From 48c8df6fb33470585ba4dacd57c2cbc9beb4c794 Mon Sep 17 00:00:00 2001
From: Sam Hotchkiss <sam@automattic.com>
Date: Tue, 13 Dec 2016 13:11:04 -0700
Subject: [PATCH 1/5] Clean up OVH IPs, and turn off protect when server isn't
 sharing IPs

---
 modules/protect.php                  |  8 ++++++++
 modules/protect/shared-functions.php | 10 ++++++++++
 2 files changed, 18 insertions(+)

diff --git a/modules/protect.php b/modules/protect.php
index 12a2917e30059..8bff1c15ff92e 100644
--- a/modules/protect.php
+++ b/modules/protect.php
@@ -425,6 +425,14 @@ function ip_is_whitelisted( $ip ) {
 	function check_login_ability( $preauth = false ) {
 		$ip = jetpack_protect_get_ip();
 		
+		// Server is misconfigured and we can't get an IP
+		if( ! $ip ) {
+			/*
+				TODO turn off protect / show message
+			*/
+			return true;
+		}
+		
 		/**
 		 * Short-circuit check_login_ability. 
 		 *
diff --git a/modules/protect/shared-functions.php b/modules/protect/shared-functions.php
index 443bab9e96a0a..9431eb5598d6d 100644
--- a/modules/protect/shared-functions.php
+++ b/modules/protect/shared-functions.php
@@ -167,6 +167,11 @@ function jetpack_protect_get_ip() {
 	} else {
 		$ip = $_SERVER['REMOTE_ADDR'];
 	}
+	
+	if ( ! $ip ) {
+		return false;
+	}
+	
 	$ips = explode( ',', $ip );
 	if ( ! isset( $segments ) || ! $segments ) {
 		$segments = 1;
@@ -193,6 +198,11 @@ function jetpack_protect_get_ip() {
  * @return $ip IP.
  */
 function jetpack_clean_ip( $ip ) {
+	
+	// Some misconfigured servers give back extra info, which comes after "unless"
+	$ips = explode( ' unless ', $ip );
+	$ip = $ips[0];
+	
 	$ip = trim( $ip );
 	// Check for IPv4 IP cast as IPv6.
 	if ( preg_match( '/^::ffff:(\d+\.\d+\.\d+\.\d+)$/', $ip, $matches ) ) {

From 9204fc7c8c036232bf8ecf0a8e6f5905c78570ff Mon Sep 17 00:00:00 2001
From: dereksmart <smart@automattic.com>
Date: Tue, 13 Dec 2016 16:12:03 -0500
Subject: [PATCH 2/5] Protect: If IP is mis-configured, deactivate protect and
 show a one-time message.

Only shows message on the Jetpack admin page, and only one time
---
 .../jetpack-notices/state-notices.jsx         | 28 +++++++++++++++----
 modules/protect.php                           | 11 ++++----
 2 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/_inc/client/components/jetpack-notices/state-notices.jsx b/_inc/client/components/jetpack-notices/state-notices.jsx
index 71fc4a83e0678..7fb48f8b46af9 100644
--- a/_inc/client/components/jetpack-notices/state-notices.jsx
+++ b/_inc/client/components/jetpack-notices/state-notices.jsx
@@ -16,6 +16,7 @@ import {
 	getJetpackStateNoticesMessageCode,
 	getJetpackStateNoticesErrorDescription
 } from 'state/jetpack-notices';
+import NoticeAction from 'components/notice/notice-action.jsx';
 
 const JetpackStateNotices = React.createClass( {
 	displayName: 'JetpackStateNotices',
@@ -160,8 +161,9 @@ const JetpackStateNotices = React.createClass( {
 	},
 
 	getMessageFromKey: function( key ) {
-		let message = '';
-		let status = 'is-info';
+		let message = '',
+			status = 'is-info',
+			action;
 		switch ( key ) {
 			// This is the message that is shown on first page load after a Jetpack plugin update.
 			case 'modules_activated' :
@@ -188,17 +190,29 @@ const JetpackStateNotices = React.createClass( {
 				message = __( "You're fueled up and ready to go." );
 				status = 'is-success';
 				break;
+			case 'protect_misconfigured_ip' :
+				message = __( "Your server is misconfigured, which means that Jetpack Protect is unable to effectively protect your site." );
+				status = 'is-info';
+				action = (
+					<NoticeAction
+						href="https://jetpack.com/support/protect/"
+					>
+						{ __( 'Learn More' ) }
+					</NoticeAction>
+				);
+				break;
 
 			default:
 				message = key;
 		}
 
-		return [ message, status ];
+		return [ message, status, action ];
 	},
 
 	renderContent: function() {
-		let status = 'is-info';
-		let noticeText = '';
+		let status = 'is-info',
+			noticeText = '',
+			action;
 		const error = this.props.jetpackStateNoticesErrorCode,
 			message = this.props.jetpackStateNoticesMessageCode;
 
