@@ -25,8 +25,6 @@ package {
2525 import htmlelements.HLSMediaElement ;
2626
2727 [SWF (backgroundColor="0x000000" )] // Set SWF background color
28-
29-
3028 public class FlashMediaElement extends MovieClip {
3129
3230 private var _mediaUrl : String ;
@@ -99,34 +97,18 @@ package {
9997
10098
10199 public function FlashMediaElement () {
102- // check for security issues (borrowed from jPLayer)
103- checkFlashVars(loaderInfo . parameters );
100+
101+ if (isIllegalQuerystring()) {
102+ return ;
103+ }
104104
105105 // allows this player to be called from a different domain than the HTML page hosting the player
106106 CONFIG :: cdnBuild {
107107 Security . allowDomain ("*" );
108108 Security . allowInsecureDomain ('*' );
109109 }
110110
111- if (securityIssue) {
112- return ;
113- }
114-
115- // get parameters
116- // Use only FlashVars, ignore QueryString
117- var params: Object , pos: int , query : Object ;
118-
119- params = LoaderInfo (this . root . loaderInfo ). parameters ;
120- pos = root . loaderInfo . url . indexOf ('?' );
121- if (pos !== - 1 ) {
122- query = parseStr(root . loaderInfo . url . substr (pos + 1 ));
123-
124- for (var key: String in params) {
125- if (query . hasOwnProperty (trim (key))) {
126- delete params[ key];
127- }
128- }
129- }
111+ var params: Object = LoaderInfo (this . root . loaderInfo ). parameters ;
130112
131113 CONFIG :: debugBuild {
132114 _debug = (params[ 'debug' ] != undefined ) ? (String (params[ 'debug' ] ) == "true" ) : false ;
@@ -456,43 +438,20 @@ package {
456438 }
457439 }
458440
459- // borrowed from jPLayer
460- // https://github.com/happyworm/jPlayer/blob/e8ca190f7f972a6a421cb95f09e138720e40ed6d/actionscript/Jplayer.as#L228
461- private function checkFlashVars (p :Object ):void {
462- var i: Number = 0 ;
463- for (var s: String in p) {
464- if (isIllegalChar(p[ s] , s === 'file' )) {
465- securityIssue = true ; // Illegal char found
466- }
467- i++;
468- }
469- if (i === 0 || securityIssue) {
470- directAccess = true ;
471- }
472- }
473-
474- private static function parseStr (str :String ) : Object {
475- var hash: Object = {},
476- arr1: Array , arr2: Array ;
477-
478- str = unescape (str). replace (/ \+ / g , " " );
479-
480- arr1 = str. split ('&' );
481- if (! arr1. length ) {
482- return {};
483- }
484-
485- for (var i: uint = 0 , length : uint = arr1. length ; i < length ; i++ ) {
486- arr2 = arr1[ i] . split ('=' );
487- if (! arr2. length ) {
488- continue ;
489- }
490- hash[ trim (arr2[ 0 ] )] = trim (arr2[ 1 ] );
491- }
492- return hash;
441+ private function isIllegalQuerystring ():Boolean {
442+ var query : String = '' ;
443+ var pos: Number = root . loaderInfo . url . indexOf ('?' ) ;
444+
445+ if ( pos > - 1 ) {
446+ query = root . loaderInfo . url . substring ( pos );
447+ if ( ! / ^\? \d + $/ . test ( query ) ) {
448+ return true ;
449+ }
450+ }
451+
452+ return false ;
493453 }
494454
495-
496455 private static function trim (str :String ) : String {
497456 if (! str) {
498457 return str;
@@ -501,21 +460,6 @@ package {
501460 return str. toString (). replace (/ ^\s */ , '' ). replace (/ \s *$/ , '' );
502461 }
503462
504- private function isIllegalChar (s :String , isUrl :Boolean ):Boolean {
505- var illegals: String = "' \" ( ) { } * + \\ < >" ;
506- if (isUrl) {
507- illegals = "\" { } \\ < >" ;
508- }
509- if (Boolean (s)) { // Otherwise exception if parameter null.
510- for each (var illegal: String in illegals. split (' ' )) {
511- if (s. indexOf (illegal) >= 0 ) {
512- return true ; // Illegal char found
513- }
514- }
515- }
516- return false ;
517- }
518-
519463 // START: Controls and events
520464 private function mouseActivityMove (event :MouseEvent ):void {
521465
0 commit comments