It has recently come to my attention that there are some hard coded references to /CFIDE/scripts/ in some of the JS files that are used by the new (in CF9) tags CFFileUpload and CFMediaPlayer. The tags will work just fine if you are serving scripts from /CFIDE/scripts but if you have changed the location of /CFIDE/scripts/ for security reasons - then you will experience some errors when trying to use these tags.
Bug #83328 was logged for this issue in June 2010 in the ColdFusion Bug Tracker, please vote it up.
The workaround for CFFileUpload on ColdFusion 9.0.1 is pretty simple, I would imagine that the workaround for CFMediaPlayer is just as easy.
Edit the file /CFIDE/scripts/ajax/package/cffileupload_swf.js, and change the following lines:
$FS.defaultSWFLocation="/CFIDE/scripts/ajax/resources/cf/assets/MultiFileUpload.swf"; var defaultAddIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/addfile.png"; var defaultUploadIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/upload.png"; var defaultClearIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/clear.gif"; var defaultDeleteIcon="/CFIDE/scripts/ajax/resources/cf/images/fileupload/delete.png";
To this:
$FS.defaultSWFLocation=_cf_ajaxscriptsrc+"/resources/cf/assets/MultiFileUpload.swf"; var defaultAddIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/addfile.png"; var defaultUploadIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/upload.png"; var defaultClearIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/clear.gif"; var defaultDeleteIcon=_cf_ajaxscriptsrc+"/resources/cf/images/fileupload/delete.png";
The JavaScript variable _cf_ajaxscriptsrc was defined on the page before the script tag loads cffileupload_swf.js and it contains whatever value you have setup in the ColdFusion Administrator for the Default ScriptSrc path with ajax appended to the end.