Archive for May, 2008
LoaderInfo Vulnerability Fixed?
Похоже, нас услышали.
В Flash 10 AS3 API обнаружилось изменение описания метода getLoaderInfoByDefinition класса LoaderInfo. Было:
getLoaderInfoByDefinition () method
public static function getLoaderInfoByDefinition(object:Object):LoaderInfo
Returns the LoaderInfo object associated with a SWF file defined as an object.
Player Version: Flash Player 9 Update 3.
Parameters object:Object — The object for which you want to get an associated LoaderInfo object.
Returns LoaderInfo — The associated LoaderInfo object. Returns null when called in non-debugger builds (or when debugging is not enabled) or if the referenced object does not have an associated LoaderInfo object (such as some objects used by the AIR runtime).
Throws SecurityError — The caller is not running in the local trusted sandbox.
Стало:
???????? ????? ????????getLoaderInfoByDefinition () method
public static function getLoaderInfoByDefinition(object:Object):LoaderInfoLanguage Version : ActionScript 3.0
Player Version : Flash Player 9.0.115.0Returns the LoaderInfo object associated with a SWF file defined as an object.
Parameters
object:Object — A SWF file object.Returns
LoaderInfo — The associated LoaderInfo object.
Т.е. теперь возвращается LoaderInfo того swf, который создал объект, переданный в аргументе метода. Таким образом, описанной мной дыры теперь нет.
Проверить это сейчас у меня нет возможности, позже выясню этот вопрос.
4 comments
