Wrap all Flowplayer SWF files with a preamble that strips query param…

…eters. Fixes #2070.
gallery · May 17, 2013 · 3e5bba2 · 3e5bba2
1 parent ed46a86
commit 3e5bba2
Show file tree

Hide file tree

Showing 9 changed files with 124 additions and 3 deletions.
diff --git a/lib/flowplayer.controls.swf b/lib/flowplayer.controls.swf
diff --git a/lib/flowplayer.controls.swf.php b/lib/flowplayer.controls.swf.php
diff --git a/lib/flowplayer.pseudostreaming-byterange.swf b/lib/flowplayer.pseudostreaming-byterange.swf
diff --git a/lib/flowplayer.pseudostreaming-byterange.swf.php b/lib/flowplayer.pseudostreaming-byterange.swf.php
diff --git a/lib/flowplayer.pseudostreaming.swf b/lib/flowplayer.pseudostreaming.swf
diff --git a/lib/flowplayer.pseudostreaming.swf.php b/lib/flowplayer.pseudostreaming.swf.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2013 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+// Redirect to strip off any query parameters
+if (!empty($_GET)) {
+  header("Location: flowplayer.pseudostreaming.swf.php");
+  exit;
+}
+
+// This is a legitimate request.  Serve it, but disallow caching.
+header("Content-Type: application/x-shockwave-flash");
+header("Cache-Control: no-cache, no-store, must-revalidate");
+print base64_decode("Q1dTCzYgAAB42pVZ+18b15W/R9LM1RshsMBg8MjGYLAMAjtOjAEbAzLG2HJtnLhpCBpJM0ix0MiaEZikadw0adr0lfSRvlvc9J027W73/Wr3/ehuV4LPNvvr7k/7+ewP+wfsD9lz7ki8kjaf1Yeruffcc849j+85d2TfY67/ZCz4XcYOA5tuXmeMPdfyS2BsrJzVR29MJ5R7K4WiOYqr8b6cZZVGh4bW1tYG104NGuXloeGzZ88OxUeGRkZOIsdJc71oqfdOFs2jfRNCwbRmZsr5kpU3igqt1bRRscb7+upas5ltpaVKuSBUZjNDWkFb0YqWOTQ8OIyKsplR3SivqNaEWioV8hmV1A3dO2nmjMydNXVVO6kXVDM3NrTDSDJW3ipoE5NZI60piYJ2TzmtTO7IC26bhZizO4ZO7HJTJenBjLEyVCob2UoGbdJRlRDeLUIqSpV0IW/mtPJEpXinaKzZR+xQiSdT1lTL2MvRoNF+QS0uV9RlbWLmmtjbXgsbVUubSGhpZXgkpozEh0/ZZhB1bGhftOsUTOAEmw79l3OMTTnefvvtx71OzLCMwyXNXWXikxj571+NYcb/x4vhX9ILxlqpoK5r5aWSqVWyhmmhfSv54vLSdbG+2Vizn7f+rIsxlGR6WV3RhlmIDTIHY45nWt+89B9Pv3D+X4HJyfRTWsZyrRr5bCvqH9zRP7hiZLWC73qhspwvXqV5yz6G1by25k1sr2U8Gs91TRXyJQ99zawiSjwi+YNFzfJc0yzbOn7RMAqaWpSvVVbSWtlvs2jEbgYFl2pVTCEewOWUUSyikRi27n0W7AtB67Smq5WCdVPT7kyrlnoT86ZJk+Wyut60LzoB+8xs3iRV8s1SOW9pg79d/eh+HXZsEmoGz1n3FLU1m9C6m+962VjNZ7XywX26M0bRKhuFglY+sh2XqToNde