From ee92df03f27c86777caa4141807fd6f4944f07ca Mon Sep 17 00:00:00 2001
From: Jon Stovell <jonstovell@gmail.com>
Date: Mon, 30 Dec 2024 13:26:32 -0700
Subject: [PATCH] Clamps timestamps to accepted range in timeformat() and
 smf_strftime()

Signed-off-by: Jon Stovell <jonstovell@gmail.com>
---
 Sources/Subs.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Sources/Subs.php b/Sources/Subs.php
index bd8ffaa6d6..a8b096bf5d 100644
--- a/Sources/Subs.php
+++ b/Sources/Subs.php
@@ -716,6 +716,8 @@ function timeformat($log_time, $show_today = true, $tzid = null)
 	global $context, $user_info, $txt, $modSettings;
 	static $today;
 
+	$log_time = min(max($log_time, PHP_INT_MIN), PHP_INT_MAX);
+
 	// Ensure required values are set
 	$user_info['time_format'] = !empty($user_info['time_format']) ? $user_info['time_format'] : (!empty($modSettings['time_format']) ? $modSettings['time_format'] : '%F %H:%M');
 
@@ -913,6 +915,8 @@ function smf_strftime(string $format, int $timestamp = null, string $tzid = null
 	if (!isset($tzid))
 		$tzid = date_default_timezone_get();
 
+	$timestamp = min(max($timestamp, PHP_INT_MIN), PHP_INT_MAX);
+
 	// A few substitutions to make life easier.
 	$format = strtr($format, array(
 		'%h' => '%b',