Sanitize pattern titles and categories (#817)

MaggieCabrera · web-flow · commit e04c89cb5196 · 2026-03-16T13:07:15.000+01:00
* sanitized pattern and template variables

* use sanitized string for pattern slug

* escape the comment instead
diff --git a/includes/create-theme/theme-patterns.php b/includes/create-theme/theme-patterns.php
@@ -3,11 +3,12 @@
 class CBT_Theme_Patterns {
 	public static function pattern_from_template( $template, $new_slug = null ) {
 		$theme_slug      = $new_slug ? $new_slug : wp_get_theme()->get( 'TextDomain' );
-		$pattern_slug    = $theme_slug . '/' . $template->slug;
+		$template_slug   = str_replace( '*/', '*&#47;', $template->slug );
+		$pattern_slug    = $theme_slug . '/' . $template_slug;
 		$pattern_content = <<<PHP
 		<?php
 		/**
-		 * Title: {$template->slug}
+		 * Title: {$template_slug}
 		 * Slug: {$pattern_slug}
 		 * Inserter: no
 		 */
@@ -29,12 +30,14 @@ public static function pattern_from_wp_block( $pattern_post ) {
 		$pattern->slug         = wp_get_theme()->get( 'TextDomain' ) . '/' . $pattern->name;
 		$pattern_category_list = get_the_terms( $pattern->id, 'wp_pattern_category' );
 		$pattern->categories   = ! empty( $pattern_category_list ) ? join( ', ', wp_list_pluck( $pattern_category_list, 'name' ) ) : '';
+		$pattern_title         = str_replace( '*/', '*&#47;', $pattern->title );
+		$pattern_categories    = str_replace( '*/', '*&#47;', $pattern->categories );
 		$pattern->content      = <<<PHP
 		<?php
 		/**
-		 * Title: {$pattern->title}
+		 * Title: {$pattern_title}
 		 * Slug: {$pattern->slug}
-		 * Categories: {$pattern->categories}
+		 * Categories: {$pattern_categories}
 		 */
 		?>
 		{$pattern_post->post_content}
