Wednesday, April 15, 2009

Flash 10 Security issue Filereference workaround Example

Upload and download require user interaction
In Flash Player 9, ActionScript could perform uploads and downloads at any time. With Flash Player 10, the FileReference.browse and FileReference.download operations may be initiated only through ActionScript that originates from user interaction. This includes actions such as clicking the mouse or pressing the keyboard.
What is impacted?
This change can potentially affect any SWF file that makes use of Filereference.browse or FileReference.download. This change affects SWF files of all versions played in Flash Player 10 beta and later. This change affects all non-app content in Adobe AIR (however, AIR app content itself is unaffected).
What do I need to do?
Any existing content that invokes a browse dialog box using Filereference.browse or FileReference.download outside of an event triggered by user interaction will need to be updated. The dialog box will now have to be invoked through a button, keyboard shortcut, or some other event initiated by the user.

Solution


try{
var urlReq:URLRequest = new URLRequest("http://www.myUrl.com/file");
fileReference.download(urlReq);
}
catch(error:Error)
{
Flash10Workround();
}

WorkAround Method :

var popup:Somepopupcustomobject;
private function Flash10Workround():void
{
popup= new Somepopupcustomobject();
PopUpManager.addPopUp(popup,this,true);
PopUpManager.centerPopUp(popup);
popup.LABEL="File is Ready to Exported, Please Click Ok to continue";
popup.submitSub.addEventListener(MouseEvent.CLICK, closePopUp);
}
private function closePopUp(e:MouseEvent):void
{
var urlReq:URLRequest = new URLRequest("Ur Link here");
fileReference.download(urlReq);
PopUpManager.removePopUp(Object218PopUp);
}