SecurityError: Error #2028: * Security Sandbox Violation *

Report · Mar 25, 2011

i have this error :

Fonts should be embedded for any text that may be edited at runtime, other than text with the "Use Device Fonts" setting. Use the Text > Font Embedding command to embed fonts.
Attempting to launch and connect to Player using URL D:\iagora\novoguest\gbook_v5.swf
[SWF] D:\iagora\novoguest\gbook_v5.swf - 99599 bytes after decompression
*** Security Sandbox Violation ***
Connection to http://127.0.0.1/novo_guest/inputGBook.php halted - not permitted from file:///D|/iagora/novoguest/gbook%5Fv5.swf
-- Untrusted local SWFs may not contact the Internet.
SecurityError: Error #2028: O arquivo SWF Local-with-filesystem file:///D|/iagora/novoguest/gbook%5Fv5.swf não pode acessar o URL http://127.0.0.1/novo_guest/inputGBook.php.
at flash.net::URLStream/load()
at flash.net::URLLoader/load()
at gbook_v5_fla::Gbook_1/checkForm()[gbook_v5_fla.Gbook_1::frame1:50]
at gbook_v5_fla::Gbook_1/clickHandler()[gbook_v5_fla.Gbook_1::frame1:5]
Cannot display source code at this location.

this is my code :

stop();

gb_btn.addEventListener(MouseEvent.CLICK, openHandler);
function clickHandler(event:MouseEvent):void {
checkForm();
}
function openHandler(event:MouseEvent):void {
if (currentLabel=="closed") {
nextFrame();
} else if (currentLabel=="open") {
prevFrame();
}
}
function checkForm():Boolean {
// ensure that the username_ti field isn't blank.
if (alias.text.length == 0) {
// if the username_ti field is empty, display an error message in the status_lbl Label instance.
aviso.htmlText = "Insira um Nome.";
// exit the checkForm function.
return false;
}
// if the password_ti TextInput instance is blank,
// display an error message in the status_lbl Label instance and exit the checkForm function.
if (mail.text.length == 0) {
aviso.htmlText = "Insira um email válido.";
return false;
}
if (titulo.text.length == 0) {
aviso.htmlText = "Insira um titulo.";
return false;
}
if (mensagem.text.length == 0) {
aviso.htmlText = "insira uma mensagem.";
return false;
}
var gbookVars:URLVariables = new URLVariables();
gbookVars.alias = alias.text;
gbookVars.titulo = titulo.text;
gbookVars.mail = mail.text;
gbookVars.mensagem = mensagem.text;

var gbookRequest:URLRequest = new URLRequest();
gbookRequest.method = URLRequestMethod.POST;
gbookRequest.data = gbookVars;
gbookRequest.url = "http://127.0.0.1/novo_guest/inputGBook.php";

var gbookLoader:URLLoader = new URLLoader();
gbookLoader.dataFormat = URLLoaderDataFormat.VARIABLES;
gbookLoader.addEventListener(Event.COMPLETE, gbCompleteHandler);
gbookLoader.load(gbookRequest);

return true;
}

this is my php file

<?php include_once("../admin/includes/db_access.php"); ?>
<?php
include("../admin/includes/funcs.inc.php");

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
}
return $theValue;
}
}

if ($_POST) {

echo 'valid=1';

insertSQL ="INSERT INTO recolha_gbook (datime, `alias`, titulo, mensagem, mail, del, modif, datem, sys, agent, ip, valido) VALUES (date("Y-m-d H:i:s"),$_POST['alias'],$_POST['titulo'],$_POST['mensagem'],$_POST['mail'],0,1,date("Y-m-d H:i:s"),GetOs(getenv('HTTP_USER_AGENT')),GetBrowser(getenv('HTTP_USER_AGENT')),getenv('REMOTE_ADDR'),0)",

mysql_select_db($database_adcms, $adcms);
$Result1 = mysql_query($insertSQL, $adcms) or die("valid=0");

echo "valid=1";
}else{
echo "valid=0";
}
?>

Report · Mar 25, 2011

you need cross-domain permissions to load that php or use a local php file to call it or use a relative path if that's not a cross-domain file.

Report · Mar 26, 2011

i just create a crossdomain.xml

copied it to the directory where is the flash project

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-domain-policy>

made it readable, but its not working

thanks

Pedro

Report · Mar 26, 2011

you need to instruct flash to load that file:

Security.loadPolicyFile("http://www.whatever.com/crossdomain.xml");

Report · Mar 26, 2011

still not working

Attempting to launch and connect to Player using URL D:\iagora\novoguest\gbook_v5.swf
[SWF] D:\iagora\novoguest\gbook_v5.swf - 99717 bytes after decompression
*** Security Sandbox Violation ***
Connection to http://localhost/novo_guest/crossdomain.xml halted - not permitted from file:///D|/iagora/novoguest/gbook%5Fv5.swf
-- Untrusted local SWFs may not contact the Internet.

thanks

Pedro

Report · Mar 26, 2011

if you're testing local, give your local file permission:

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04a.html

Adobe Community

SecurityError: Error #2028: *** Security Sandbox Violation ***

SecurityError: Error #2028: * Security Sandbox Violation *