8VPvX/MKwhI9vG+JfSFV3XyhjTssWX8Fg9vyxPiceBJT1f0B7LW7kr2roAyeWibhxYMrXyKkpgFC8XUd1yWTPN4JJJGkRojaImLwl4IHV3rP1LmUq5jGmj9PMl21q3UbSPk43ivKFmvcua2L9VLshZgyievHlNW0ugLUigE+hhGaUgPtbyViZnexYyxSJZvKpZKp3p2+Wax57PFLMR0m+bcR0NyGlqdiG/ojWpBQzgDbWYNVboDG/evFy8KIS8Ow77UfjiuqUh37LWjA1NK2bfV9HK6za4vcb24f6SWjG1BSNBcWsRXULbA7xQRi1OI75UtPmihqnwGcVtcIfwnDpa7eC4rPWS1mSr2QbEe+X93fDuLBjL+yu1YuULznljObh0R1sXBlNEzMj2kmJ/3TDzVGRmYKlU1lZJKXG58sW8dUi7Z5UR51fejb9136bQHcDGp06uqvmCmi5o7ejurjCKjD2qFipa012iXldRTqwlxJpmhfP1zAgj1DJKt2TemdJj7xEeO7L+pbs7JzedFzAe73lGPJ8NLpUp0zc05DEt07tUMvAKWr91Y963S8qzTQ3sYXfnzcT14fjScCgx/+ieLAy9h2n7+UP7Ymg2z46cOb2HJf4eKt8hINtoahKNtIFErRyYtpue3fqbLxctjU7Or2o2JbJnn3qSmi9q5SB2gpJWttYv5ovYXpR3uy1Gd90Wst1qghmjtF4XzWvm2G9sg6Pv3QbddgM53o+Y1I1gtu5SUlB9+BpQKmiWhn3FbfeV4/1SVktXln117BBmnBWxTYFCPRnsQ5JAgjtbKYs3j27qaHi0ki+aeKhi95WYYgkYKm7F1NDorOkiPq+JhVAUBdg5hVcagUUhpQr2GcXEHlYiSmhvI8ODLTSlx6YRg51FBdc5pW6sQiyjilwppjHg3ft73/H+mFJsREzxbE9l205fGpuYSUHQsl4xXzAstdDa8DJRNlZIFVWp66pq5Zxq2pTKRqWYPXfNUO7U7wOF9hW1UcYxBXuaYhQL6wp53wiRlWuEyb/TSY/3919VRSBFyShlu2YUy1BspphSMfNFBYtKcREa2rKGCIXYFPqRo1xQut/Rhcl3kTRlfFyB89H6G+HO2+DkzVNDI/H4maF0JV+w8kUJAZ233I2i52UND8xoHvRW0xHcWegNiXKnRIjcm0pHWctoWBRZZaUecgXfXkVyAyLDdHcS4zG8+MUCo0MFR/JE2o6hScUY2H4jWsBGL91cmLyx0CSukEndqt9h7gai+xoYpGDRTkwhVqKoxG0TR5Ve8dSyo9vbKFAyTCWOqdmBx4Fd6myTntbKhiROl65P3ro5I61UUI274Wlg1001qrgyWM8Htstz0G7Ng4lKoSALHVnXzZmZK15zu1l7zAaym24+dnlhanZpKnn1+vzMwkyg4aIIRbRufwyRXygIJ7S9HnbsHEugGrxcXFULedH9+207bCTqiFDSg5eHZaMIiVRB5DPPol/5ginj5VLBy3pHJ90mg/Sq4bt4K5GYubGUuDU/L9ud9fR79NvG7dto2aLnnqj3cbJhGwBkhyk6AsGk1Lg3RcBKCHrL7Bb+12V3BFfqFdqulcuIveW6c419U+H4ZeIPEEkwSDM3biRvSDM0B03GzrRs5SR0wSg7V9R79fdsc920tBX/lFpS03ksC+zKHCvORJNAcVuGXWMQc6JhgT0GS8KRCwL9WQOPLxqWksNfeO+0WHQK2qaM7oucZ9v+R3a1GpMga+WwoOxaKos3NaUB3bo6/LGYxdfP3ghEXBE54os0RcKRSHt75FB7t8TapyIzEmsLt9/E+SKOlHu5/Sn3KyCxju6Opzoc+JyK/DUtkaMDOfA75QaH1yeDt6mt/WBHJ8ieIBySm9r8XZ2eZmg7LDeFlE5vC0SRFj7S1ek9Cj04bT3W1flj4ODg4OQOiTs5Bzd3eLjDy11+DgEOQS6FuKuZyy0cWrl8gPM2z0EU6eByJ/d0eQ4D9yncF+XyEe47yn093HeM+3q5r4/7jnNfP4cBDie4N8a9J7lvkHuHuDfOvcPcN8LhFIfT3PsQhzPc9zD3PcJ9Z7lvlHvPce8Y941z7wT3nudwgcMk917k/mkeSHD/Je6f5cHLPDjH/Ve4f543neFNVzlc4/4kh+sc3sfhBm9e4M2P8ubHONzm8H4Oj3P4AJef4OErPDzPW57k4SSXl3jrPG9FKZVLac