Bug 18469: QA Follow-up

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / members / member-password.tt

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt
index 4cb04ef..2c28996 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt
@@ -1,16 +1,26 @@
+[% USE Branches %]
 [% INCLUDE 'doc-head-open.inc' %]
 <title>Koha &rsaquo; Patrons &rsaquo; [% IF ( newpassword ) %]Password updated [% ELSE %]Update password for [% surname %], [% firstname %][% END %]</title>
 [% INCLUDE 'doc-head-close.inc' %]
 <script type="text/JavaScript">
 //<![CDATA[
+
+    function check_password( password ) {
+        if ( password.match(/^\s/) || password.match(/\s$/)) {
+            return false;
+        }
+        return true;
+    }
+
     $(document).ready(function() {
+        var MSG_PASSWORD_CONTAINS_TRAILING_SPACES = _("Password contains leading and/or trailing spaces.");
         $("#changepasswordf").submit(function(){
             if($("input[name='newpassword']").val() != $("input[name='newpassword2']").val()){
                 alert(_("Passwords do not match"));
                 return false;
             } else {
-                if ($("input[name='newpassword']").val().match(/^\s/) || $("input[name='newpassword']").val().match(/\s$/)) {
-                  alert(_("Password contains leading and/or trailing spaces."));
+                if ( ! check_password( $("input[name='newpassword']").val() ) ) {
+                  alert(MSG_PASSWORD_CONTAINS_TRAILING_SPACES);
                   return false;
               } else {
                 return true;
@@ -105,7 +115,11 @@
        </li>
        </ol>
 </fieldset>
-       <fieldset class="action"><input type="submit" value="Save" /> <a class="cancel" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]">Cancel</a></fieldset>
+    <fieldset class="action">
+        <input type="hidden" name="csrf_token" value="[% csrf_token %]" />
+        <input type="submit" value="Save" />
+        <a class="cancel" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]">Cancel</a>
+    </fieldset>
 </form>[% END %]
 
 </div>