Stop using `trim` when validating.

[Zegnat]

Currently PHP’s trim is the only thing applied to submitted data such as user names. But this will not catch everything. Instead a replace like this might be used:

$string = preg_replace('/^[\pZ\pC]+|[\pZ\pC]+$/u', '', $string);

H/t Markus Hedlund.

[Kroc]

Don't want to remove the Apple logo if people care to use it, but OK, this looks a straightforward enough bug, thanks for filing as always.

[Zegnat]

Don't want to remove the Apple logo if people care to use it […]

True. Instead of \pC you could use \pCc which includes things like tab, linefeed and carriage return. This way you will not strip \pCo, which is private use (including the Apple logo).