4znGc513hA5wdyHPI8Ms2hwA+scChyKHG4yyMnOZR5xOJQ4bDKYZ1HnuaROIdnOTzH4RyPDHP4MAboeRwfwfECjhdxfBTHSzg+huOTwNtehU4Hb/scrj4P3PEVfH4VeORr+Pw6jgc4voXjdRzfBs93MUWR7+P8Bzh+iHxv4PNH+PwxeH6H0ve7uP498HQ6PX8ELg5/iss/w/HnOP4Cx8+BN1m86ds4/QV0IsNf4uyvwNPi5N1/g9O/hU7J8/cgeV4FicM/guefEEK/xPEvIHfKnidILcd8/wK4Z8mZYI0PsJ2pw0lfLvyS8Ne/08Hd+ABPfe61Hx7mBq/XRZuAU78fjUdhrz3A68aJh8QEv9tL/D4fiuBvfkkiFsHvoIlc53X46pZI+HD72Z6PI4AHMYcDvx0QxKn4IjkaTi9+mNsBZDsdIjSL07xiuftD6rH6dibg8Oyo2v3ZOQgA6gp/g1abaw8Vi9XjhmaAMNrc0urxwoHuIxEKUBtj7ewgGdBBZ3bS1yH0gnUxFmDd9M8uhxlzMSXKpGiUyUeijB+NMncPMM+xKPP2RpmvL8r8x4EF+o+w4MAR1nQiykKxI6z5JLDwILCWIWCtcWAHhqMsMhJlbaeAtZ+OsoMPRVnHGWCdDx9hhx6Jsq4AePwsFjzL2Cg7x1iQjdHXOJoJzglgR84DO3oBWM8ksGMXHax3CljfNLDjM8D6E8AGLgE70Q6eEDvjnUWPbsFl8maOnLviYENXnCw+72DD8042ctXJTl11sNPXgD2UDHjC7Lx8PcrOvi/KRm8AO3czysYSUTZ+KcomFgKeVjbtuBVlFx+NsikRDHis2RkdZI+wSSY7ockF7DC0uBichICLOR6Gdhc4L0DSxVwzsOBiUgKz5vY4q/FLIn8er1yNVy8zXDlo5a7GF1vmWtgsIRQ5j1bjGktBPHU7nnp/PPV4PPWBeCqEf7dZl/jkmlDUBeCSbJ2SyyHJ3aizljtUXXxisX2unSlzTzhq+mLiSUi1v5RrQy7ZgVyt1XhqKXYnmYKqfiipMhQ5jHvcWdegt+lXw1gzNT39YggxVMVJD0vEHS+idW6XS5InhQYjmYHqlp7NRap9uc6qkjtY1bteG2jGWuqvbiV6YJW0VBcDcwGW68K95Azq2ty6pjnxOA+Z4qvGa7pe1Q++8Rrq9jolSX5C6DZRd2pZz21tVAYyLpzlm0jXZtqVHHRcqqZdiZMQRoAi61ratRG7t4ECm3gG7iQg+RSEmtGBMNbtk3f6cncagoz5yP4D6KWS60bhZ8gHsqlANvklNOCcMOCDuLGVWlGzdQ+3BPuHcEEnbVX14WSRHseThlCQdl0ruVBFgPJwXqi4D6m7G8IP4jbE8zhKVXsxWotyTS8nZEiegmrqbmOlZ3uTg2RJ0AF2opabsYv0sNmqHqF4PMAwIdgk+QTu3a3v7WLqT93VTRzW6xQzXD/41gaKhJxOSb61R11XTV8hjYlLjsqviRlH5Y3XBsJNmL7UKlE2HyTWoAfeDGNGU6ubiXswu9nDfkzLHlYJYVfbrKBybCqSHCbgdDUjrY+UJyYJymGC1Dmxo19s9op0fRwwJL2zNsrq7P014dubA2HsuvVFVR94E1W0uDAlBRHPl0lyK+wiHGBGhIIo6ryDLY1dQoZPEGTSFHJSkSY4JNedl9DmVmzrdQCKHQIzwmop9ilA9BAGenMdNcTIOmDwWwmaXmF2LTEFaMUBAoYmrPg0bAqsoVK0vjZbi30GEk/D/eBbWz1Mf4bMuhL7LJZW1ybKJj7o2NjqAf2Z1LMHg4zFvgBitfF8CPMQg+c3bDNeq5uRduFhEYLQK0DndzZc+yI0ILKBdYuEL5GvujAd6Sn5Jay38PtFhL8MVNq7AJZaTn1Ify51H5IfBgcyfANwvlGvsB4WxIwjBmlB6Au1oJb7QLWDvN+koFeTI9Sp2pyY6AkRhQ0iLz4PixxVfwTmOCSfB3jyTm/uDumhHpC628OwEKv64T71BXjyPvTl7lN028m9CHqXCtRq+ouQeMyB3QHbQO4g7h4kMEWE7wQmAkqHDZNeDE0HAep/QZjwHajpKf2jIiD2LPY9aH2BEt0RXsAHlVlfriP1EqwONLsI1XdeC2MSRDg+BqmPi3hU9Zch3E59ilz5hHDlkwDVPvVlCAWQ+yUIy+QNOkgBeXM7eBijMJ3WSah98mX072URKezRrG