New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add validation for slug of the plugin/theme #3666
add validation for slug of the plugin/theme #3666
Conversation
@@ -648,6 +648,9 @@ private function scaffold_plugin_theme_tests( $args, $assoc_args, $type ) { | |||
|
|||
if ( ! empty( $args[0] ) ) { | |||
$slug = $args[0]; | |||
if ( ! preg_match( "/^[a-zA-Z0-9\-_]+$/", $slug ) ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where did you get this regex from?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is from my six sense ...
I'll investigate it! 😄
I'm not sure validating the directory name with regex is the correct direction to take, because it could have unintended consequences. Could we instead solely ensure the target directory isn't |
Did it! |
The second commit allows us to run |
@@ -648,6 +648,9 @@ private function scaffold_plugin_theme_tests( $args, $assoc_args, $type ) { | |||
|
|||
if ( ! empty( $args[0] ) ) { | |||
$slug = $args[0]; | |||
if ( preg_match( "#\.|\/#", $slug ) ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For precision, could we make this an explicit string check?
if ( in_array( $slug, array( '.' ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh! Yes!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, It allows like ../../../../..
.
"Avoid using numbers for the theme name, as this prevents it from being displayed in the available themes list." I think the slug should be *Some brave guys Do Upper-Case theme slugs. We should not. |
I don't want to break anyone's existing usage though. We should only fix the immediate problem we're solving: |
|
Finally, I found same problems on |
Additional note:
|
Test files will be generated under the
wp-content/themes
when I made a mistake and ran a command like following.Then:
Slug of the plugin/theme should be validated.