// SoundManager 2 home page: // https://www.schillmania.com/projects/soundmanager2/ /** * * 2023 hotlinking PSA: If you're seeing the below console warning, read on. * ------------------------------------------------------------------------- * * tl;dr: It's OK to see this in development; not good to see in production. * * Hello. I'm the developer behind SoundManager 2, a sound and music API. * This file is part of the development version of SM2, and someone may * be including it accidentally on your site. * * Historically, developers download copies of my project to build sites. * * If you are viewing a copy of the SM2 homepage on your own site or dev * environment, that is totally OK. The SM2 homepage "calls home" to check * for new releases, and compares "my" version to what you have downloaded. * * If you don't know what SoundManager 2 is but you use a CMS or plug-ins, * and you're seeing this on a live / production site, you should fix this. * The risk is XSS, as you are loading the code you're reading from my site. * * To be clear: I did not inject this code into your site, but someone * has used code from my SoundManager 2 project intended for developers. * * A third party plugin of yours may be involved, but the fix is a one-liner. * Technical details are below! * -------------------------------------------------------------------------- * */ // if loading from an IP, let's assume you're a developer and it's all good. if (!document.domain.match(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/) && window.console && console.log) { // beyond this point - check to see if you're hitting this file remotely. // the SM2 homepage code (which people shouldn't use) defines the function // `window.setFilter()`, so we check for that here and warn if it's found. if (!window.location.href.match(/schillmania/i) && window.setFilter) { console.warn('SoundManager 2 warning: You may be at risk of XSS by remote-loading script from schillmania.com. See this file for details.'); } } /** * * A number of random sites are loading up this script, because someone used * index-rollup.js from the SoundManager 2 home page in a wallpaper carousel * plugin for Joomla or something. mod_jux_background_slider, I think. * * index-rollup.js was made for the SM2 home page, and was not intended to be * used in production by others. Notwithstanding, I didn't think of this back * in 2007 - so, here we are. * * This file loads from the SM2 homepage and was originally intended as a * "software update" feature, so that developers who downloaded their own * copy of the SM2 home page and demos would know when a new version was out. * * window.setFilter() is defined in the SM2 demo script. If a remote site * hits this endpoint and window.location.href isn't schillmania.com etc., * I now check for this function and try to warn developers accordingly. * * Thusly... * If you're here and reading this, you may have an index-rollup "version" * of SoundManager 2 stuff on your site - and I recommend fixing it. * * It's unlikely that many sites calling this are in active development, * but I'm putting this message out knowing that someone will see it. ;) * * If you can find and edit your copy of `index-rollup.js`, you can fix this * warning and reduce traffic to my site. * * Look for a call to the "update" endpoint on my site like this, with the URL * including schillmania.com/services/... - you can remove or comment it out. * * You may need to search for `loadScript()`, as the comments are likely * removed because of minification. * * You could also find the `loadScript()` function and comment out its body. * * function getLiveData() { * // Attempt to fetch data from schillmania.com: "Get Satisfaction" topics, version updates etc. * loadScript('http://www.schillmania.com/services/soundmanager2/info/?version=' + soundManager.versionNumber + '&rnd=' + parseInt(Math.random() * 1048576, 10)); * } * * That "services" endpoint is the code you are now reading. * * You may also have noticed an error mentioning reinvigorate.net in your * console, that is an old stats service that my index-rollup.js code called. * You can remove that, too; it should be in a similar `loadScript()` call. * * For pointers or technical assistance on this, feel free to email me - * idliketowork at yahoo.com - yes, really. ;) Or, @schill on twitter. * * Thanks. * - Scott - May 5th, 2023 * */ var publishedVersion = 'V2.97a.20170601'; function checkVersion() { try { if ((typeof soundManager != 'undefined' && soundManager && soundManager.versionNumber && soundManager.versionNumber != publishedVersion) && soundManager.version && !soundManager.version.match(/dev/i) && !document.domain.match(/schillmania.com/) || window.location.toString().match(/versiontest=1/i)) { var oNode = document.createElement('div'); oNode.className = 'newer'; oNode.innerHTML = '

Newer version available!

Version '+publishedVersion.substr(1)+' is available.

' + (soundManager.versionNumber === 'V2.97a.20110705'?'

Warning: Your current version has a buggy SWF build which sometimes fails to load on Windows. Upgrade to get a fixed build.

':''); if (document.getElementById('col2')) { document.getElementById('col2').insertBefore(oNode,document.getElementById('get-satisfaction')); } else { document.getElementById('col3').insertBefore(oNode,document.getElementById('col3').childNodes[0]); } } } catch(e) { // oh well. } } setTimeout(checkVersion, 1000);