Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Strip off the fragment as well as any query parameters. Fixes #2073.

  • Loading branch information...
commit c5318bb1a2dd266b50317a2adb74d74338593733 1 parent c3ea3c8
@bharat bharat authored
Showing with 19 additions and 3 deletions.
  1. +19 −3 lib/flowplayer.swf.php
View
22 lib/flowplayer.swf.php
@@ -18,9 +18,25 @@
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
-// Redirect to strip off any query parameters
-if (!empty($_GET)) {
- header("Location: flowplayer.swf.php");
+// Redirect the initial request to strip off any query parameters or URL fragments
+// We know it's an initial request if the token is missing
+if (empty($_GET["token"])) {
+ // We have not yet redirected
+ $rand = rand();
+ setcookie("flowplayer_3_token", $rand);
+ header("Location: flowplayer.swf.php?token=$rand#.");
+ exit;
+}
+
+// If the token exists but there's no cookie, then this is a bogus token
+// or the user does not support cookies. Ignore this request.
+if (empty($_COOKIE["flowplayer_3_token"])) {
+ exit;
+}
+
+// If the token exists but it doesn't match our cookie, then this is a bogus
+// request. Ignore this request.
+if ($_GET["token"] != $_COOKIE["flowplayer_3_token"]) {
exit;
}

0 comments on commit c5318bb

Please sign in to comment.
Something went wrong with that request. Please try again.