Permalink
Browse files

Security Fix of Flash SWF that had enabled cookie theft

1 parent 858966b commit e8ca190f7f972a6a421cb95f09e138720e40ed6d @thepag thepag committed Mar 21, 2013
View
@@ -8,8 +8,8 @@
* - http://www.gnu.org/copyleft/gpl.html
*
* Author: Mark J Panaghiston
- * Version: 2.2.19
- * Date: 29th January 2013
+ * Version: 2.2.20
+ * Date: 21st March 2013
*
* FlashVars expected: (AS3 property of: loaderInfo.parameters)
* id: (URL Encoded: String) Id of jPlayer instance
@@ -70,7 +70,7 @@ package {
private var isVideo:Boolean = false;
private var securityIssue:Boolean = false; // When SWF parameters contain illegal characters
- private var directAccess:Boolean = false; // When SWF visited directly with no parameters
+ private var directAccess:Boolean = false; // When SWF visited directly with no parameters (or when security issue detected)
private var txLog:TextField;
private var debug:Boolean = false; // Set debug to false for release compile!
@@ -233,12 +233,12 @@ package {
}
i++;
}
- if(i === 0) {
+ if(i === 0 || securityIssue) {
directAccess = true;
}
}
private function illegalChar(s:String):Boolean {
- var illegals:String = "' \" ( ) { } * + /";
+ var illegals:String = "' \" ( ) { } * + / \\ < > = document";
if(Boolean(s)) { // Otherwise exception if parameter null.
for each (var illegal:String in illegals.split(' ')) {
if(s.indexOf(illegal) >= 0) {
@@ -8,13 +8,13 @@
* - http://www.gnu.org/copyleft/gpl.html
*
* Author: Mark J Panaghiston
- * Date: 29th January 2013
+ * Date: 21st March 2013
*/
package happyworm.jPlayer {
public class JplayerStatus {
- public static const VERSION:String = "2.2.19"; // The version of the Flash jPlayer entity.
+ public static const VERSION:String = "2.2.20"; // The version of the Flash jPlayer entity.
public var volume:Number = 0.5; // Not affected by reset()
public var muted:Boolean = false; // Not affected by reset()
View
Binary file not shown.
@@ -8,8 +8,8 @@
* - http://www.gnu.org/copyleft/gpl.html
*
* Author: Mark J Panaghiston
- * Version: 2.2.19
- * Date: 29th January 2013
+ * Version: 2.2.20
+ * Date: 21st March 2013
*/
/* Code verified using http://www.jshint.com/ */
@@ -454,8 +454,8 @@
$.jPlayer.prototype = {
count: 0, // Static Variable: Change it via prototype.
version: { // Static Object
- script: "2.2.19",
- needFlash: "2.2.19",
+ script: "2.2.20",
+ needFlash: "2.2.20",
flash: "unknown"
},
options: { // Instanced in $.jPlayer() constructor

0 comments on commit e8ca190

Please sign in to comment.