From 90a9fd49e61a8d464655d52e6feb662705505587 Mon Sep 17 00:00:00 2001
From: Gerhard Potgieter <potgieterg@gmail.com>
Date: Mon, 11 Jun 2018 10:49:03 +0200
Subject: [PATCH] X_FORWARDED_FOR standard states either just an IP or a comma
 seperated list of IP, Proxy, Proxy, ...

---
 includes/class-wc-geolocation.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/class-wc-geolocation.php b/includes/class-wc-geolocation.php
index 4ef314b146f..2c755f1626e 100644
--- a/includes/class-wc-geolocation.php
+++ b/includes/class-wc-geolocation.php
@@ -140,7 +140,7 @@ class WC_Geolocation {
 		} elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { // WPCS: input var ok, CSRF ok.
 			// Proxy servers can send through this header like this: X-Forwarded-For: client1, proxy1, proxy2
 			// Make sure we always only send through the first IP in the list which should always be the client IP.
-			return (string) rest_is_ip_address( trim( current( preg_split( '/[,:]/', sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ) ) ) ); // WPCS: input var ok, CSRF ok.
+			return (string) rest_is_ip_address( trim( current( preg_split( '/,/', sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ) ) ) ); // WPCS: input var ok, CSRF ok.
 		} elseif ( isset( $_SERVER['REMOTE_ADDR'] ) ) { // @codingStandardsIgnoreLine
 			return sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ); // @codingStandardsIgnoreLine
 		}