From f724a0045372f1eb2813827f51e615056beca4a8 Mon Sep 17 00:00:00 2001
From: sazzadulalambd <sazzad.sua@gmail.com>
Date: Sun, 26 Apr 2026 14:59:27 +0600
Subject: [PATCH] fix: prevent negative numeric inputs in rental forms by
 enforcing positive constraints and sanitizing user entries

---
 src/app/admin/rentals/[id]/page.tsx |  3 ++-
 src/app/admin/rentals/page.tsx      | 20 ++++++++++++++------
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/app/admin/rentals/[id]/page.tsx b/src/app/admin/rentals/[id]/page.tsx
index db7db39..2f22576 100644
--- a/src/app/admin/rentals/[id]/page.tsx
+++ b/src/app/admin/rentals/[id]/page.tsx
@@ -609,8 +609,9 @@ export default function RentalDetailPage() {
               <label className="text-sm text-slate-600">Due Amount (৳)</label>
               <input
                 type="number"
+                min={0}
                 value={dueAmount}
-                onChange={(e) => setDueAmount(Number(e.target.value))}
+                onChange={(e) => setDueAmount(Math.max(0, Number(e.target.value)))}
                 className="w-full px-3 py-2 border border-slate-200 rounded-lg text-sm mt-1"
                 placeholder="Enter amount..."
               />
diff --git a/src/app/admin/rentals/page.tsx b/src/app/admin/rentals/page.tsx
index 075f959..708ae37 100644
--- a/src/app/admin/rentals/page.tsx
+++ b/src/app/admin/rentals/page.tsx
@@ -492,19 +492,27 @@ const generateInvoice = () => {
               <div>
                 <label className="text-sm text-slate-600">Daily Rate (৳)</label>
                 <input
-                  type="number"
-                  value={newRental.dailyRate}
-                  onChange={(e) => setNewRental({ ...newRental, dailyRate: Number(e.target.value) })}
+                  type="text"
+                  value={newRental.dailyRate || ''}
+                  onChange={(e) => {
+                    const val = e.target.value.replace(/[^0-9]/g, '');
+                    setNewRental({ ...newRental, dailyRate: val ? Number(val) : 0 });
+                  }}
                   className="w-full px-3 py-2 border border-slate-200 rounded-lg text-sm mt-1"
+                  placeholder="150"
                 />
               </div>
               <div>
                 <label className="text-sm text-slate-600">Deposit (৳)</label>
                 <input
-                  type="number"
-                  value={newRental.deposit}
-                  onChange={(e) => setNewRental({ ...newRental, deposit: Number(e.target.value) })}
+                  type="text"
+                  value={newRental.deposit || ''}
+                  onChange={(e) => {
+                    const val = e.target.value.replace(/[^0-9]/g, '');
+                    setNewRental({ ...newRental, deposit: val ? Number(val) : 0 });
+                  }}
                   className="w-full px-3 py-2 border border-slate-200 rounded-lg text-sm mt-1"
+                  placeholder="0"
                 />
               </div>
               <div>