Flash 10 Breaks File Uploads?

I've been looking at muliple file uploads in Rails lately. The state of internet apps is getting to the point where it's a required feature for photo sharing apps.

Enter SWFUpload, an open source uploader that relies on Adobe's Flash and javascript. It's pretty cool, can be integrated with rails 2.1, not too much trouble, and doesn't wreck your user interface. It requires flash 8 or 9, but more than 98% of users meet that requirement these days. Even better, it's a widely-distributed library whose users include the folks at WordPress.

So all was right with the world as I set in to work up a slick new multi-file upload scheme with SWFUpload. Until I found out about Adobe's Flash Player 10:

It turns out that Adobe has fixed a security hole in Flash 10, which is currently in beta. Closing that security hole prevents SWFUpload from working at all, and basically puts the entire SWFUpload project's future in doubt.

The issue was raised on the Adobe Flash 10 forums and answered by the moderator:

Ok talked to our engineer on that feature. This new behavior is as designed for FP 10. Throwing error 2176 prevents a security vulnerability that could allow dialogs to be displayed without an explicit action by the user. WordPress will need to alter their code so that they do not indirectly call FileReference.browse to display the file dialog. (emphasis mine)

Pretty bold (even arrogant) statement, I thought, so I head over to the WordPress support forums, where the moderator had this to say:

Short version: Don't use Flash Player 10.

Long version: WordPress is not going to fix this. The flash in question is the SWFUpload library, so if it gets changed, then WordPress will likely upgrade. However, from what I'm reading over there, this is not fixable. Adobe crippled Flash 10 and made this sort of thing basically impossible. There's some back and forth trying to get Adobe to revert their broken changes, but unless that happens, it seems unlikely that Flash 10 will be able to do any sort of file uploading of any kind.

Note that flickr, yahoo, and all other flash-based uploaders will all be broken by this change in Flash 10. At the moment, everybody is recommending to NOT upgrade Flash any further than version 9. If you've installed the 10 beta, downgrade it.

If Flash 10 does not revert this change, then this will essentially end the SWFUpload project, and WordPress will likely look for some other project to use instead. Probably a Java based multi-file uploader, since Flash is proving itself to be unreliable in Adobe's hands. (again, emphasis mine)

Now, I'm no Flash expert by any measure, and I don't know if this is fixable. It doesn't look good. It also makes me very uneasy about using a product (Flash) that can't be managed any better than this. I don't think it's realistic to assume Flash 10 won't be adopted with tremendous speed by the masses. Saying, "Don't use Flash 10" is like saying, "Don't drive." If that's going to break sites like WordPress and Flickr, I'd think Adobe wouldn't be so dismissive.

In any case, I'm still on the prowl for a slick, easy to implement multi-file uploader for Rails. Some clarity regarding the future of Flash uploads would also be nice.