Merge branch 'main' into try/322-refresh

swissspidy · web-flow · commit 69cbb439d56c · 2026-02-16T14:45:38.000+01:00
diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
@@ -6,6 +6,8 @@ on:
     branches:
       - main
       - master
+  schedule:
+     - cron: '17 2 * * *' # Run every day on a seemly random time.
 
 jobs:
   code-quality:
diff --git a/composer.json b/composer.json
@@ -12,7 +12,7 @@
         }
     ],
     "require": {
-        "wp-cli/wp-cli": "^2.12"
+        "wp-cli/wp-cli": "^2.13"
     },
     "require-dev": {
         "wp-cli/extension-command": "^1.2 || ^2",
diff --git a/features/scaffold-block.feature b/features/scaffold-block.feature
@@ -31,8 +31,7 @@ Feature: WordPress block code scaffolding
       """
 
   Scenario: Scaffold a block for an invalid plugin slug
-    When I run `wp scaffold plugin plugin.name.with.dots`
-    And I try `wp scaffold block some-block --plugin=plugin.name.with.dots`
+    When I try `wp scaffold block some-block --plugin=plugin.name.with.dots`
     Then STDERR should contain:
       """
       Error: Invalid plugin name specified.
diff --git a/features/scaffold-plugin-tests.feature b/features/scaffold-plugin-tests.feature
@@ -236,7 +236,21 @@ Feature: Scaffold plugin unit tests
     When I try `wp scaffold plugin-tests ../`
     Then STDERR should be:
       """
-      Error: Invalid plugin slug specified. The target directory '{RUN_DIR}/wp-content/plugins/../' is not in '{RUN_DIR}/wp-content/plugins'.
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters, underscores, and dashes.
+      """
+    And the return code should be 1
+
+    When I try `wp scaffold plugin-tests my-plugin/`
+    Then STDERR should be:
+      """
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters, underscores, and dashes.
+      """
+    And the return code should be 1
+
+    When I try `wp scaffold plugin-tests my-plugin\\`
+    Then STDERR should be:
+      """
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters, underscores, and dashes.
       """
     And the return code should be 1
 
diff --git a/features/scaffold-theme-tests.feature b/features/scaffold-theme-tests.feature
@@ -8,7 +8,7 @@ Feature: Scaffold theme unit tests
     When I run `wp theme path`
     Then save STDOUT as {THEME_DIR}
 
-  @require-php-7.0 @less-than-php-7.2 @require-mysql
+  @require-php-7.0 @require-mysql
   Scenario: Scaffold theme tests
     When I run `wp scaffold theme-tests t12child`
     Then STDOUT should not be empty
@@ -215,7 +215,21 @@ Feature: Scaffold theme unit tests
     When I try `wp scaffold theme-tests ../`
     Then STDERR should be:
       """
-      Error: Invalid theme slug specified. The target directory '{RUN_DIR}/wp-content/themes/../' is not in '{RUN_DIR}/wp-content/themes'.
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters, underscores, and dashes.
+      """
+    And the return code should be 1
+
+    When I try `wp scaffold theme-tests t12child/`
+    Then STDERR should be:
+      """
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters, underscores, and dashes.
+      """
+    And the return code should be 1
+
+    When I try `wp scaffold theme-tests t12child\\`
+    Then STDERR should be:
+      """
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters, underscores, and dashes.
       """
     And the return code should be 1
 
diff --git a/src/Scaffold_Command.php b/src/Scaffold_Command.php
@@ -828,9 +828,13 @@ private function scaffold_plugin_theme_tests( $args, $assoc_args, $type ) {
 
 		if ( ! empty( $args[0] ) ) {
 			$slug = $args[0];
+			// Validate slug contains only alphanumeric characters, underscores, and dashes.
 			if ( in_array( $slug, [ '.', '..' ], true ) ) {
 				WP_CLI::error( "Invalid {$type} slug specified. The slug cannot be '.' or '..'." );
 			}
+			if ( ! preg_match( '/^[a-zA-Z0-9_-]+$/', $slug ) ) {
+				WP_CLI::error( "Invalid {$type} slug specified. The slug can only contain alphanumeric characters, underscores, and dashes." );
+			}
 			if ( 'theme' === $type ) {
 				$theme = wp_get_theme( $slug );
 				if ( $theme->exists() ) {
@@ -858,6 +862,13 @@ private function scaffold_plugin_theme_tests( $args, $assoc_args, $type ) {
 			}
 			if ( empty( $slug ) ) {
 				$slug = Utils\basename( $target_dir );
+				// Validate derived slug as well.
+				if ( in_array( $slug, [ '.', '..' ], true ) ) {
+					WP_CLI::error( "Invalid {$type} slug specified. The slug cannot be '.' or '..'." );
+				}
+				if ( ! preg_match( '/^[a-zA-Z0-9_-]+$/', $slug ) ) {
+					WP_CLI::error( "Invalid {$type} slug specified. The slug can only contain alphanumeric characters, underscores, and dashes." );
+				}
 			}
 		}
 
@@ -1200,7 +1211,7 @@ private static function canonicalize_path( $path ) {
 	/**
 	 * Gets an active theme's name when true provided or the same name otherwise.
 	 *
-	 * @param string|bool $theme Theme name or true.
+	 * @param string|true $theme Theme name or true.
 	 * @return string
 	 */
 	private function get_theme_name( $theme ) {

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@`
`12`	`12`	`}`
`13`	`13`	`],`
`14`	`14`	`"require": {`
`15`		`- "wp-cli/wp-cli": "^2.12"`
	`15`	`+ "wp-cli/wp-cli": "^2.13"`
`16`	`16`	`},`
`17`	`17`	`"require-dev": {`
`18`	`18`	`"wp-cli/extension-command": "^1.2 \|\| ^2",`