Php :: File Upload Workaround For Recent Flash Vulnerability
Nov 14, 2009
There was a recent Flash vulnerability found that allows for the potential of malicious attacks when someone uploads a flash file or a file embedded with flash (for example, a gif overloaded)According to the article, even a simple image can be hijacked.In php, the typical ways of checking a file type are by extension, and by mime-type.Using the simple example of an image, how would php properly vet a file (as is recommended in the article). Mime types can be spoofed, as can extension, and if the file is piggy-backed, what is the workaround?
I've implemented a PDF generation function in my flex app using alivePDF, and I'm wondering if the process I've used to get the file to the user creates an XSS vulnerability.This is the process I'm currently using:Create the PDF in the flex application.Send the binary PDF file to the server using a POST, along with the filename to deliver it as.An ASP.NET script on the server checks the filename to make sure it's valid, and then sends it back to the user as an HTTP attachment.
Having got into flash about a year ago, I have a fairly good understanding of as3, but I have never had any reason to learn as2. For an upcoming project, we were looking to use Scaleform GFx, with the UDK. (Unreal Development Kit) Trouble is, Scaleform only supports as2. From what I've been told, as3 is supposed to be better in just about every way, so I really don't want to learn a language that?s most likely on the way out, if I have any other options.
Is there any converters out there, that can convert script from as3 to as2? Or another workaround possibility, since flash communicates with the UDK by means of just calling a function, could I create an as2 file that could dynamically load an as3 file?
my listener.onComplete = function(selectedFile:FileReference) is fired without any file in the upload dir. if the file is small and I wait a bit I can see the file (through FTP) coming up on the server, but most of the times the "onComplete" if fired without any file being saved.
can I add something to this php code to make sure the file is uploaded?
If you have an .as file in the global include directory do you have to upload it to your server with the flash file or does it compile the flash file with the included info?
Is there any "mainstream" library used for this purpose? Commonly spread, well maintained, documented etc.I found these (using flash):
Uploadify - not many releases, latest 12/2010, no documentation (!) SWFUpload - latest release 03/2010, documentation fancyupload - looks buggy.
phpfileuploader - looks heavyweight, and looks commercial (?) I cannot read the licence (you can download it but are you allowed to use it forever without paying?) plupload New version of pure javascript (no flash) Valums' ajax upload claims to handle file size limit and progress bar, which is quite suspicious to me: these features require to guess the file size before the upload, which seems impossible in javascript (look also here). Or can it work?
I am trying to write a Flash program that uses a capability introduced in verson 10 of Flash player, but my Flash Pro only has up to version 9 listed on the publish settings. Is there a way to make Flash Pro recognize version 10? Do I need to update Flash Pro?
I have video player chrome buttons designed with HTML/CSS. The full screen button needs to tell Flash to go full screen, but Adobe forbids this Javascript-to-Actionscript interaction.I'm making a web based video player that supports many plugins - Flash, VLC, HTML5, iPhone's Quicktime etc... I would like all these players to share the same chrome buttons - play, pause, mute, volume slider, resolution picker, and full screen. These buttons are layed out with HTML/CSS.[code]This has caused me a lot of pain and agony. Whenever I need to make a change, I update the HTML and JS. This change is reflected across the VLC, HTML5, and whatnot players. But since Flash does not share the same HTML chrome buttons, I have to duplicate the changes in Flash/AS. So I'm looking for a better solution that reduces the amount of duplicate code. It doesn't have to be stylistically clean. I just want easy maintainability.
I have a website with a simple Flash animation behind some text and semi-transparent images as a background. I have used swfobject to embed it and set wmode opaque to make it display correctly in most browsers.For browsers without Flash, the user gets a static background image instead and would not know they were missing anything. However, Android users get the flash background on top of everything as per the known issue with how Flash content is rendered in the Android browser making the site unusable.
I have added a crude browser sniff javascript function to the swfobject code to prevent it from loading for any user agent whith 'Mobile' in it:
<script type="text/javascript"> if (navigator.userAgent.indexOf('Mobile') == -1) {[code].....
The only problem I have left is for Android users browsing with 'Mobile View' turned off as the user agent pretends to be a desktop version of Safari (I think). I do not wish to disable the Flash animation for all Safari users. Is there a way of blocking it for just Andriod users - even if they have 'Mobile View' disabled?
Possible ideas include:detecting the Flash version with JavaScript or Flash. Does Android use specific versions (version numbers) of Flash which are different from the desktop equivalent? blocking the specific user agents used by Android devices with 'Mobile View' disabled.
