From bc6d673084b6e4435e4151d88b085aceb93e3c6f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 22 Dec 2025 16:24:34 +0000
Subject: [PATCH 1/5] Initial plan


From f29a0cc4e3d6dc690c38d29021db040ed6bb41a7 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 22 Dec 2025 16:31:12 +0000
Subject: [PATCH 2/5] Add validation to reject plugin/theme slugs ending with
 slashes

Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
---
 features/scaffold-plugin-tests.feature | 14 ++++++++++++++
 features/scaffold-theme-tests.feature  | 14 ++++++++++++++
 src/Scaffold_Command.php               |  4 ++++
 3 files changed, 32 insertions(+)

diff --git a/features/scaffold-plugin-tests.feature b/features/scaffold-plugin-tests.feature
index 95fee4ca..620cb471 100644
--- a/features/scaffold-plugin-tests.feature
+++ b/features/scaffold-plugin-tests.feature
@@ -240,6 +240,20 @@ Feature: Scaffold plugin unit tests
       """
     And the return code should be 1
 
+    When I try `wp scaffold plugin-tests my-plugin/`
+    Then STDERR should be:
+      """
+      Error: Invalid plugin slug specified. The slug cannot end with a slash.
+      """
+    And the return code should be 1
+
+    When I try `wp scaffold plugin-tests my-plugin\\`
+    Then STDERR should be:
+      """
+      Error: Invalid plugin slug specified. The slug cannot end with a slash.
+      """
+    And the return code should be 1
+
   Scenario: Scaffold plugin tests with invalid directory
     Given a WP install
     And I run `wp scaffold plugin hello-world --skip-tests`
diff --git a/features/scaffold-theme-tests.feature b/features/scaffold-theme-tests.feature
index 7a4f2ac5..cdf50980 100644
--- a/features/scaffold-theme-tests.feature
+++ b/features/scaffold-theme-tests.feature
@@ -219,6 +219,20 @@ Feature: Scaffold theme unit tests
       """
     And the return code should be 1
 
+    When I try `wp scaffold theme-tests t12child/`
+    Then STDERR should be:
+      """
+      Error: Invalid theme slug specified. The slug cannot end with a slash.
+      """
+    And the return code should be 1
+
+    When I try `wp scaffold theme-tests t12child\\`
+    Then STDERR should be:
+      """
+      Error: Invalid theme slug specified. The slug cannot end with a slash.
+      """
+    And the return code should be 1
+
   Scenario: Scaffold theme tests with invalid directory
     When I try `wp scaffold theme-tests twentytwelve --dir=non-existent-dir`
     Then STDERR should be:
diff --git a/src/Scaffold_Command.php b/src/Scaffold_Command.php
index e92a032e..636d86b8 100644
--- a/src/Scaffold_Command.php
+++ b/src/Scaffold_Command.php
@@ -829,6 +829,10 @@ private function scaffold_plugin_theme_tests( $args, $assoc_args, $type ) {
 			if ( in_array( $slug, [ '.', '..' ], true ) ) {
 				WP_CLI::error( "Invalid {$type} slug specified. The slug cannot be '.' or '..'." );
 			}
+			// Reject slugs ending with slashes to prevent corrupted bootstrap.php files.
+			if ( '/' === substr( $slug, -1 ) || '\\' === substr( $slug, -1 ) ) {
+				WP_CLI::error( "Invalid {$type} slug specified. The slug cannot end with a slash." );
+			}
 			if ( 'theme' === $type ) {
 				$theme = wp_get_theme( $slug );
 				if ( $theme->exists() ) {

From 0f035f84aedb02211ca1d30193521a4fff4d68e8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 23 Dec 2025 08:36:48 +0000
Subject: [PATCH 3/5] Make slug validation stricter to only allow alphanumeric
 and dashes

Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
---
 features/scaffold-plugin-tests.feature | 13 ++++++++++---
 features/scaffold-theme-tests.feature  | 13 ++++++++++---
 src/Scaffold_Command.php               |  6 +++---
 3 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/features/scaffold-plugin-tests.feature b/features/scaffold-plugin-tests.feature
index 620cb471..2ab4738e 100644
--- a/features/scaffold-plugin-tests.feature
+++ b/features/scaffold-plugin-tests.feature
@@ -236,21 +236,28 @@ Feature: Scaffold plugin unit tests
     When I try `wp scaffold plugin-tests ../`
     Then STDERR should be:
       """
-      Error: Invalid plugin slug specified. The target directory '{RUN_DIR}/wp-content/plugins/../' is not in '{RUN_DIR}/wp-content/plugins'.
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 
     When I try `wp scaffold plugin-tests my-plugin/`
     Then STDERR should be:
       """
-      Error: Invalid plugin slug specified. The slug cannot end with a slash.
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 
     When I try `wp scaffold plugin-tests my-plugin\\`
     Then STDERR should be:
       """
-      Error: Invalid plugin slug specified. The slug cannot end with a slash.
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters and dashes.
+      """
+    And the return code should be 1
+
+    When I try `wp scaffold plugin-tests my_plugin`
+    Then STDERR should be:
+      """
+      Error: Invalid plugin slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 
diff --git a/features/scaffold-theme-tests.feature b/features/scaffold-theme-tests.feature
index cdf50980..a55b06a6 100644
--- a/features/scaffold-theme-tests.feature
+++ b/features/scaffold-theme-tests.feature
@@ -215,21 +215,28 @@ Feature: Scaffold theme unit tests
     When I try `wp scaffold theme-tests ../`
     Then STDERR should be:
       """
-      Error: Invalid theme slug specified. The target directory '{RUN_DIR}/wp-content/themes/../' is not in '{RUN_DIR}/wp-content/themes'.
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 
     When I try `wp scaffold theme-tests t12child/`
     Then STDERR should be:
       """
-      Error: Invalid theme slug specified. The slug cannot end with a slash.
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 
     When I try `wp scaffold theme-tests t12child\\`
     Then STDERR should be:
       """
-      Error: Invalid theme slug specified. The slug cannot end with a slash.
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters and dashes.
+      """
+    And the return code should be 1
+
+    When I try `wp scaffold theme-tests t12_child`
+    Then STDERR should be:
+      """
+      Error: Invalid theme slug specified. The slug can only contain alphanumeric characters and dashes.
       """
     And the return code should be 1
 
diff --git a/src/Scaffold_Command.php b/src/Scaffold_Command.php
index 636d86b8..f41e3c25 100644
--- a/src/Scaffold_Command.php
+++ b/src/Scaffold_Command.php
@@ -829,9 +829,9 @@ private function scaffold_plugin_theme_tests( $args, $assoc_args, $type ) {
 			if ( in_array( $slug, [ '.', '..' ], true ) ) {
 				WP_CLI::error( "Invalid {$type} slug specified. The slug cannot be '.' or '..'." );
 			}
-			// Reject slugs ending with slashes to prevent corrupted bootstrap.php files.
-			if ( '/' === substr( $slug, -1 ) || '\\' === substr( $slug, -1 ) ) {
-				WP_CLI::error( "Invalid {$type} slug specified. The slug cannot end with a slash." );
+			// Validate slug contains only alphanumeric characters and dashes.
+			if ( ! preg_match( '/^[a-zA-Z0-9\-]+$/', $slug ) ) {
+				WP_CLI::error( "Invalid {$type} slug specified. The slug can only contain alphanumeric characters and dashes." );
 			}
 			if ( 'theme' === $type ) {
 				$theme = wp_get_theme( $slug );

From 6ceee4f0a8efa31902490e2c68a74f0c42d2ecdd Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 23 Dec 2025 08:38:04 +0000
Subject: [PATCH 4/5] Remove unnecessary escape for dash in regex character
 class

Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
---
 src/Scaffold_Command.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Scaffold_Command.php b/src/Scaffold_Command.php
index f41e3c25..3234f70b 100644
--- a/src/Scaffold_Command.php
+++ b/src/Scaffold_Command.php
@@ -830,7 +830,7 @@ private function scaffold_plugin_theme_tests( $args, $assoc_args, $type ) {
 				WP_CLI::error( "Invalid {$type} slug specified. The slug cannot be '.' or '..'." );
 			}
 			// Validate slug contains only alphanumeric characters and dashes.
-			if ( ! preg_match( '/^[a-zA-Z0-9\-]+$/', $slug ) ) {
+			if ( ! preg_match( '/^[a-zA-Z0-9-]+$/', $slug ) ) {
 				WP_CLI::error( "Invalid {$type} slug specified. The slug can only contain alphanumeric characters and dashes." );
 			}
 			if ( 'theme' === $type ) {

From 65d0c45eca240fe3779dd91d6e01f20f5d852ed8 Mon Sep 17 00:00:00 2001
From: Pascal Birchler <pascalb@google.com>
Date: Tue, 23 Dec 2025 18:10:04 +0100
Subject: [PATCH 5/5] Fix scaffold block test

---
 features/scaffold-block.feature | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/features/scaffold-block.feature b/features/scaffold-block.feature
index 27874f47..868be36e 100644
--- a/features/scaffold-block.feature
+++ b/features/scaffold-block.feature
@@ -31,7 +31,7 @@ Feature: WordPress block code scaffolding
       """
 
   Scenario: Scaffold a block for an invalid plugin slug
-    When I run `wp scaffold plugin plugin.name.with.dots`
+    When I try `wp scaffold plugin plugin.name.with.dots`
     And I try `wp scaffold block some-block --plugin=plugin.name.with.dots`
     Then STDERR should contain:
       """