From 5909401cdd33404c4a27cf528b46ba5d0a6a7006 Mon Sep 17 00:00:00 2001
From: Wiebe Cazemier <wiebe@halfgaar.net>
Date: Sat, 23 Mar 2024 15:14:11 +0100
Subject: [PATCH] Fix "expires" option cannot have a year greater than 9999
 (#1246)

This fixes the exception: '"expires" option cannot have a year greater
than 9999', which happens on upgrade from Debian 11 to 12. The session
timeout in the DB is 9999999999999, so we constrain the value.
---
 actions/admin/settings/110.accounts.php | 1 +
 lib/init.php                            | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/actions/admin/settings/110.accounts.php b/actions/admin/settings/110.accounts.php
index cff32356..07e4099a 100644
--- a/actions/admin/settings/110.accounts.php
+++ b/actions/admin/settings/110.accounts.php
@@ -35,6 +35,7 @@ return [
 					'varname' => 'sessiontimeout',
 					'type' => 'number',
 					'min' => 60,
+					'max' => 31536000,
 					'default' => 600,
 					'save_method' => 'storeSettingField'
 				],
diff --git a/lib/init.php b/lib/init.php
index 9b1a67b8..4583f681 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -369,7 +369,7 @@ if (CurrentUser::hasSession()) {
 	}
 	// update cookie lifetime
 	$cookie_params = [
-		'expires' => time() + Settings::Get('session.sessiontimeout'),
+		'expires' => time() + min(Settings::Get('session.sessiontimeout'), 31536000),
 		'path' => '/',
 		'domain' => UI::getCookieHost(),
 		'secure' => UI::requestIsHttps(),