XSS security fix for SWFUPload v2.2.x

SWFUpload.as

// before
this.movieName = root.loaderInfo.parameters.movieName;

// after
this.movieName = root.loaderInfo.parameters.movieName.replace(/[^\w\.-]/g, '');