Skip to content

Commit e8ca190

Browse files
committed
Security Fix of Flash SWF that had enabled cookie theft
1 parent 858966b commit e8ca190

4 files changed

Lines changed: 11 additions & 11 deletions

File tree

actionscript/Jplayer.as

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,8 @@
88
* - http://www.gnu.org/copyleft/gpl.html
99
*
1010
* Author: Mark J Panaghiston
11-
* Version: 2.2.19
12-
* Date: 29th January 2013
11+
* Version: 2.2.20
12+
* Date: 21st March 2013
1313
*
1414
* FlashVars expected: (AS3 property of: loaderInfo.parameters)
1515
* id: (URL Encoded: String) Id of jPlayer instance
@@ -70,7 +70,7 @@ package {
7070
private var isVideo:Boolean = false;
7171

7272
private var securityIssue:Boolean = false; // When SWF parameters contain illegal characters
73-
private var directAccess:Boolean = false; // When SWF visited directly with no parameters
73+
private var directAccess:Boolean = false; // When SWF visited directly with no parameters (or when security issue detected)
7474

7575
private var txLog:TextField;
7676
private var debug:Boolean = false; // Set debug to false for release compile!
@@ -233,12 +233,12 @@ package {
233233
}
234234
i++;
235235
}
236-
if(i === 0) {
236+
if(i === 0 || securityIssue) {
237237
directAccess = true;
238238
}
239239
}
240240
private function illegalChar(s:String):Boolean {
241-
var illegals:String = "' \" ( ) { } * + /";
241+
var illegals:String = "' \" ( ) { } * + / \\ < > = document";
242242
if(Boolean(s)) { // Otherwise exception if parameter null.
243243
for each (var illegal:String in illegals.split(' ')) {
244244
if(s.indexOf(illegal) >= 0) {

actionscript/happyworm/jPlayer/JplayerStatus.as

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@
88
* - http://www.gnu.org/copyleft/gpl.html
99
*
1010
* Author: Mark J Panaghiston
11-
* Date: 29th January 2013
11+
* Date: 21st March 2013
1212
*/
1313

1414
package happyworm.jPlayer {
1515
public class JplayerStatus {
1616

17-
public static const VERSION:String = "2.2.19"; // The version of the Flash jPlayer entity.
17+
public static const VERSION:String = "2.2.20"; // The version of the Flash jPlayer entity.
1818

1919
public var volume:Number = 0.5; // Not affected by reset()
2020
public var muted:Boolean = false; // Not affected by reset()

jquery.jplayer/Jplayer.swf

18 Bytes
Binary file not shown.

jquery.jplayer/jquery.jplayer.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,8 @@
88
* - http://www.gnu.org/copyleft/gpl.html
99
*
1010
* Author: Mark J Panaghiston
11-
* Version: 2.2.19
12-
* Date: 29th January 2013
11+
* Version: 2.2.20
12+
* Date: 21st March 2013
1313
*/
1414

1515
/* Code verified using http://www.jshint.com/ */
@@ -454,8 +454,8 @@
454454
$.jPlayer.prototype = {
455455
count: 0, // Static Variable: Change it via prototype.
456456
version: { // Static Object
457-
script: "2.2.19",
458-
needFlash: "2.2.19",
457+
script: "2.2.20",
458+
needFlash: "2.2.20",
459459
flash: "unknown"
460460
},
461461
options: { // Instanced in $.jPlayer() constructor

0 commit comments

Comments
 (0)