Situation: Work on a file, save it, and close it (example file is stored on local drive). Attempt to reload the file using the recent items list from the splash screen: File does not load, and output screen message appears: The following JavaScript error(s) occurred: Cannot find file /Volumes/users/mt/Desktop/Working Files/TMK2079_HI/Flash/TMK2079_HI-SQ.fla. This is the file just saved by Flash... and it cannot locate it. I can browse with File > Open, so it is not a critical work loss or stoppage issue, but it is annoying that it happens. It only seems to affect Flash as InDesign, Illustrator, and Photoshop behave as expected with the recent files. It seems to be able to find files saved to a network location, but not to the local machine (in this case a folder on the desktop). I tried renaming the "Working Files" folder to remove the space, but the issue persists. I tried a search but didn't get any hits that seemed relevant.
I googled it and found some old results like bubblemark.com, link text and link text. But is there any recent benchmarks as all the platforms have been updated. I like to measure the speed of silverlight 4 against the modern and faster javascript engines.
there is a flash bug on osx 10.6 (snow leopard) after uploading a file. does anyone know this bug? i tried many online apps like [URL] and also have seen that other people had the same problem : [URL]
Is there a way to create a form in which the user can upload a file (like a pdf) with the click of a button? I do not find any component capable of doing that. I presume this could be done with ActionScript.
I would like to be able to have a page where the owner of the site can upload a new image.so i can have an admin page, she can click 'upload photo', and it uploades the photo and updates my nav file (xml)Does anyone know of any source codes for this? i have a decent understanding of xml. the part i am unsure of is how to upload the photo, then append the xml file with the new photo name.i would like to use php for this.
I am using the file reference class (FILE UPLOAD) in an application for the web.
it seems to work eg. listeners and messages relaying back to the flash doc. however the actual file itself that i am uploading does not show up in the folder i am uploading to?
The php code and actionscript code is taken straight from F1 help in flash....so what gives?
i have a problem while i am trying to upload an xml file in flash.i have a simple xml on my desktop called text.xml and the code i have written in actionscript is this:[code]name_txt is the instance name.well i have just started using flash and i dont know MANY things.i get no errors but it dowsne upload too.
I dont know if there was a recent download of flash or something but the number stepper suddenly doesnt work?URL...on external banners page and on the digital copy page, they are both inactive!?
The title says it all. Anyone know how I would code a file/pic upload form in flash. I have seen examples that you can use php. However I have tried the php/java I designed for my dreamweaver sites. I think It's time I get with the real designers and us flash for my websites.
I'm trying to put together a news system which allows users to write a headline, a short article (300 words)then upload an image to with the piece.I can do the text part with LoadVariables ("uploader.php" , this, "POST" ) which just sends the vars to php and then on into an SQL table and I can do the upload image part with the code below (taken from a Kirups tutorial) - but I can't seem to do both in one go .I Don't care if the image goes to a blob in SQL or into the file system of the server - I just need the text posted to SQL and the image uploaded.
AS2 CODE: import flash.net.FileReference; var progressBar:MovieClip; var reference:FileReference = new FileReference();[code].....
I need to be able to have a user drag multiple images from the locate file system onto the flash/flex/html5 app which will then taker the file name details and contact the server.Upon server response then upload the file ( assuming server validation passed ).I know this can be done in Java but that is not an option.Please do not suggest the FileReference.browse function as the retouchers are to stupid(no joke here) to use this and it has to be drag and drop.This has to work with all current versions of the popular browsers( hrome,FireFox,IE,Safari)What it comes down to is I want to put an image up on the web page stating drop here and allow them to upload the file(s) by dropping on it.
I've been trying to build a simple flash uploader to upload files onto a server using the FileReference-class and simple PHP. Trying this on a localhost-server succeeded within two minutes, great!
However, now I am trying to do the same thing on the remote-server, but it keeps giving IO-errors. I have done the following: Put all permissions to 777, in the main folder and also the folder where the pictures are uploaded to Tried different remote servers
I want to be able to upload files to a mysql database via flash remoting and using php as the server side script. is this possible and how would you do it?
Since Flash 8 FileReference API was introduced, and file upload/download through Flash finally became possible. The API has one troubling limitation though, which is the 100mb limit for file transfer.
I'm developing a browser based file transfer utility, and I would have wanted to implement it with solely Flash. It has to have the ability to manage far larger files than 100mb. Does anyone know a way to overcome this limitation, or have another solution for file upload/download through Flash 8?
I created a simple flash mp3 player to play songs on my boyfriend's band's website.. It works fine when I test it locally on my computer, however, once I upload the .swf file to the server, it takes forever (5+ min) to load the songs. I am using AS2... here is the code I am using...
var dynamic_sound:Sound = new Sound(); dynamic_sound.onLoad = function() { dynamic_sound.start(0,1);[code].....
