A WordPress Nonce, while not a true nonce, functions similarly in that it exists to secure a form or page from unauthorized access and abuse. By default, the WordPress Comment Form only displays a nonce field if the current user has the unfiltered_html capability. So, if the form is implemented with standard procedures, all you … Read more
or should this be ‘Tom & Jerry’? It doesn’t really matter. It’s more important to consider if you don’t know where the comment content is coming from. If you’re inserting user input as the comment content then this should be escaped. wp_new_comment() escapes and sanititizes the comment for you. It’s designed to take the user … Read more
The filter that you mention modifies the result of the get_comments function after it has been fetched. However, you can also parse arguments to this function. You can see which arguments here. As you can see you can limit results to comments from a certain author or exclude them. Now, here is where your question … Read more
You should copy comments.php in the child theme and then make the changes there. NOTE: DO NOT DELETE THE FILE FROM THE PARENT THEME. You can read more about parent and child theme here: https://developer.wordpress.org/themes/advanced-topics/child-themes/
After thinking about this a little bit, I guess that the proper way to ensure that your comments are properly escaped, is by doing something like this: $the_comment = get_comment_text(); echo ‘<p>’ . esc_html($the_comment) . ‘</p>’; Instead of simply using the function like this: comment_text(); Why even have these handy functions in the first place, … Read more
I can only answer your first two questions as I do not know anything about multisites. The default comment and content in the ‘About Us” page is not coming from the theme files, but rather the database. They are the default posts/pages/comments accessed by the backend not by the theme files. To get to this … Read more
I am also having this issue, haven’t found any solutions for it, apart from just plain ‘ol removing the placeholder attribute : / it seems to occur in any browser. I am using a JavaScript fallback for browsers that dont support the placeholder attrib, but with or without it, wordpress seems to pick up the … Read more
I think your best bet is to take a look at Otto’s post all about the comment form and functions, here: http://ottopress.com/2010/wordpress-3-0-theme-tip-the-comment-form/ If you want to cut to the chase, you can add this function to your functions.php: function my_fields($fields) { $fields[‘new’] = ‘<p>Some new input field here</p>’; return $fields; } add_filter(‘comment_form_default_fields’,’my_fields’); Then set new … Read more
Karma is a relic. Unused. Agent is the browser agent of the person who left the comment. Like saying they use firefox or IE or whatever. Comment type is either “comment” (or blank for the default case) or “pingback” or “trackback”, basically. You can have custom types, however they generally won’t show up as comments … Read more
Comments have an associated author to them. In a section called “Private Comments” – Query for all comments belonging to the current post where wp_comments->comment_author_email equals the email of the current user. Checkout the wp_comments table. It has 15 or so fields you can filter when displaying comments. EDIT: The code would look something like … Read more