云策 WordPress 开发者社区

钩子文档

pre_comment_user_ip

查看官方原文 ↗
💡 云策文档标注

概述

pre_comment_user_ip 是一个 WordPress 过滤器,用于在设置评论作者 IP 地址前修改该值。它允许开发者处理代理服务器场景,如从 X-Forwarded-For 或 Forwarded 头部提取真实客户端 IP,但需注意伪造风险。

关键要点

  • 过滤器名称:pre_comment_user_ip,应用于 $commentdata['comment_author_IP'] 参数
  • 主要用途:修改评论作者的 IP 地址,例如在代理服务器环境下获取原始客户端 IP
  • 相关头部:X-Forwarded-For(非标准,易伪造)和 Forwarded(RFC 7239 标准),需谨慎使用
  • 引入版本:WordPress 1.5.0
  • 相关函数:wp_filter_comment() 用于过滤和清理评论数据

代码示例

add_filter( 'pre_comment_user_ip', 'auto_reverse_proxy_pre_comment_user_ip');

function auto_reverse_proxy_pre_comment_user_ip()
{    
	$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];

	if (!empty($_SERVER['X_FORWARDED_FOR'])) {
		$X_FORWARDED_FOR = explode(',', $_SERVER['X_FORWARDED_FOR']);
		if (!empty($X_FORWARDED_FOR)) {
			$REMOTE_ADDR = trim($X_FORWARDED_FOR[0]);
		}
	}
	elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
		$HTTP_X_FORWARDED_FOR= explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
		if (!empty($HTTP_X_FORWARDED_FOR)) {
			$REMOTE_ADDR = trim($HTTP_X_FORWARDED_FOR[0]);
		}
	}

	return preg_replace('/[^0-9a-f:., ]/si', '', $REMOTE_ADDR);
}

注意事项

  • X-Forwarded-For 头部易被伪造,使用时需验证来源
  • Forwarded 头部是标准替代方案,建议优先考虑
  • 示例代码可能需调整以适应 Forwarded 头部格式
  • 使用此过滤器后,在 wp-admin 编辑评论时,comment_author_IP 可能被改为当前管理员 IP,需注意潜在问题(参考相关工单)
📄 原文内容

Filters the comment author’s IP address before it is set.

Parameters

$comment_author_ipstring
The comment author’s IP address.

More Information

With this filter, we can change the comment author’s IP before it’s recorded. Example use case can be when a client submits a comment through a proxy server.

The general format of the header is:
X-Forwarded-For: client1, proxy1, proxy2

where the value is a comma+space separated list of IP addresses, the left-most being the original client, and each successive proxy that passed the request adding the IP address where it received the request from. In this example, the request goes through the IPs: client1 -> proxy1 -> proxy2 -> proxy3. Proxy3 is not shown in the X-Forwarded-For header here and appears as the remote address of the request.

Since it is easy to forge an X-Forwarded-For header, the given information should be used with care.

X-Forwarded-For, X-Forwarded-By, and X-Forwarded-Proto are non-standard header fields and in increasing cases, have been superseded by the standard Forwarded header defined in RFC 7239. Example of a Forwarded header:
Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43

Source

$commentdata['comment_author_IP'] = apply_filters( 'pre_comment_user_ip', $commentdata['comment_author_IP'] );

View all references View on Trac View on GitHub

Used by Description
wp_filter_comment()wp-includes/comment.php

Filters and sanitizes comment data.

Changelog

Version Description
1.5.0 Introduced.

User Contributed Notes

  1. Skip to note 2 content


    Steven Lin


    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note

    Example Migrated from Codex:

    Use the left-most IP (the original client) in the X-Forwarded-For header as the comment author’s IP address.

    Note: You may need to adjust the example below for the standard Forwarded header, which supersedes the non-standard X-Forwarded-For header.

    add_filter( 'pre_comment_user_ip', 'auto_reverse_proxy_pre_comment_user_ip');

function auto_reverse_proxy_pre_comment_user_ip()
{    
	$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];

	if (!empty($_SERVER['X_FORWARDED_FOR'])) {
		$X_FORWARDED_FOR = explode(',', $_SERVER['X_FORWARDED_FOR']);
		if (!empty($X_FORWARDED_FOR)) {
			$REMOTE_ADDR = trim($X_FORWARDED_FOR[0]);
		}
	}

	/*
	* Some PHP environments will use the $_SERVER['HTTP_X_FORWARDED_FOR'] 
	* variable to capture visitor address information.
	*/
	elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
		$HTTP_X_FORWARDED_FOR= explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
		if (!empty($HTTP_X_FORWARDED_FOR)) {
			$REMOTE_ADDR = trim($HTTP_X_FORWARDED_FOR[0]);
		}
	}

	return preg_replace('/[^0-9a-f:., ]/si', '', $REMOTE_ADDR);
}