Comments: Ensure custom comment form fields appear for logged-in users

dream-encode · dream-encode · commit 40e3f2b56541 · 2025-10-21T13:58:49.000Z
When a user is logged in, only the default comment textarea is shown by the core `comment_form()` implementation, but custom fields supplied via the `fields` argument are omitted. This mismatch means plugin- and theme-added fields aren't visible to logged-in users, though they are visible to guests. This change fixes this by moving the loop over `$args['fields']` inside `comment_form()`, so that extra fields are rendered, regardless of login status. Props maorb, valendesigns, CarlSteffen, swissspidy, rachelbaker, kushsharma, abcd95, iamadisingh, oglekler, welcher. Fixes #16576. git-svn-id: https://develop.svn.wordpress.org/trunk@61034 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-includes/comment-template.php b/src/wp-includes/comment-template.php
@@ -2593,6 +2593,8 @@ function comment_form( $args = array(), $post = null ) {
 		}
 	}
 
+	$original_fields = $fields;
+
 	/**
 	 * Filters the default comment form fields.
 	 *
@@ -2806,7 +2808,7 @@ function comment_form( $args = array(), $post = null ) {
 
 					echo $args['comment_notes_after'];
 
-				} elseif ( ! is_user_logged_in() ) {
+				} elseif ( ! is_user_logged_in() || ! isset( $original_fields[ $name ] ) ) {
 
 					if ( $first_field === $name ) {
 						/**
diff --git a/tests/phpunit/tests/comment/commentForm.php b/tests/phpunit/tests/comment/commentForm.php
@@ -227,4 +227,72 @@ static function ( array $defaults ): array {
 		$this->assertTrue( $p->next_tag( array( 'tag_name' => 'FORM' ) ), 'Expected FORM tag.' );
 		$this->assertTrue( $p->get_attribute( 'novalidate' ), 'Expected FORM to have novalidate attribute.' );
 	}
+
+	/**
+	 * @ticket 16576
+	 */
+	public function test_custom_fields_shown_default_fields_hidden_for_logged_in_users() {
+		$user_id = self::factory()->user->create(
+			array(
+				'role'       => 'subscriber',
+				'user_login' => 'testuser',
+				'user_email' => 'test@example.com',
+			)
+		);
+
+		wp_set_current_user( $user_id );
+		$this->assertTrue( is_user_logged_in() );
+
+		$args = array(
+			'fields' => array(
+				'author'       => '<p><label for="author">Name</label><input type="text" name="author" id="author" /></p>',
+				'email'        => '<p><label for="email">Email</label><input type="email" name="email" id="email" /></p>',
+				'url'          => '<p><label for="url">Website</label><input type="url" name="url" id="url" /></p>',
+				'cookies'      => '<p><input type="checkbox" name="wp-comment-cookies-consent" id="wp-comment-cookies-consent" /><label for="wp-comment-cookies-consent">Save my details</label></p>',
+				'custom_field' => '<p><label for="custom_field">Custom Field</label><input type="text" name="custom_field" id="custom_field" /></p>',
+				'department'   => '<p><label for="department">Department</label><select name="department" id="department"><option value="sales">Sales</option></select></p>',
+			),
+		);
+
+		$form = get_echo( 'comment_form', array( $args, self::$post_id ) );
+
+		// Custom fields should be present
+		$this->assertStringContainsString( 'name="custom_field"', $form );
+		$this->assertStringContainsString( 'name="department"', $form );
+		$this->assertStringContainsString( 'Custom Field', $form );
+		$this->assertStringContainsString( 'Department', $form );
+
+		// Default fields should NOT be present
+		$this->assertStringNotContainsString( 'name="author"', $form );
+		$this->assertStringNotContainsString( 'name="email"', $form );
+		$this->assertStringNotContainsString( 'name="url"', $form );
+		$this->assertStringNotContainsString( 'wp-comment-cookies-consent', $form );
+
+		wp_set_current_user( 0 );
+	}
+
+	/**
+	 * @ticket 16576
+	 */
+	public function test_all_fields_displayed_for_non_logged_in_users() {
+		wp_set_current_user( 0 );
+		$this->assertFalse( is_user_logged_in() );
+
+		$args = array(
+			'fields' => array(
+				'author'       => '<p><label for="author">Name</label><input type="text" name="author" id="author" /></p>',
+				'email'        => '<p><label for="email">Email</label><input type="email" name="email" id="email" /></p>',
+				'url'          => '<p><label for="url">Website</label><input type="url" name="url" id="url" /></p>',
+				'custom_field' => '<p><label for="custom_field">Custom Field</label><input type="text" name="custom_field" id="custom_field" /></p>',
+			),
+		);
+
+		$form = get_echo( 'comment_form', array( $args, self::$post_id ) );
+
+		// All fields should be present for non-logged-in users
+		$this->assertStringContainsString( 'name="author"', $form );
+		$this->assertStringContainsString( 'name="email"', $form );
+		$this->assertStringContainsString( 'name="url"', $form );
+		$this->assertStringContainsString( 'name="custom_field"', $form );
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -2593,6 +2593,8 @@ function comment_form( $args = array(), $post = null ) {`
`2593`	`2593`	`}`
`2594`	`2594`	`}`
`2595`	`2595`
	`2596`	`+ $original_fields = $fields;`
	`2597`	`+`
`2596`	`2598`	`/**`
`2597`	`2599`	`* Filters the default comment form fields.`
`2598`	`2600`	`*`
`@@ -2806,7 +2808,7 @@ function comment_form( $args = array(), $post = null ) {`
`2806`	`2808`
`2807`	`2809`	`echo $args['comment_notes_after'];`
`2808`	`2810`
`2809`		`- } elseif ( ! is_user_logged_in() ) {`
	`2811`	`+ } elseif ( ! is_user_logged_in() \|\| ! isset( $original_fields[ $name ] ) ) {`
`2810`	`2812`
`2811`	`2813`	`if ( $first_field === $name ) {`
`2812`	`2814`	`/**`