Skip to content

Commit 34834ee

Browse files
committed
Simplify allowed Flash querystring parameters
1 parent 9971d0b commit 34834ee

File tree

2 files changed

+18
-74
lines changed

2 files changed

+18
-74
lines changed

Diff for: src/flash/FlashMediaElement.as

+17-73
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,6 @@ package {
2525
import htmlelements.HLSMediaElement;
2626

2727
[SWF(backgroundColor="0x000000")] // Set SWF background color
28-
29-
3028
public class FlashMediaElement extends MovieClip {
3129

3230
private var _mediaUrl:String;
@@ -99,34 +97,18 @@ package {
9997

10098

10199
public function FlashMediaElement() {
102-
// check for security issues (borrowed from jPLayer)
103-
checkFlashVars(loaderInfo.parameters);
100+
101+
if (isIllegalQuerystring()) {
102+
return;
103+
}
104104

105105
// allows this player to be called from a different domain than the HTML page hosting the player
106106
CONFIG::cdnBuild {
107107
Security.allowDomain("*");
108108
Security.allowInsecureDomain('*');
109109
}
110110

111-
if (securityIssue) {
112-
return;
113-
}
114-
115-
// get parameters
116-
// Use only FlashVars, ignore QueryString
117-
var params:Object, pos:int, query:Object;
118-
119-
params = LoaderInfo(this.root.loaderInfo).parameters;
120-
pos = root.loaderInfo.url.indexOf('?');
121-
if (pos !== -1) {
122-
query = parseStr(root.loaderInfo.url.substr(pos + 1));
123-
124-
for (var key:String in params) {
125-
if (query.hasOwnProperty(trim(key))) {
126-
delete params[key];
127-
}
128-
}
129-
}
111+
var params:Object = LoaderInfo(this.root.loaderInfo).parameters;
130112

131113
CONFIG::debugBuild {
132114
_debug = (params['debug'] != undefined) ? (String(params['debug']) == "true") : false;
@@ -456,43 +438,20 @@ package {
456438
}
457439
}
458440

459-
// borrowed from jPLayer
460-
// https://github.com/happyworm/jPlayer/blob/e8ca190f7f972a6a421cb95f09e138720e40ed6d/actionscript/Jplayer.as#L228
461-
private function checkFlashVars(p:Object):void {
462-
var i:Number = 0;
463-
for (var s:String in p) {
464-
if (isIllegalChar(p[s], s === 'file')) {
465-
securityIssue = true; // Illegal char found
466-
}
467-
i++;
468-
}
469-
if (i === 0 || securityIssue) {
470-
directAccess = true;
471-
}
472-
}
473-
474-
private static function parseStr (str:String) : Object {
475-
var hash:Object = {},
476-
arr1:Array, arr2:Array;
477-
478-
str = unescape(str).replace(/\+/g, " ");
479-
480-
arr1 = str.split('&');
481-
if (!arr1.length) {
482-
return {};
483-
}
484-
485-
for (var i:uint = 0, length:uint = arr1.length; i < length; i++) {
486-
arr2 = arr1[i].split('=');
487-
if (!arr2.length) {
488-
continue;
489-
}
490-
hash[trim(arr2[0])] = trim(arr2[1]);
491-
}
492-
return hash;
441+
private function isIllegalQuerystring():Boolean {
442+
var query:String = '';
443+
var pos:Number = root.loaderInfo.url.indexOf('?') ;
444+
445+
if ( pos > -1 ) {
446+
query = root.loaderInfo.url.substring( pos );
447+
if ( ! /^\?\d+$/.test( query ) ) {
448+
return true;
449+
}
450+
}
451+
452+
return false;
493453
}
494454

495-
496455
private static function trim(str:String) : String {
497456
if (!str) {
498457
return str;
@@ -501,21 +460,6 @@ package {
501460
return str.toString().replace(/^\s*/, '').replace(/\s*$/, '');
502461
}
503462

504-
private function isIllegalChar(s:String, isUrl:Boolean):Boolean {
505-
var illegals:String = "' \" ( ) { } * + \\ < >";
506-
if (isUrl) {
507-
illegals = "\" { } \\ < >";
508-
}
509-
if (Boolean(s)) { // Otherwise exception if parameter null.
510-
for each (var illegal:String in illegals.split(' ')) {
511-
if (s.indexOf(illegal) >= 0) {
512-
return true; // Illegal char found
513-
}
514-
}
515-
}
516-
return false;
517-
}
518-
519463
// START: Controls and events
520464
private function mouseActivityMove(event:MouseEvent):void {
521465

Diff for: src/js/me-shim.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -579,7 +579,7 @@ mejs.HtmlMediaElementShim = {
579579
specialIEContainer.outerHTML =
580580
'<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="//download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" ' +
581581
'id="' + pluginid + '" width="' + width + '" height="' + height + '" class="mejs-shim">' +
582-
'<param name="movie" value="' + options.pluginPath + options.flashName + '?x=' + (new Date()) + '" />' +
582+
'<param name="movie" value="' + options.pluginPath + options.flashName + '?x=' + (new Date().getTime()) + '" />' +
583583
'<param name="flashvars" value="' + initVars.join('&amp;') + '" />' +
584584
'<param name="quality" value="high" />' +
585585
'<param name="bgcolor" value="#000000" />' +

0 commit comments

Comments
 (0)