = $this->_ip(Controller_Settings::shared()->get(Controller_Settings::OPTION_IP_SOURCE), Controller_Settings::shared()->trusted_proxies());

[49] Fix | Delete

}

[50] Fix | Delete

[51] Fix | Delete

return $this->_cachedIP[0]; //Format is array(<text IP>, <field found in>)

[52] Fix | Delete

}

[53] Fix | Delete

[54] Fix | Delete

public function ip_for_field($source, $trusted_proxies) {

[55] Fix | Delete

return $this->_ip($source, $trusted_proxies);

[56] Fix | Delete

}

[57] Fix | Delete

[58] Fix | Delete

protected function _ip($source = null, $trusted_proxies = null) {

[59] Fix | Delete

if ($source === null) {

[60] Fix | Delete

$source = Controller_Settings::shared()->get(Controller_Settings::OPTION_IP_SOURCE);

[61] Fix | Delete

}

[62] Fix | Delete

[63] Fix | Delete

$possible_ips = $this->_possible_ips($source);

[64] Fix | Delete

if ($trusted_proxies === null) { $trusted_proxies = array(); }

[65] Fix | Delete

return $this->_find_preferred_ip($possible_ips, $trusted_proxies);

[66] Fix | Delete

}

[67] Fix | Delete

[68] Fix | Delete

protected function _possible_ips($source = null) {

[69] Fix | Delete

$defaultIP = (is_array($_SERVER) && isset($_SERVER[self::IP_SOURCE_REMOTE_ADDR])) ? array($_SERVER[self::IP_SOURCE_REMOTE_ADDR], self::IP_SOURCE_REMOTE_ADDR) : array('127.0.0.1', self::IP_SOURCE_REMOTE_ADDR);

[70] Fix | Delete

[71] Fix | Delete

if ($source) {

[72] Fix | Delete

if ($source == self::IP_SOURCE_REMOTE_ADDR) {

[73] Fix | Delete

return array($defaultIP);

[74] Fix | Delete

}

[75] Fix | Delete

[76] Fix | Delete

$check = array(

[77] Fix | Delete

array((isset($_SERVER[$source]) ? $_SERVER[$source] : ''), $source),

[78] Fix | Delete

$defaultIP,

[79] Fix | Delete

);

[80] Fix | Delete

return $check;

[81] Fix | Delete

}

[82] Fix | Delete

[83] Fix | Delete

$check = array($defaultIP);

[84] Fix | Delete

if (isset($_SERVER[self::IP_SOURCE_X_FORWARDED_FOR])) {

[85] Fix | Delete

$check[] = array($_SERVER[self::IP_SOURCE_X_FORWARDED_FOR], self::IP_SOURCE_X_FORWARDED_FOR);

[86] Fix | Delete

}

[87] Fix | Delete

if (isset($_SERVER[self::IP_SOURCE_X_REAL_IP])) {

[88] Fix | Delete

$check[] = array($_SERVER[self::IP_SOURCE_X_REAL_IP], self::IP_SOURCE_X_REAL_IP);

[89] Fix | Delete

}

[90] Fix | Delete

return $check;

[91] Fix | Delete

}

[92] Fix | Delete

[93] Fix | Delete

protected function _find_preferred_ip($possible_ips, $trusted_proxies) {

[94] Fix | Delete

$privates = array();

[95] Fix | Delete

foreach ($possible_ips as $entry) {

[96] Fix | Delete

list($value, $var) = $entry;

[97] Fix | Delete

if (is_array($value)) { // An array of IPs

[98] Fix | Delete

foreach ($value as $index => $j) {

[99] Fix | Delete

if (!Model_IP::is_valid_ip($j)) {

[100] Fix | Delete

$j = preg_replace('/:\d+$/', '', $j); //Strip off port if present

[101] Fix | Delete

}

[102] Fix | Delete

[103] Fix | Delete

if (Model_IP::is_valid_ip($j)) {

[104] Fix | Delete

if (Model_IP::is_ipv6_mapped_ipv4($j)) {

[105] Fix | Delete

$j = Model_IP::inet_ntop(Model_IP::inet_pton($j));

[106] Fix | Delete

}

[107] Fix | Delete

[108] Fix | Delete

foreach ($trusted_proxies as $proxy) {

[109] Fix | Delete

if (!empty($proxy)) {

[110] Fix | Delete

if (Controller_Whitelist::shared()->ip_in_range($j, $proxy) && $index < count($value) - 1) {

