What's Changed
Security & Validation
- Validate timezone strings against
DateTimeZone::listIdentifiers()before storing in session — invalid input from the client is now silently rejected - Validate
fallback_timezoneconfig value — falls back to UTC if an invalid timezone is configured
Improvements
- Implement debug logging when
debugconfig is enabled (was previously configured but unused) - Cache session key lookup in a static variable to avoid repeated
config()calls - Skip redundant session writes in the Livewire component when the timezone hasn't changed
- Add try-catch error handling to
filament:timezone:clearcommand with proper exit codes
Tests
- Added tests for invalid timezone rejection, malformed session data, debug logging, session key caching, skip-if-already-set behavior, and fallback validation.