@@ -856,9 +856,13 @@ private function scaffold_plugin_theme_tests( $args, $assoc_args, $type ) {
856856
857857 if ( ! empty ( $ args [0 ] ) ) {
858858 $ slug = $ args [0 ];
859+ // Validate slug contains only alphanumeric characters, underscores, and dashes.
859860 if ( in_array ( $ slug , [ '. ' , '.. ' ], true ) ) {
860861 WP_CLI ::error ( "Invalid {$ type } slug specified. The slug cannot be '.' or '..'. " );
861862 }
863+ if ( ! preg_match ( '/^[a-zA-Z0-9_-]+$/ ' , $ slug ) ) {
864+ WP_CLI ::error ( "Invalid {$ type } slug specified. The slug can only contain alphanumeric characters, underscores, and dashes. " );
865+ }
862866 if ( 'theme ' === $ type ) {
863867 $ theme = wp_get_theme ( $ slug );
864868 if ( $ theme ->exists () ) {
@@ -886,6 +890,13 @@ private function scaffold_plugin_theme_tests( $args, $assoc_args, $type ) {
886890 }
887891 if ( empty ( $ slug ) ) {
888892 $ slug = Utils \basename ( $ target_dir );
893+ // Validate derived slug as well.
894+ if ( in_array ( $ slug , [ '. ' , '.. ' ], true ) ) {
895+ WP_CLI ::error ( "Invalid {$ type } slug specified. The slug cannot be '.' or '..'. " );
896+ }
897+ if ( ! preg_match ( '/^[a-zA-Z0-9_-]+$/ ' , $ slug ) ) {
898+ WP_CLI ::error ( "Invalid {$ type } slug specified. The slug can only contain alphanumeric characters, underscores, and dashes. " );
899+ }
889900 }
890901 }
891902
@@ -1228,7 +1239,7 @@ private static function canonicalize_path( $path ) {
12281239 /**
12291240 * Gets an active theme's name when true provided or the same name otherwise.
12301241 *
1231- * @param string|bool $theme Theme name or true.
1242+ * @param string|true $theme Theme name or true.
12321243 * @return string
12331244 */
12341245 private function get_theme_name ( $ theme ) {
0 commit comments