[111] Fix | Delete

continue 2;

[112] Fix | Delete

}

[113] Fix | Delete

}

[114] Fix | Delete

}

[115] Fix | Delete

[116] Fix | Delete

if (filter_var($j, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) === false) {

[117] Fix | Delete

$privates[] = array($j, $var);

[118] Fix | Delete

}

[119] Fix | Delete

else {

[120] Fix | Delete

return array($j, $var);

[121] Fix | Delete

}

[122] Fix | Delete

}

[123] Fix | Delete

}

[124] Fix | Delete

continue;

[125] Fix | Delete

}

[126] Fix | Delete

[127] Fix | Delete

$skipToNext = false;

[128] Fix | Delete

$separators = array(',', ' ', "\t");

[129] Fix | Delete

foreach ($separators as $char) { // A list of IPs separated by <separator>: 192.0.2.15,192.0.2.35,192.0.2.254

[130] Fix | Delete

if (strpos($value, $char) !== false) {

[131] Fix | Delete

$sp = explode($char, $value);

[132] Fix | Delete

$sp = array_reverse($sp);

[133] Fix | Delete

foreach ($sp as $index => $j) {

[134] Fix | Delete

$j = trim($j);

[135] Fix | Delete

if (!Model_IP::is_valid_ip($j)) {

[136] Fix | Delete

$j = preg_replace('/:\d+$/', '', $j); //Strip off port

[137] Fix | Delete

}

[138] Fix | Delete

[139] Fix | Delete

if (Model_IP::is_valid_ip($j)) {

[140] Fix | Delete

if (Model_IP::is_ipv6_mapped_ipv4($j)) {

[141] Fix | Delete

$j = Model_IP::inet_ntop(Model_IP::inet_pton($j));

[142] Fix | Delete

}

[143] Fix | Delete

[144] Fix | Delete

foreach ($trusted_proxies as $proxy) {

[145] Fix | Delete

if (!empty($proxy)) {

[146] Fix | Delete

if (Controller_Whitelist::shared()->ip_in_range($j, $proxy) && $index < count($sp) - 1) {

[147] Fix | Delete

continue 2;

[148] Fix | Delete

}

[149] Fix | Delete

}

[150] Fix | Delete

}

[151] Fix | Delete

[152] Fix | Delete

if (filter_var($j, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) === false) {

[153] Fix | Delete

$privates[] = array($j, $var);

[154] Fix | Delete

}

[155] Fix | Delete

else {

[156] Fix | Delete

return array($j, $var);

[157] Fix | Delete

}

[158] Fix | Delete

}

[159] Fix | Delete

}

[160] Fix | Delete

$skipToNext = true;

[161] Fix | Delete

break;

[162] Fix | Delete

}

[163] Fix | Delete

}

[164] Fix | Delete

if ($skipToNext) { continue; } //Skip to next item because this one had a comma/space/tab, but we didn't find a valid, non-private address

[165] Fix | Delete

[166] Fix | Delete

// A literal IP

[167] Fix | Delete

if (!Model_IP::is_valid_ip($value)) {

[168] Fix | Delete

$value = preg_replace('/:\d+$/', '', $value); //Strip off port

[169] Fix | Delete

}

[170] Fix | Delete

[171] Fix | Delete

if (Model_IP::is_valid_ip($value)) {

[172] Fix | Delete

if (Model_IP::is_ipv6_mapped_ipv4($value)) {

[173] Fix | Delete

$value = Model_IP::inet_ntop(Model_IP::inet_pton($value));

[174] Fix | Delete

}

[175] Fix | Delete

[176] Fix | Delete

if (filter_var($value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) === false) {

[177] Fix | Delete

$privates[] = array($value, $var);

[178] Fix | Delete

}

[179] Fix | Delete

else {

[180] Fix | Delete

return array($value, $var);

[181] Fix | Delete

}

[182] Fix | Delete

}

[183] Fix | Delete

}

[184] Fix | Delete

[185] Fix | Delete

if (count($privates) > 0) {

[186] Fix | Delete

return $privates[0];

[187] Fix | Delete

}

[188] Fix | Delete

[189] Fix | Delete

return false;

[190] Fix | Delete

}

[191] Fix | Delete

}

[192] Fix | Delete