I found this problem in version 2.2.1. I fixed it. The XOR operator was confused with the pow function and the precedence of an AND operator disagreed with a comparison.
Here’s a patch.
@@ -50,12 +50,12 @@
foreach(explode(',',WP_FAIL2BAN_PROXIES) as $proxy) {
if (2 == count($cidr = explode('/',$proxy))) {
$net = ip2long($cidr[0]);
- $mask = ~ ( (2 ^ (32 - $cidr[1])) - 1 );
+ $mask = ~ ( pow(2, (32 - $cidr[1])) - 1 );
} else {
$net = ip2long($proxy);
$mask = -1;
}
- if ($net == $ip & $mask) {
+ if ($net == ($ip & $mask)) {
return (false===($len = strpos($_SERVER['HTTP_X_FORWARDED_FOR'],',')))
? $_SERVER['HTTP_X_FORWARDED_FOR']
: substr($_SERVER['HTTP_X_FORWARDED_FOR'],0,$len);
