Bug #8, Fix jQuery XSS vulnerability [iet:2675404]

* Upgrade from version 1.7.2 to 1.9.1 (synch with MediaElement.js)
IET-OU · Jan 5, 2015 · d172ff4 · d172ff4
1 parent 731260f
commit d172ff4
Show file tree

Hide file tree

Showing 3 changed files with 5,441 additions and 5,137 deletions.
diff --git a/README.md b/README.md
@@ -18,8 +18,13 @@ Built on Mediaelement, Flowplayer, CodeIgniter and oEmbed ([all included][credit
 
 ## Releases {#releases}
 
+### v1.1-26-g731260f
+Release: 5 Jan/ Live: 14 Jan 2015
+
+* Fix jQuery XSS vulnerability [Bug:8]
+
 ### v1.1-25-g535a7b7
-Release: 17 Dec/ Live: 17 Dec 2014 (or Jan 2015 - ?)
+Release: 17 Dec/ Live: 18 Dec 2014
 
 * Fix PHP notice/ warning [Bug:7]
 * Fix PHP `error_reporting()`/ `display_errors` use [Bug:7]

diff --git a/application/config/oup_constants.php b/application/config/oup_constants.php
@@ -82,10 +82,12 @@
 
 // Fallback: jQuery 1.7+ ('//' is deliberate - HTTPS/SSL support!)
 //WAS: 1.7.2 (1.9.1)
+// Fix jQuery XSS vulnerability (IT notify) [Bug: #8]
 define('OUP_JS_CDN_JQUERY_MIN',
-  '//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js');
+    '//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js' );
 define('OUP_JS_CDN_JQUERY',
-  '//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.js');
+    '//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.js' );
+
 
 
 // "Link to jQuery 1.7+ on a CDN - shared by jquery-oembed demos (and the Player depending on config[jslib])."