@@ -217,14 +231,16 @@ const JetpackStateNotices = React.createClass( {
 			const messageData = this.getMessageFromKey( message );
 			noticeText = messageData[0];
 			status = messageData[1];
+			action = messageData[2]
 		}
 
 		return (
 			<SimpleNotice
 				status={ status }
 				onDismissClick={ this.dismissJetpackStateNotice }
+			    text={ noticeText }
 			>
-				{ noticeText }
+				{ action }
 			</SimpleNotice>
 		);
 	},
diff --git a/modules/protect.php b/modules/protect.php
index 8bff1c15ff92e..f9071cfdff750 100644
--- a/modules/protect.php
+++ b/modules/protect.php
@@ -424,12 +424,13 @@ function ip_is_whitelisted( $ip ) {
 	 */
 	function check_login_ability( $preauth = false ) {
 		$ip = jetpack_protect_get_ip();
-		
+
 		// Server is misconfigured and we can't get an IP
-		if( ! $ip ) {
-			/*
-				TODO turn off protect / show message
-			*/
+		if ( ! $ip ) {
+			Jetpack::deactivate_module( 'protect' );
+			ob_start();
+			Jetpack::state( 'message', 'protect_misconfigured_ip' );
+			ob_end_clean();
 			return true;
 		}
 		

From 456d0c907bed46afd72c885a1f7346bcc8b40840 Mon Sep 17 00:00:00 2001
From: dereksmart <smart@automattic.com>
Date: Tue, 13 Dec 2016 16:23:47 -0500
Subject: [PATCH 3/5] Make sure Jetpack class exists

---
 modules/protect.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/protect.php b/modules/protect.php
index f9071cfdff750..2a6e34eb261e3 100644
--- a/modules/protect.php
+++ b/modules/protect.php
@@ -426,7 +426,7 @@ function check_login_ability( $preauth = false ) {
 		$ip = jetpack_protect_get_ip();
 
 		// Server is misconfigured and we can't get an IP
-		if ( ! $ip ) {
+		if ( ! $ip && class_exists( 'Jetpack' ) ) {
 			Jetpack::deactivate_module( 'protect' );
 			ob_start();
 			Jetpack::state( 'message', 'protect_misconfigured_ip' );

From 49fb5dfa46a0032d9c13994f49d1d9e2eb2f69d2 Mon Sep 17 00:00:00 2001
From: dereksmart <smart@automattic.com>
Date: Tue, 13 Dec 2016 16:42:05 -0500
Subject: [PATCH 4/5] Protect: don't allow activation if cannot get IP

---
 class.jetpack.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/class.jetpack.php b/class.jetpack.php
index e55632132243d..18f5fec918709 100644
--- a/class.jetpack.php
+++ b/class.jetpack.php
@@ -2519,6 +2519,16 @@ public static function activate_module( $module, $exit = true, $redirect = true
 			}
 		}
 
+		// Protect won't work with mis-configured IPs
+		if ( 'protect' === $module ) {
+			include_once JETPACK__PLUGIN_DIR . 'modules/protect/shared-functions.php';
+			if ( ! jetpack_protect_get_ip() ) {
+				error_log( 'hello' );
+				Jetpack::state( 'message', 'protect_misconfigured_ip' );
+				return false;
+			}
+		}
+
 		// Check the file for fatal errors, a la wp-admin/plugins.php::activate
 		Jetpack::state( 'module', $module );
 		Jetpack::state( 'error', 'module_activation_failed' ); // we'll override this later if the plugin can be included without fatal error

From 0f19ea4a60e8216b48b5142a78c0f6a07a28fc3f Mon Sep 17 00:00:00 2001
From: dereksmart <smart@automattic.com>
Date: Tue, 13 Dec 2016 17:10:54 -0500
Subject: [PATCH 5/5] Protect: update learn more link for failed IP notice

---
 _inc/client/components/jetpack-notices/state-notices.jsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_inc/client/components/jetpack-notices/state-notices.jsx b/_inc/client/components/jetpack-notices/state-notices.jsx
index 7fb48f8b46af9..d1a047007b0dc 100644
--- a/_inc/client/components/jetpack-notices/state-notices.jsx
+++ b/_inc/client/components/jetpack-notices/state-notices.jsx
@@ -195,7 +195,7 @@ const JetpackStateNotices = React.createClass( {
 				status = 'is-info';
 				action = (
 					<NoticeAction
-						href="https://jetpack.com/support/protect/"
+						href="https://jetpack.com/support/security/troubleshooting-protect/"
 					>
 						{ __( 'Learn More' ) }
 					</NoticeAction>