Sanitize username input by replacing invalid characters with underscores

Irvan789 · Irvan789 · commit b77d01cb1cb2 · 2026-05-10T15:05:29.000+07:00
diff --git a/app/Livewire/Profile.php b/app/Livewire/Profile.php
@@ -102,6 +102,8 @@ public function updateProfileInformation(): void
     {
         $validated = $this->validate($this->profileRules($this->user->id));
 
+        $validated['username'] = preg_replace('/[^a-zA-Z0-9]/', '_', $validated['username']);
+
         $this->user->fill($validated);
 
         if ($this->user->isDirty('email')) {
diff --git a/app/Livewire/Users/Profile.php b/app/Livewire/Users/Profile.php
@@ -100,6 +100,8 @@ public function updateProfileInformation(): void
     {
         $validated = $this->validate($this->profileRules($this->user->id));
 
+        $validated['username'] = preg_replace('/[^a-zA-Z0-9]/', '_', $validated['username']);
+
         $this->user->fill($validated);
 
         if ($this->user->isDirty('email')) {
diff --git a/resources/views/livewire/profile.blade.php b/resources/views/livewire/profile.blade.php
@@ -57,6 +57,7 @@ class="cursor-pointer hover:underline"
         label="Username"
         type="text"
         wire:model="username"
+        x-on:input="username"
       />
 
       <x-input-text
@@ -163,3 +164,9 @@ class="xs:max-w-30 ml-auto w-full text-xs/3"
     </x-form>
   </div>
 </x-contents>
+
+<script lang="js">
+  const username = (event) => {
+    event.target.value = event.target.value.replaceAll(/[^a-zA-Z0-9_]/g, "_").toLowerCase()
+  }
+</script>
diff --git a/resources/views/livewire/users/profile.blade.php b/resources/views/livewire/users/profile.blade.php
@@ -29,6 +29,7 @@ class="size-24 rounded-full"
         label="Username"
         type="text"
         wire:model="username"
+        x-on:input="username"
       />
 
       <x-input-text
@@ -140,3 +141,9 @@ class="xs:max-w-30 ml-auto w-full text-xs/3"
     </x-button>
   </div>
 </x-contents>
+
+<script lang="js">
+  const username = (event) => {
+    event.target.value = event.target.value.replaceAll(/[^a-zA-Z0-9_]/g, "_").toLowerCase()
+  }
+</script>

Original file line number	Diff line number	Diff line change
`@@ -102,6 +102,8 @@ public function updateProfileInformation(): void`
`102`	`102`	`{`
`103`	`103`	`$validated = $this->validate($this->profileRules($this->user->id));`
`104`	`104`
	`105`	`+ $validated['username'] = preg_replace('/[^a-zA-Z0-9]/', '_', $validated['username']);`
	`106`	`+`
`105`	`107`	`$this->user->fill($validated);`
`106`	`108`
`107`	`109`	`if ($this->user->isDirty('email')) {`
Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,8 @@ public function updateProfileInformation(): void`
`100`	`100`	`{`
`101`	`101`	`$validated = $this->validate($this->profileRules($this->user->id));`
`102`	`102`
	`103`	`+ $validated['username'] = preg_replace('/[^a-zA-Z0-9]/', '_', $validated['username']);`
	`104`	`+`
`103`	`105`	`$this->user->fill($validated);`
`104`	`106`
`105`	`107`	`if ($this->user->isDirty('email')) {`