Make slug validation stricter to only allow alphanumeric and dashes

Co-authored-by: swissspidy <[email protected]>

Author: Copilot

features/scaffold-plugin-tests.feature

@@ -236,21 +236,28 @@ Feature: Scaffold plugin unit tests
     When I try `wp scaffold plugin-tests ../`
     Then STDERR should be:
       """
-      Error: Invalid plugin slug specified. The target directory '{RUN_DIR}/wp-content/plugins/../' is not in '{RUN_DIR}/wp-content/plugins'.
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 
     When I try `wp scaffold plugin-tests my-plugin/`
     Then STDERR should be:
       """
-      Error: Invalid plugin slug specified. The slug cannot end with a slash.
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 
     When I try `wp scaffold plugin-tests my-plugin\\`
     Then STDERR should be:
       """
-      Error: Invalid plugin slug specified. The slug cannot end with a slash.
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters and dashes.
+      """
+    And the return code should be 1
+
+    When I try `wp scaffold plugin-tests my_plugin`
+    Then STDERR should be:
+      """
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 

features/scaffold-theme-tests.feature

@@ -215,21 +215,28 @@ Feature: Scaffold theme unit tests
     When I try `wp scaffold theme-tests ../`
     Then STDERR should be:
       """
-      Error: Invalid theme slug specified. The target directory '{RUN_DIR}/wp-content/themes/../' is not in '{RUN_DIR}/wp-content/themes'.
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 
     When I try `wp scaffold theme-tests t12child/`
     Then STDERR should be:
       """
-      Error: Invalid theme slug specified. The slug cannot end with a slash.
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 
     When I try `wp scaffold theme-tests t12child\\`
     Then STDERR should be:
       """
-      Error: Invalid theme slug specified. The slug cannot end with a slash.
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters and dashes.
+      """
+    And the return code should be 1
+
+    When I try `wp scaffold theme-tests t12_child`
+    Then STDERR should be:
+      """
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 

src/Scaffold_Command.php

@@ -829,9 +829,9 @@ private function scaffold_plugin_theme_tests( $args, $assoc_args, $type ) {
 			if ( in_array( $slug, [ '.', '..' ], true ) ) {
 				WP_CLI::error( "Invalid {$type} slug specified. The slug cannot be '.' or '..'." );
 			}
-			// Reject slugs ending with slashes to prevent corrupted bootstrap.php files.
-			if ( '/' === substr( $slug, -1 ) || '\\' === substr( $slug, -1 ) ) {
-				WP_CLI::error( "Invalid {$type} slug specified. The slug cannot end with a slash." );
+			// Validate slug contains only alphanumeric characters and dashes.
+			if ( ! preg_match( '/^[a-zA-Z0-9\-]+$/', $slug ) ) {
+				WP_CLI::error( "Invalid {$type} slug specified. The slug can only contain alphanumeric characters and dashes." );
 			}
 			if ( 'theme' === $type ) {
 				$theme = wp_get_theme( $slug );