Hiding Comment Emails

Posted on by Tom Woodward
Will Wonka asking you to tell him again what WordPress can't do.

Obscuring emails in WordPress . . . the comments edition.

This is likely overkill but given that VCU has concerns about student emails being divulged via group emails we figured it wouldn’t hurt. I don’t want a class requiring commenting on student sites and that resulting in student unintentionally divulging their VCU emails because they’re logged in. You can see more details on email concerns at VCU (and likely other Virginia universities) at the VCU House Bill 1 site.

This is going to go into our production code soon but seems to be working fine in development land.

If you’re not a super-admin you will no longer see emails in the main comments view.
The main wordpress comment view without email addresses visible.

In the quick edit view, I opted to get a little more nuanced. Email addresses without VCU in them will show normally. I figured this might be useful for contacting outside people. VCU has three or four email patterns but all of them have VCU in the address so I opted to just look for VCU in the email string using strpos. If it finds VCU then it spits back a generic sanitized email, sanitized_email@vcu.edu.1 I thought this would make it more obvious that there wasn’t an error but that emails were being cleaned intentionally.

The quick edit view in WordPress with a sanitized email showing in place of the entered email address.

And finally, the single comment edit view.
The single comment edit view in WordPress with a sanitized email showing in place of the entered email address.

Thanks to Jeremy Felt who helped me out with the right filter pattern to alter emails in the quick edit and single comment editing view. That happened in the WPCampus Slack group which is worth joining if you’re in education and doing things in WordPress. There are many very smart people there. 

/*------------------------------------REMOVE EMAILS IN COMMENTS FOR NON-SUPERADMINS------------------------------------*/

add_action( 'load-edit-comments.php', 'alt_hide_commenter_email' );//main comment list page

function alt_hide_commenter_email()
{
    global $current_user;
    $super_admins = get_super_admins();         
    if ( is_array( $super_admins ) && in_array( $current_user->user_login, $super_admins ) ){
        return;
    } else {
        add_filter( 'comment_email', '__return_false' );//remove from main list
        add_filter( 'get_comment', function( $comment ) { $comment->comment_author_email = clean_vcu_email($comment->comment_author_email); return $comment; } );//gets the quick edit 

    }
}

add_action( 'load-comment.php', 'alt_more_hide_commenter_email' );//individual comment edit view

function alt_more_hide_commenter_email()
{        
     global $current_user;
    $super_admins = get_super_admins();         
    if ( is_array( $super_admins ) && in_array( $current_user->user_login, $super_admins ) ){
        return;
    } else {
        add_filter( 'get_comment', function( $comment ) { $comment->comment_author_email = clean_vcu_email($comment->comment_author_email); return $comment; } ); //gets it from single comment editor
    }
}

//function to 
function clean_vcu_email($email){
    $needle = 'vcu';
    $result = strpos($email,$needle);
    if ($result != false){
        return 'sanitized_email@vcu.edu';
    } else {
        return $email;
    }
}

1 I started to make more jokes with this but pulled myself back.