7QT6C1R4Txp8LET9mCd+05Bge1fhpYqG9b4GfQ2mF70LLLAzL4M2Qtxa+TIuSqxhWMxyGa400S+31CaRe+QDR2uus79h1zGO8UF7aTxVeALpVW/LsNeIm04J4C4HTZl0jUKTldWK+Lo7E/gLlRuD/61lbsDynVm/qrQG4uLswtsPuBEOZ3MTmXxOn9ADbo2mZywiHAewR7uNesxh8beCuuQW0FNNhccWhQcDQTlKv62dgfC0hViZa4ALlz9el5yI2FzqDX8a344wyVDsRPrEDqbOxPQHMUQP8sBu9zgPoKgOH4fINIOexyuy7BkUfGvgCvgeOLwEBmX6JXM3YU3x2lekR6ds2POfDibCeUnVOo53npytLP6V+GHvYT3O+lfU9jHwl9LtklPVeNH89IW80eyhAxf67y1ubWG/aNt7X5oAfeCIdwDzc39a9Abry6mZiG2dTq1uZGj+P1xFcBKhkX7qZduF1rIj01vJkSU85ZvECEfL23UpeGSiUjVbErpaWNLeJh7LgDfRCdaayGKpDST5bi20O1h+XGMYUDTuQIYYGs1qr6+AO8t78GDuQ74XAKydomdtZxuhNiTpRsQsnF0SrmOnfWhspJhIoTFSx+XUAFbju6cgGkD+7AZIheOwhb+izqiZNNXLx5zOLm8PbmHG6O7GzO4eapneVlXJ4m4+nmSFxjqwNhSWTh8irKPURurKEb3wD9mxD7O2qx2Dg3IPEAWOwfIPEtwJb7b4uvQw27LpJfB+jxBkXH2Ef0i+4hiNAgwi7OHaJ/u8+caTghQvIwhaSp8UYGt51duXYkP7Lz9nXWgfdrF5p7NnZFtOTEDbgPv96kFqbMburfplSNokvyiGCafzem74hLhNCFHP8MBPatVPAllDxH6jvoXem7toRX8PyKGj1KIscYXVl+1I24+B6kvCQ1Xm8HNZxPkAZZpB9X5/c0hwuN5vB9kfEA/t12YXNI4t7kjo8XJTR/DNmCc0F2P/hrhOlbIfyh4NncWvTW9B/Alv5DiD2LXwkvqD+ErVcrb20RXX8DWv/97bfJzKmGmedqyDcEhMPpPcbMNIz50Y4xEhqzQOhpoV9Zv/1fnwb3/2/vBRT5P1lVAfE=");
diff --git a/lib/flowplayer.swf b/lib/flowplayer.swf
diff --git a/lib/flowplayer.swf.php b/lib/flowplayer.swf.php
diff --git a/modules/gallery/views/movieplayer.html.php b/modules/gallery/views/movieplayer.html.php
@@ -20,19 +20,20 @@ function set_movie_size(width, height) {
   // setup flowplayer
   flowplayer(id,
     $.extend(true, {
-      "src": "<?= url::abs_file("lib/flowplayer.swf") ?>",
+      "src": "<?= url::abs_file("lib/flowplayer.swf.php") ?>",
       "wmode": "transparent",
       "provider": "pseudostreaming"
     }, <?= json_encode($fp_params) ?>),
     $.extend(true, {
       "plugins": {
         "pseudostreaming": {
-          "url": "<?= url::abs_file("lib/flowplayer.pseudostreaming-byterange.swf") ?>"
+          "url": "<?= url::abs_file("lib/flowplayer.pseudostreaming-byterange.swf.php") ?>"
         },
         "controls": {
           "autoHide": "always",
           "hideDelay": 2000,
-          "height": 24
+          "height": 24,
+          "url": "<?= url::abs_file("lib/flowplayer.controls.swf.php") ?>"
         }
       },
       "clip": {