From 0558dcc91606606cc2043fcaa29c0efc5127f92e Mon Sep 17 00:00:00 2001
From: miya0001 <miya@wpist.me>
Date: Thu, 15 Dec 2016 16:01:17 +0900
Subject: [PATCH] reject `.` and `..` from scaffold *

---
 php/commands/scaffold.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/php/commands/scaffold.php b/php/commands/scaffold.php
index 83c817a8..5c5347d9 100644
--- a/php/commands/scaffold.php
+++ b/php/commands/scaffold.php
@@ -239,6 +239,10 @@ class Scaffold_Command extends WP_CLI_Command {
 		$url        = "http://underscores.me";
 		$timeout    = 30;
 
+		if ( in_array( $theme_slug, array( '.', '..' ) ) ) {
+			WP_CLI::error( "Invalid theme slug specified." );
+		}
+
 		$data = wp_parse_args( $assoc_args, array(
 			'theme_name' => ucfirst( $theme_slug ),
 			'author'     => "Me",
@@ -354,6 +358,10 @@ class Scaffold_Command extends WP_CLI_Command {
 	function child_theme( $args, $assoc_args ) {
 		$theme_slug = $args[0];
 
+		if ( in_array( $theme_slug, array( '.', '..' ) ) ) {
+			WP_CLI::error( "Invalid theme slug specified." );
+		}
+
 		$data = wp_parse_args( $assoc_args, array(
 			'theme_name' => ucfirst( $theme_slug ),
 			'author'     => "Me",
@@ -495,6 +503,10 @@ class Scaffold_Command extends WP_CLI_Command {
 		$plugin_name    = ucwords( str_replace( '-', ' ', $plugin_slug ) );
 		$plugin_package = str_replace( ' ', '_', $plugin_name );
 
+		if ( in_array( $plugin_slug, array( '.', '..' ) ) ) {
+			WP_CLI::error( "Invalid plugin slug specified." );
+		}
+
 		$data = wp_parse_args( $assoc_args, array(
 			'plugin_slug'         => $plugin_slug,
 			'plugin_name'         => $plugin_name,
@@ -662,6 +674,9 @@ class Scaffold_Command extends WP_CLI_Command {
 
 		if ( ! empty( $args[0] ) ) {
 			$slug = $args[0];
+			if ( in_array( $slug, array( '.', '..' ) ) ) {
+				WP_CLI::error( "Invalid {$type} slug specified." );
+			}
 			if ( 'theme' === $type ) {
 				$theme = wp_get_theme( $slug );
 				if ( $theme->exists() ) {