From 9bfe0db3be14bd27ee2420d0c3c2b1029c3594f9 Mon Sep 17 00:00:00 2001
From: nanhaoluo <3075912108@qq.com>
Date: Tue, 20 Jan 2026 23:12:32 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BC=98=E5=8C=96=20CDN=20=E7=8E=AF?=
 =?UTF-8?q?=E5=A2=83=E4=B8=8B=E7=9A=84=E7=9C=9F=E5=AE=9E=20IP=20=E8=8E=B7?=
 =?UTF-8?q?=E5=8F=96=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 调整 IP 获取优先级：CF-Connecting-IP > X-Real-IP > X-Forwarded-For > REMOTE_ADDR

- 增加内网 IP 检测，避免将 CDN 内网 IP 作为客户端 IP

- 从 X-Forwarded-For 中提取第一个公网 IP

- 增强 IP 格式验证
---
 ai-summary-query.php | 40 +++++++++++++++++++++++++++++++++++-----
 1 file changed, 35 insertions(+), 5 deletions(-)

diff --git a/ai-summary-query.php b/ai-summary-query.php
index 8ac52c9..cb1461d 100644
--- a/ai-summary-query.php
+++ b/ai-summary-query.php
@@ -13,19 +13,49 @@ require_once($wp_load_path);
 
 /**
  * 获取客户端真实 IP
+ * 优先级：CF-Connecting-IP > X-Real-IP > X-Forwarded-For > REMOTE_ADDR
  */
 function argon_ai_query_get_client_ip() {
 	$ip = '';
+	
+	// Cloudflare
 	if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
 		$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
-	} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
-		$ip = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])[0];
-	} elseif (!empty($_SERVER['HTTP_X_REAL_IP'])) {
+	}
+	// Nginx proxy_pass 或其他反向代理
+	elseif (!empty($_SERVER['HTTP_X_REAL_IP'])) {
 		$ip = $_SERVER['HTTP_X_REAL_IP'];
-	} else {
+	}
+	// 通过代理转发（取第一个 IP）
+	elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+		$ip = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])[0];
+	}
+	// 直连 IP
+	else {
 		$ip = $_SERVER['REMOTE_ADDR'];
 	}
-	return filter_var(trim($ip), FILTER_VALIDATE_IP) ? trim($ip) : '';
+	
+	$ip = trim($ip);
+	
+	// 验证 IP 格式
+	if (!filter_var($ip, FILTER_VALIDATE_IP)) {
+		return '';
+	}
+	
+	// 如果是内网 IP 或 CDN IP，尝试从其他头获取
+	if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) === false) {
+		// 内网 IP，尝试从 X-Forwarded-For 获取真实公网 IP
+		if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+			$ips = array_map('trim', explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
+			foreach ($ips as $forwarded_ip) {
+				if (filter_var($forwarded_ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
+					return $forwarded_ip;
+				}
+			}
+		}
+	}
+	
+	return $ip;
 }
 
 /**