Fixes a XSS issue in ExternalCalls.

sir-gawain · Buck Golemon · commit 1127712c89f3 · 2012-12-21T13:58:27.000-08:00
Bug: http://code.google.com/p/swfupload/issues/detail?id=376
diff --git a/core/Flash/SWFUpload.as b/core/Flash/SWFUpload.as
@@ -232,6 +232,7 @@ package {
 			
 			// Get the movie name
 			this.movieName = root.loaderInfo.parameters.movieName;
+			this.movieName = this.movieName.replace(/[^a-zA-Z0-9\_\.\-]/g, "");
 
 			// **Configure the callbacks**
 			// The JavaScript tracks all the instances of SWFUpload on a page.  We can access the instance
