612-293-8629 HELLO@THEMIGHTYMO.COM

comment_form and comments_template and wp_list_comments in WordPress

by | Jul 26, 2011 | Blog Post, BuddyPress, Wordpress | 2 comments

I invested a good deal of time today customizing a comment form in a BuddyPress child theme.  My goals were to:

  1. Add a new field called, “Organization”
  2. Remove the “URL” field
  3. Remove the “Comment” text that appears above the corresponding textarea

The biggest learning for me was figuring out how comment_form, comments_template, and wp_list_comments fit together.

I learned a lot from Otto’s article on the subject, but that article didn’t address everything I needed to accomplish.  The following is what I did to accomplish the aforementioned goals.

In functions.php, I have the following:

// Change "Website" to "Organization" on the comment form.
add_filter('comment_form_default_fields','add_organization_to_comments');
function add_organization_to_comments($fields) {
 
    // New fields
    $fields['organization'] = '<p><label>Organization</label><input type="text" name="organization" value="'.(!empty($_POST['organization']) ? esc_attr( $_POST['organization']) : '').'" /></p>';
	$fields['author'] = '<p class="comment-form-author">' . '<label for="author">' . __( 'Name*' ) . '</label> ' . ( $req ? '<span class="required">*</span>' : '' ) .
	'<input id="author" name="author" type="text" value="' . esc_attr( $commenter['comment_author'] ) . '" size="30"' . $aria_req . ' /></p>';
	$fields['email'] = '<p class="comment-form-email"><label for="email">' . __( 'Email*' ) . '</label> ' . ( $req ? '<span class="required">*</span>' : '' ) .
	'<input id="email" name="email" type="text" value="' . esc_attr(  $commenter['comment_author_email'] ) . '" size="30"' . $aria_req . ' /></p>';
 
    // Remove unwanted default fields
    unset($fields['url']);
 
    return $fields;
}
 
// save extra fields in database
add_action( 'comment_post', 'save_comment' );
function save_comment($comment_id)
{
    add_comment_meta( $comment_id, 'organization', esc_attr($_POST['organization']), true );
}

That’s it!

Tomorrow I will share how I displayed the “organization” field in the “comments” panel of the WordPress admin screen.

ttfn.

2 Comments

  1. Otto
    Otto on July 27, 2011 at 1:03 am

    Danger Will Robinson!

    This code leaves your site open to a XSS attack through the comments form. I highly recommend filtering the POSTed organization field.

  2. toby
    toby on August 8, 2011 at 3:42 am

    @Otto – Thanks for the heads-up there!

    All, I have incorporated Otto’s suggestion and added the esc_attr() function to the POSTs in the code above.

PHONE, EMAIL, TEXT

We love to communicate: phone, email, text, Facebook, Twitter, LinkedIn, you name it.

HELLO@THEMIGHTYMO.COM // 612-293-8629
400 S. 4TH ST., SUITE 401, MINNEAPOLIS, MN 55415

LOCATIONS

DOWNTOWN MINNEAPOLIS
CoCo Coworking and Collaborative Space
400 S. 4TH ST., SUITE 401,
MINNEAPOLIS, MN 55415

UPTOWN MINNEAPOLIS
CoCo Coworking and Collaborative Space
1010 W. LAKE ST., SUITE 100,
MINNEAPOLIS, MN 55408

PAYMENTS ACCEPTED

LINKS

Call Now

Enroll in Our Free Beginner WordPress Class by Email

Never feel powerless in WordPress again!  Become a WordPress superstar for free in only minutes a day!

Our Beginner WordPress Email Class is delivered to your inbox!

Learn More 

You Have Successfully Enrolled! Prepare For Amazing!