interconnectit · colinfoster · Feb 23, 2024 · Feb 23, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+# Version 4.1.4
+ * When using PHP 8.3+, SRDB no longer generates warnings for every string.
+ * Fixed Deprecation warning creating dynamic property: alter_collation.
+ * Fixed Deprecation warning when passing null to htmlentities().
+
 # Version 4.1.3
  * Fix regex search/replace using WebUI
 

diff --git a/index.php b/index.php
@@ -455,7 +455,7 @@ public function delete_script( $path ) {
      * @return string    Escaped string.
      */
     public function esc_html_attr( $string = '', $echo = false ) {
-        $output = htmlentities( $string, ENT_QUOTES, 'UTF-8' );
+        $output = $string ? htmlentities( $string, ENT_QUOTES, 'UTF-8' ) : '';
         if ( $echo ) {
             echo $output;
         } else {

diff --git a/srdb.class.php b/srdb.class.php
@@ -186,6 +186,12 @@ class icit_srdb {
      * @var int
      */
     public $page_size = 50000;
+
+
+    /**
+     * @var string Target collation change, if any.
+     */
+    public $alter_collation = '';
 
 
     /**
@@ -829,10 +835,15 @@ public function recursive_array_replace( $find, $replace, $data ) {
      */
     public function recursive_unserialize_replace( $from = '', $to = '', $data = '', $serialised = false ) {
 
+        if( $data === 'b:0;' )	// This string will unserialize to false. It also can't be the
+            return $data;		// target of a search & replace so can be returned as is.
+
         // some unserialised data cannot be re-serialised eg. SimpleXMLElements
         try {
-
-            if ( is_string( $data ) && ( $unserialized = @unserialize( $data ) ) !== false ) {
+            // If this looks like serialized data, try to unserialize it.
+            $unserialized = is_serialized( $data ) ? @unserialize( $data ) : false;
+
+            if ( $unserialized !== false ) {
                 $data = $this->recursive_unserialize_replace( $from, $to, $unserialized, true );
             } elseif ( is_array( $data ) ) {
                 $_tmp = array();
@@ -1354,3 +1365,80 @@ function object_serializer( $class_name ) {
 
     eval( $namespace . "class {$class_name} extends \ArrayObject {}" );
 }
+
+
+// is_serialized() is cloned from WordPress: wp-includes/functions.php
+
+if( !is_callable('is_serialized') ) {
+/**
+ * Checks value to find if it was serialized.
+ *
+ * If $data is not a string, then returned value will always be false.
+ * Serialized data is always a string.
+ *
+ * @since 2.0.5
+ * @since 6.1.0 Added Enum support.
+ *
+ * @param string $data   Value to check to see if was serialized.
+ * @param bool   $strict Optional. Whether to be strict about the end of the string. Default true.
+ * @return bool False if not serialized and true if it was.
+ */
+function is_serialized( $data, $strict = true ) {
+    // If it isn't a string, it isn't serialized.
+    if ( ! is_string( $data ) ) {
+        return false;
+    }
+    $data = trim( $data );
+    if ( 'N;' === $data ) {
+        return true;
+    }
+    if ( strlen( $data ) < 4 ) {
+        return false;
+    }
+    if ( ':' !== $data[1] ) {
+        return false;
+    }
+    if ( $strict ) {
+        $lastc = substr( $data, -1 );
+        if ( ';' !== $lastc && '}' !== $lastc ) {
+            return false;
+        }
+    } else {
+        $semicolon = strpos( $data, ';' );
+        $brace     = strpos( $data, '}' );
+        // Either ; or } must exist.
+        if ( false === $semicolon && false === $brace ) {
+            return false;
+        }
+        // But neither must be in the first X characters.
+        if ( false !== $semicolon && $semicolon < 3 ) {
+            return false;
+        }
+        if ( false !== $brace && $brace < 4 ) {
+            return false;
+        }
+    }
+    $token = $data[0];
+    switch ( $token ) {
+        case 's':
+            if ( $strict ) {
+                if ( '"' !== substr( $data, -2, 1 ) ) {
+                    return false;
+                }
+            } elseif ( ! str_contains( $data, '"' ) ) {
+                return false;
+            }
+            // Or else fall through.
+        case 'a':
+        case 'O':
+        case 'E':
+            return (bool) preg_match( "/^{$token}:[0-9]+:/s", $data );
+        case 'b':
+        case 'i':
+        case 'd':
+            $end = $strict ? '$' : '';
+            return (bool) preg_match( "/^{$token}:[0-9.E+-]+;$end/", $data );
+    }
+    return false;
+}
+}