Quote Originally Posted by joshstrike View Post
My guess, looking at your code, is that IE is failing to pass the REQUEST variables you want.

I'm not saying this solution would work if you don't already know the address of the final php file or swf file in question. What it looks like you're doing is trying to use the 303 to perform a man-in-the-middle attack through an swf embed on a myspace page. This is not how the hack was designed to work. It's highly possible that client-side variables other than GET and POST would be lost in some browsers trying to pass data this way through a third party site like myspace. Either way, this was designed to strip HTTP_REFERER from the client when putting a widget on a third party site, not to use a 303 as a gateway in those sites to funnel whatever swf you want in... I think you're probably doing something malicious so I'll let you figure out the details for yourself.
Hi,

There's nothing malicious in what im doing, its just a question of centralize the download of any file of the webapp (internal) in a get_file manager. I have somefiles that are in the cachefly and other that are not. I have a develop server that has to read all the files locally and a production server that has to read some files in a cache fly.

The src of the files are keeped in a database and i just want to save in db the relative path not the cachefly path netheir the local path. That is managed by the get_file.

What i've sended its just a test. The 303 was in a desesperate way to make the things work.

It happens the same if i take off the 303 and left only the:

header("Location: $url_with_args");

Im seeing in the appache and in fact the apache receives a request first for the php get_file and then for the swf with the args.

It happens when i call the script from the firefox or from the internet explorer.

The thing is that firefox loads the swf and receive the args.

Internet explorer loads the swf but widthout args.

Any idea?

Thanks