今天在编辑修改某评论时,突然发现评论修改完后,Wordpress会把原记录的评论者 IP 更新为评论编辑修改者的 IP,WordPress 的这个评论者 IP 修改逻辑显然是不对的,经过测试,才发现是主题里的一个透过代理获取用户真实 IP 的钩子函数导致的问题...
钩子函数来自这里,需要修改为下面这样后才能行:
- /**
- * WordPress 透过 CDN 代理获取访客评论者真实 IP 地址 - 龙笑天下
- * https://www.ilxtx.com/wordpress-get-real-comment-ip.html
- */
- function dr_filter_get_real_comment_ip($comment_author_IP) {
- if( is_admin() ){
- return $comment_author_IP;
- }
- $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
- // 使用 CloudFlare CDN
- if ( !empty($_SERVER['HTTP_CF_CONNECTING_IP']) ) {
- $HTTP_CF_CONNECTING_IP = explode(',', $_SERVER['HTTP_CF_CONNECTING_IP']);
- if (!empty($HTTP_CF_CONNECTING_IP)) {
- $REMOTE_ADDR = trim($HTTP_CF_CONNECTING_IP[0]);
- }
- }
- else if (!empty($_SERVER['X_FORWARDED_FOR'])) {
- $X_FORWARDED_FOR = explode(',', $_SERVER['X_FORWARDED_FOR']);
- if (!empty($X_FORWARDED_FOR)) {
- $REMOTE_ADDR = trim($X_FORWARDED_FOR[0]);
- }
- }
- /*
- * Some PHP environments will use the $_SERVER['HTTP_X_FORWARDED_FOR']
- * variable to capture visitor address information.
- */
- else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
- $HTTP_X_FORWARDED_FOR= explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
- if (!empty($HTTP_X_FORWARDED_FOR)) {
- $REMOTE_ADDR = trim($HTTP_X_FORWARDED_FOR[0]);
- }
- }
- return preg_replace('/[^0-9a-f:\., ]/si', '', $REMOTE_ADDR);
- }
- add_filter( 'pre_comment_user_ip', 'dr_filter_get_real_comment_ip');
WordPress 额外配置
根据用户反馈,使用 CloudFlare 等 CDN 代理时,需要额外再修改 Wordpress 的配置文件 wp-config.php,在里面加入下面代码才能起效果:
- // WordPress 使用 CDN 后获取访客真实 IP
- if( !emptyempty($_SERVER['HTTP_X_FORWARDED_FOR']) ) {
- $get_HTTP_X_FORWARDED_FOR = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
- $_SERVER['REMOTE_ADDR'] = trim($get_HTTP_X_FORWARDED_FOR[0]);
- }